編輯:關於Android編程
官方文檔:https://developer.android.com/training/articles/security-ssl.html
Https使用了數字簽名,對於數字簽名的理解,阮一峰翻譯一篇關於這方面很好的文章
數字簽名一般會使用RSA算法,對於RSA算法的理解,阮一峰也提供兩篇生動的文章來說明:
google給的示例代碼有些過於簡單,我添加了一些東西,復制粘貼就可以運行:如果看到一大段數學公式就不想往下看的同學,我這裡給個簡化版的:
將兩個大質數相乘十分容易,但是想要對其乘積進行因式分解卻極其困難,文章中給出了的例子:
將
1230186684530117755130494958384962720772853569595334
7921973224521517264005072636575187452021997864693899
5647494277406384592519255732630345373154826850791702
6122142913461670429214311602221240479274737794080665
351419597459856902143413
分解成兩個質數的乘積,因為現在的方法只能暴力破解,以目前電子計算機的運算速率來看,即使破解了,也會耗費相當長的時間,導致破解行為本身沒有什麼意義
public class MainActivity extends AppCompatActivity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
new Thread() {
@Override
public void run() {
try {
URL url = new URL("https://wikipedia.org");
URLConnection urlConnection = url.openConnection();
InputStream in = urlConnection.getInputStream();
printInputStream(in);
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}.start();
}
private void printInputStream(InputStream is){
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
StringBuffer sb = new StringBuffer();
String line = null;
try {
while ((line = reader.readLine()) != null) {
sb.append(line + "\n");
}
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
String rs = sb.toString();
Log.e("inputSteam",rs);
}
}
正常訪問,結果為:
![這裡寫圖片描述](https://www.android5.online/Android/UploadFiles_5356/201702/2017022310495002.png "\")
將上面代碼的第11行的網址改為:https://certs.cac.washington.edu/CAtest/
運行的結果會報錯:
![這裡寫圖片描述](https://www.android5.online/Android/UploadFiles_5356/201702/2017022310495056.png "\")
這裡同樣處理一下細節,復制可以直接運行
public class MainActivity extends AppCompatActivity {
private final String load = "-----BEGIN CERTIFICATE-----\n" +
"MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT\n" +
"AldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZp\n" +
"Y2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2Fz\n" +
"aGluZ3Rvbi5lZHUwHhcNMDMwMjI1MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMC\n" +
"VVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNV\n" +
"BAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYX\n" +
"aGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwCo6h4\n" +
"T44m+7ve+BrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3LafbbZYju0imlQLG+MEVAtNDdiYICcBcKsa\n" +
"pr2dxOi31Nv0moCkOj7iQueMVU4E1TghYIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5c\n" +
"L6zNwV25gbn3AgMBAAGjggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEG\n" +
"A1UdIwSBuTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQsw\n" +
"CQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMRQwEgYDVQQLEwtV\n" +
"VyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0ExJjAkBgkqhkiG9w0BCQEWF2hlbHBA\n" +
"Y2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1UdEwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2Nl\n" +
"cnRzLmNhYy53YXNoaW5ndG9uLmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNh\n" +
"Yy53YXNoaW5ndG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmI\n" +
"JjT9bM5d++BtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9Rd+W4GnNDAMV40we\n" +
"s8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4EskaIXSx0PywbyfIR1wWxMpr\n" +
"8gbCjAEUHNF/\n" +
"-----END CERTIFICATE-----";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
new Thread() {
@Override
public void run() {
super.run();
URL url = null;
HttpsURLConnection urlConnection = null;
InputStream in = null;
try {
//1.生成證書:Certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new ByteArrayInputStream(load.getBytes());
Certificate ca = null;
try {
ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} catch (CertificateException e) {
e.printStackTrace();
} finally {
caInput.close();
}
//2.初始化公鑰:keyStore
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
//3.初始化TrustManagerFactory
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
//4.初始化sslContext
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
//5.建立Https鏈接
url = new URL("https://certs.cac.washington.edu/CAtest/");
//注意,這裡是HttpsURLConnection
urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
in = urlConnection.getInputStream();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
copyInputStreamToOutputStream(in);
}
}.start();
}
private void copyInputStreamToOutputStream(InputStream is) {
if (is == null)
return;
BufferedReader reader = new BufferedReader(new InputStreamReader(is));
StringBuffer sb = new StringBuffer();
String line = null;
try {
while ((line = reader.readLine()) != null) {
sb.append(line + "\n");
}
