Android/Java -- 如何创建 HTTPS 连接? [英] Android/Java -- How to Create HTTPS Connection?

问题描述

我这里有允许我连接到 https 服务器并传输数据的代码.它工作得很好，但我想知道我是否以正确的方式进行操作并且我实际上正在建立安全连接.请检查我的工作.谢谢.

I have code here that allows me to connect to https servers and transfer data. It works just fine, but I want to know if I'm doing it the right way and I'm actually making a secure connection. Please check my work. Thanks.

public class HTTPSClient extends DefaultHttpClient
{

    public HTTPSClient() 
    {
    }

    @Override
    protected ClientConnectionManager createClientConnectionManager()
    {
        SchemeRegistry registry = new SchemeRegistry();

        HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
        final SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
        socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
        //socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        registry.register(new Scheme("https", socketFactory, 80));
        registry.register(new Scheme("https", socketFactory, 443));
        HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, "UTF-8");

        return new SingleClientConnManager(params, registry);
    }
}

我像这样使用这个代码:

I use this code like so:

HttpResponse response = mConnection.httpsClient.execute(new HttpHost("www.somehostname.com", 80), new HttpGet("https://someaddress")));

然后我阅读了那里的回复.再次感谢.

I then read the response from there. Thanks again.

推荐答案

看官方自定义 SSL 上下文 来自 Apache HttpClient 的教程.

Look at the official Custom SSL context tutorial from Apache HttpClient.

正如 Stephen C 提到的，您不需要为 https 上下文注册端口 80.为 http 注册它(如果有必要的话).这意味着，当您调用 https url 时，将使用您指定的相应 socketFactory.

As Stephen C mentioned, you don't need to register port 80 for the https context. Register it instead for http (if neccessary at all). This means, when you call a https url, the appropriate socketFactory, as you specified, will be used.

注意:在大多数情况下，当您从 Android 设备连接到使用自定义证书或来自不太知名的颁发者的证书的站点时，您会收到证书不受信任"或类似异常.如果是这种情况，您需要为您的应用程序创建自定义证书存储，以便它信任您的服务器证书.如果想知道hot实现这个，可以看我的博客文章

NOTE: You will receive in most cases a "Certificate not trusted" or similar exception when you connect from Android devices to sites with custom certificates or certificates from not very well known issuers. If this is the case, you need to create a custom certificate store for your application, so that it will trust your server certificates. If you want to know hot to achieve this, you can look at my blog article

如果您想检查您的设备是否真的通过安全连接进行通信，您可以从您的安卓模拟器调用 https 端点并使用 Wireshark 在您的开发者机器上.

If you want to check, if your device is really communicating via a secured connection, you could make the call to the https endpoint from your android emulator and capture the traffic with Wireshark on your developer machine.

希望能帮到你

这篇关于Android/Java -- 如何创建 HTTPS 连接?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！