`

Security with HTTPS and SSL

 
阅读更多

现在google play对https有比较严格的审核,所以不能用httpclient来跳过https验证

 

参考文章:

1.https://developer.android.com/training/articles/security-ssl.html#HttpsExample

2.http://www.codeproject.com/Articles/826045/Android-security-Implementation-of-Self-signed-SSL

 

public class HttpsRequestUtil {
	/**
	 * @param url
	 * @return result
	 */
	
	
	private static final int SET_CONNECTION_TIMEOUT = 15 * 1000;  
	private static final int SET_READ_TIMEOUT = 15 * 1000;  
        private static final int SET_SOCKET_TIMEOUT = 15 * 1000; 
    
  
	 
	 public static String doHttpsRequest(String requestURL, Context mContext,String cerFile ){
		 MyLogCat.d(Constants.TAG,"doHttpsRequest requestURL = " + requestURL);
		 String resutl = null;
		 CertificateFactory cf;
		try {
			cf = CertificateFactory.getInstance("X.509");
			AssetManager am = mContext.getAssets();
			
			InputStream caInput = new BufferedInputStream(am.open(cerFile));
			Certificate ca;
			try {
			    ca = cf.generateCertificate(caInput);
			   // System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
			} finally {
			    try {
					caInput.close();
				} catch (IOException e) {
					// TODO Auto-generated catch block
					e.printStackTrace();
				}
			}

			// Create a KeyStore containing our trusted CAs
			String keyStoreType = KeyStore.getDefaultType();
			KeyStore keyStore = KeyStore.getInstance(keyStoreType);
			keyStore.load(null, null);
			keyStore.setCertificateEntry("ca", ca);

			// Create a TrustManager that trusts the CAs in our KeyStore
			String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
			TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
			tmf.init(keyStore);

			// Create an SSLContext that uses our TrustManager
			SSLContext context = SSLContext.getInstance("TLS");
			context.init(null, tmf.getTrustManagers(), null);

			// Tell the URLConnection to use a SocketFactory from our SSLContext
			/*URL url = new URL("https://certs.cac.washington.edu/CAtest/");*/
			javax.net.ssl.SSLSocketFactory sslSocket = context.getSocketFactory();
			HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
			
			URL url = new URL(requestURL);
			HttpsURLConnection urlConnection =
			    (HttpsURLConnection)url.openConnection();
			urlConnection.setSSLSocketFactory(context.getSocketFactory());
			urlConnection.setHostnameVerifier(hostnameVerifier);
			urlConnection.setConnectTimeout(SET_CONNECTION_TIMEOUT);
			urlConnection.setReadTimeout(SET_READ_TIMEOUT);
			
			InputStream in = urlConnection.getInputStream();
			//copyInputStreamToOutputStream(in, System.out);
			
			BufferedReader reader = new BufferedReader(new InputStreamReader(in));    

	        StringBuilder sb = new StringBuilder();    

	     

	        String line = null;    

	        try {    

	            while ((line = reader.readLine()) != null) {    

	                sb.append(line);    

	            }    

	        } catch (IOException e) {    

	            e.printStackTrace();    

	        } finally {    

	            try {    

	                in.close();    

	            } catch (IOException e) {    

	                e.printStackTrace();    

	            }   
	        }
	        
	        if (sb!=null){
	        	resutl = sb.toString();
	        	
	        }
		} catch (CertificateException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (FileNotFoundException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (NoSuchAlgorithmException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (KeyStoreException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (KeyManagementException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (MalformedURLException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		} catch (IOException e1) {
			// TODO Auto-generated catch block
			e1.printStackTrace();
		}
		MyLogCat.d(Constants.TAG,"doHttpsRequest reuslt = " + resutl);
		return resutl;

	 }
	 
	
	
	
} 

 

 

 

分享到:
评论

相关推荐

    Network security with OpenSSL

    The only guide available on the subject, Network Security with OpenSSLdetails the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. ...

    Bulletproof SSL and TLS

    Ivan Ristic is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application ...

    Bulletproof SSL and TLS,PDF , Ivan Ristic

    1. SSL, TLS, and Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Transport Layer Security 1...

    Juniper Network SRX SERIES UP AND RUNNING WITH ADVANCED SECURITY SERVICES

    Implement IPsec site-to-site VPN tunnels and SSL remote client VPN. Configure the SRX as a next-generation firewall (NGFW). Configure Unified Threat Management (UTM). Configure the automated...

    Tomcat配置SSL指导

    ciphers="SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_...

    Web Security & Commerce

    • Web server security - detailed technical information about SSL (Secure Socket Layer), TLS (Transport Layer Security), host security, server access methods, and secure CGI/API programming. • ...

    Cryptography and Network Security - Stallings - 5e

    William Stallings' "Cryptography and Network Security - 5e" offers a comprehensive guide to the field, providing students and professionals with a solid understanding of the fundamental principles and...

    Formal Correctness of Security Protocols

    Industrial-grade protocols such as SSL/TLS, Kerberos and even the huge SET protocol suite [37] can then be tackled. Although these proofs are far from automatic, the effort needed to undertake them ...

    Android Application Security Essentials

    Chapter 1: The Android Security Model – the Big Picture 7 Installing with care 7 Android platform architecture 9 Linux kernel 9 Middleware 11 Dalvik virtual machine 11 Application layer 11 Android ...

    Mobile.Device.Exploitation.Cookbook.1783558725

    and code your own malware Audit Android and iOS apps using static and dynamic analysis Examine iOS App Data storage and Keychain security vulnerabilities Set up the Wireless Pentesting Lab for Mobile ...

    XML.rar_Communicating_XML EncryptedData_java xml socket_ssl_ssl

    Secure Socket Layer (SSL) and Transport Layer Security (TLS) are the current standards for communicating information securely over the internet. With TLS, all data being transmitted from point A to ...

    The Craft of System Security

    1.2 Security and state spaces 10 2.1 Example clearance order 26 2.2 Example categories order 27 2.3 Example MLS lattice 28 2.4 The *-Property 30 2.5 The Chinese Wall 32 2.6 Functionality versus ...

    Packet Analysis with Wireshark pdf 0分

    Identify and overcome security flaws in your network to get a deeper insight into security analysis This is a fast-paced book that focuses on quick and effective packet captures through practical ...

    apache security 安全

    SSL and TLS Section 4.1. Cryptography Section 4.2. SSL Section 4.3. OpenSSL Section 4.4. Apache and SSL Section 4.5. Setting Up a Certificate Authority Section 4.6. Performance ...

    Network Security: Private Communication in a Public World, Second Edition

    The Radia Perlman Series in Computer Networking and Security Acknowledgments Chapter 1. Introduction Section 1.1. Roadmap to the Book Section 1.2. What Type of Book Is This? Section 1.3. ...

    Penetration Testing with Raspberry Pi - Second Edition

    You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security...

    Penetration Testing with Raspberry Pi

    You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more....

    ArrayOS 配置 https

    SSL Offloading and SSL Security APV Series provides industry-leading performance and cost per SSL TPS for 2048-bit SSL with advanced client certificate handling for secure application support and easy...

    SecureBridge v6.2.3 for Delphi & BCB Full Source

    SecureBridge represents clients and servers for SSH, SFTP and SSL protocols as a network security solution. It protects any TCP traffic using SSH or SSL secure transport layer protocols, that provide ...

Global site tag (gtag.js) - Google Analytics