} catch (IOException e) {
e.printStackTrace();
} finally {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
Log.e("inputstrem", sb.toString());
}
}
運行結果:
![這裡寫圖片描述](https://www.android5.online/Android/UploadFiles_5356/201702/2017022310495104.png "\")
第二行的load的由來:
下載load-der.crt 在cmd中輸入命令:keytool -printcert -rfc -file 文件地址![這裡寫圖片描述](https://www.android5.online/Android/UploadFiles_5356/201702/2017022310495131.gif "\")
實現的流程也很簡單:
在實際開發中,我們使用網絡框架來進行網絡中的交互,所以上面的代碼肯定是用不到的;現在通用的網絡請求框架,都給HTTPS請求留出了空間來實現,下面以Volley為例:
public class MainActivity extends Activity {
private final String load = "-----BEGIN CERTIFICATE-----\n" +
"MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT\n" +
"AldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZp\n" +
"Y2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2Fz\n" +
"aGluZ3Rvbi5lZHUwHhcNMDMwMjI1MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMC\n" +
"VVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNV\n" +
"BAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYX\n" +
"aGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwCo6h4\n" +
"T44m+7ve+BrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3LafbbZYju0imlQLG+MEVAtNDdiYICcBcKsa\n" +
"pr2dxOi31Nv0moCkOj7iQueMVU4E1TghYIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5c\n" +
"L6zNwV25gbn3AgMBAAGjggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEG\n" +
"A1UdIwSBuTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQsw\n" +
"CQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMRQwEgYDVQQLEwtV\n" +
"VyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0ExJjAkBgkqhkiG9w0BCQEWF2hlbHBA\n" +
"Y2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1UdEwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2Nl\n" +
"cnRzLmNhYy53YXNoaW5ndG9uLmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNh\n" +
"Yy53YXNoaW5ndG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmI\n" +
"JjT9bM5d++BtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9Rd+W4GnNDAMV40we\n" +
"s8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4EskaIXSx0PywbyfIR1wWxMpr\n" +
"8gbCjAEUHNF/\n" +
"-----END CERTIFICATE-----";
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
//生成SSLSocketFactory
SSLSocketFactory sslSocketFactory = initSSLSocketFactory();
//HurlStack兩個參數默認都是null,如果傳入SSLSocketFactory,那麼會以Https的方式來請求網絡
HurlStack stack = new HurlStack(null, sslSocketFactory);
//通常,我們調用的是Volley.newRequestQueue(context),HurlStack為默認的,也就是不處理Https的情況
//現在傳入處理Https的HurlStack,Volley就會去處理相應的請求
RequestQueue requestQueue = Volley.newRequestQueue(this, stack);
//去訪問網絡
StringRequest request = new StringRequest("https://certs.cac.washington.edu/CAtest/",
new Response.Listener() {
@Override
public void onResponse(String response) {
Log.e("onResponse", response);
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.e("error", error.getMessage());
}
});
requestQueue.add(request);
}
/**
* 生成SSLSocketFactory
* 這裡的代碼與之前相比,沒有什麼不同
*
* @return
*/
private SSLSocketFactory initSSLSocketFactory() {
//生成證書:Certificate
CertificateFactory cf = null;
SSLSocketFactory factory = null;
try {
cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new ByteArrayInputStream(load.getBytes());
Certificate ca = null;
try {
ca = cf.generateCertificate(caInput);
} finally {
try {
caInput.close();
} catch (IOException e) {
e.printStackTrace();
}
}
//初始化公鑰:keyStore
String keyType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
//初始化TrustManagerFactory
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory managerFactory = TrustManagerFactory.getInstance(algorithm);
managerFactory.init(keyStore);
//初始化sslContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, managerFactory.getTrustManagers(), null);
factory = sslContext.getSocketFactory();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return factory;
}
}
結果展示:
![這裡寫圖片描述](https://www.android5.online/Android/UploadFiles_5356/201702/2017022310495264.png "\")
示例代碼很簡單,如果有需要,在項目裡稍微寫寫代碼,就可以集成進去。
成熟網絡請求框架都給使用者留出了傳遞“SSLSocketFactory ”的入口,仔細閱讀下網絡請求框架初始化的代碼,就可以找對應的地方。
HTTPS認證貌似要花不少的銀子,一般各位也不會用到,如果要使用HTTPS,可以參考下上面的示例代碼。另外,開頭推薦阮一峰的幾篇文章,希望各位看官查閱。
android 微信 sdk api調用不成功解決方案
最近一直在調用微信的API,卻發現一直調用不成功,糾結了好久,各方面找教程,找官方,官方裡的文檔也只是寫得很模糊,說是按三步走。1、申請App_ID 2、填寫包
Android官方文檔之Bound Services
綁定式Service在CS結構中扮演著Server的角色。綁定式Service允許其他組件(如Activity)綁定該Service、發送請求、接收響應、甚至IPC通信(
安卓開發之自定義控件TipView仿QQ長按後的提示窗口
先上效果圖:之前用手機QQ時,一直很覺得這個窗口提示挺不錯的,今天將它大概地實現了一遍。一、對TipView定義一些成員變量// 一些狀態變量private static
Android 中構建快速可靠的 UI 測試
前言讓我一起來看看 Iván Carballo和他的團隊是如何使用Espresso, Mockito 和Dagger 2 編寫250個UI測試,並且只花了三分鐘就運行成功
