Https的雙向認證

原創 葫芦娃你好我是皮卡丘 2020-06-22 19:54

參考鏈接:https://www.cnblogs.com/blogs-of-lxl/p/10136582.html

鴻洋博客:https://blog.csdn.net/lmj623565791/article/details/48129405?utm_source=copy

public class HttpsUtils {
    public static class SSLParams {
        public SSLSocketFactory sSLSocketFactory;
        public X509TrustManager trustManager;
    }

    //    public static SSLParams getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password) {
    public static SSLParams getSslSocketFactory(InputStream certificates, InputStream bksFile, String password) {
        SSLParams sslParams = new SSLParams();
        try {
//            TrustManager[] trustManagers = prepareTrustManager(certificates);
            TrustManager[] trustManagers = prepareTrust(certificates);
            KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            X509TrustManager trustManager = null;
            if (trustManagers != null) {
                trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
            } else {
                trustManager = new UnSafeTrustManager();
            }
            sslContext.init(keyManagers, new TrustManager[]{trustManager}, null);
//            SSLSocketFactory NoSSLv3Factory = new NoSSLv3SocketFactory(sslContext.getSocketFactory());

            sslParams.sSLSocketFactory = sslContext.getSocketFactory();
            sslParams.trustManager = trustManager;
            return sslParams;
        } catch (NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        } catch (KeyManagementException e) {
            throw new AssertionError(e);
        } catch (KeyStoreException e) {
            throw new AssertionError(e);
        }
    }

    private class UnSafeHostnameVerifier implements HostnameVerifier {
        @Override
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    }

    private static class UnSafeTrustManager implements X509TrustManager {
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[]{};
        }
    }

    private static TrustManager[] prepareTrustManager(InputStream... certificates) {
        if (certificates == null || certificates.length <= 0) return null;
        try {

            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
//            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null);
            int index = 0;
            for (InputStream certificate : certificates) {
                String certificateAlias = Integer.toString(index++);
                keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
                try {
                    if (certificate != null)
                        certificate.close();
                } catch (IOException e) {
                }
            }
            TrustManagerFactory trustManagerFactory = null;

            trustManagerFactory = TrustManagerFactory.
                    getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);

            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

            return trustManagers;
        }
//        catch (NoSuchAlgorithmException e) {
//            e.printStackTrace();
//        } catch (CertificateException e) {
//            e.printStackTrace();
//        } catch (KeyStoreException e) {
//            e.printStackTrace();
//        }
        catch (Exception e) {
//            FLog.e("prepareTrustManager failed " + e);
            FLog.e(e);
        }
        return null;

    }

    private static TrustManager[] prepareTrust(InputStream is) {
        Certificate ca;
        InputStream caInput = null;
        try {
            try {
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                caInput = new BufferedInputStream(is);
                ca = cf.generateCertificate(caInput);
                FLog.d("ca=" + ((X509Certificate) ca).getSubjectDN());


                // Create a KeyStore containing our trusted CAs
                String keyStoreType = KeyStore.getDefaultType();
                KeyStore keyStore = KeyStore.getInstance(keyStoreType);
//                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", ca);

                // Create a TrustManager that trusts the CAs in our KeyStore
                String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
                TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
                tmf.init(keyStore);
                TrustManager[] trustManagers = tmf.getTrustManagers();

                return trustManagers;
            } catch (Exception e) {
                FLog.e(e);
            }

        } finally {
            if (caInput != null) {
                try {
                    caInput.close();
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }

        }
        return null;

    }

    private static KeyManager[] prepareKeyManager(InputStream bksFile, String password) {
        try {
            if (bksFile == null || password == null) return null;
//            KeyStore clientKeyStore = KeyStore.getInstance("BKS");
            KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
            clientKeyStore.load(bksFile, password.toCharArray());

            FLog.d("clientKeyStore.getType()=" + clientKeyStore.getType());

            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(clientKeyStore, password.toCharArray());
            return keyManagerFactory.getKeyManagers();

        }
//        catch (KeyStoreException e) {
//            e.printStackTrace();
//        } catch (NoSuchAlgorithmException e) {
//            e.printStackTrace();
//        } catch (UnrecoverableKeyException e) {
//            e.printStackTrace();
//        } catch (CertificateException e) {
//            e.printStackTrace();
//        } catch (IOException e) {
//            e.printStackTrace();
//        }
        catch (Exception e) {
//            FLog.e("prepareKeyManager failed " + e);
            FLog.e(e);
        }
        return null;
    }

    private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers) {
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }


    private static class MyTrustManager implements X509TrustManager {
        private X509TrustManager defaultTrustManager;
        private X509TrustManager localTrustManager;

        public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException {
            TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            var4.init((KeyStore) null);
            defaultTrustManager = chooseTrustManager(var4.getTrustManagers());
            this.localTrustManager = localTrustManager;
        }


        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            try {
                defaultTrustManager.checkServerTrusted(chain, authType);
            } catch (CertificateException ce) {
                localTrustManager.checkServerTrusted(chain, authType);
            }
        }


        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }
}


    private final static String CLIENT_BKS_PASSWORD = "123456";//私鑰密碼
    private String clientKeyStoreFile = "/backup/certs/me7-hu.jks";
    private String clientTrustKeyStoreFile = "/backup/certs/me7-p0-p1.cer";


  private OkHttpClient providerHttpClient() {
        OkHttpClient.Builder builder = new OkHttpClient.Builder();

        InputStream keysIn = null;
//        InputStream[] trustIn = new InputStream[4];
        InputStream trustIn = null;

        try {
//            keysIn = getAppContext().getAssets().open(CLIENT_PRI_KEY);//加載客戶端私鑰
//            trustIn[0] = getAppContext().getAssets().open(TRUSTSTORE_PUB_KEY);//加載證書
            keysIn = new BufferedInputStream(new FileInputStream(clientKeyStoreFile));//加載客戶端私鑰
//            trustIn[0] = new FileInputStream(clientTrustKeyStoreFile);//加載證書
            trustIn = new BufferedInputStream(new FileInputStream(clientTrustKeyStoreFile));//加載證書
        } catch (IOException e) {
            FLog.e("certification OnError", e);
        }

//        if (trustIn != null && trustIn.length > 0 && keysIn != null) {
        if (trustIn != null && keysIn != null) {
            FLog.d("certification is exist");
            //證書的inputstream,本地證書的inputstream, 本地證書的密碼
            HttpsUtils.SSLParams sslParams = HttpsUtils.getSslSocketFactory(
                    trustIn,
                    keysIn,
                    CLIENT_BKS_PASSWORD);
            builder.sslSocketFactory(sslParams.sSLSocketFactory, sslParams.trustManager);
        } else {
            FLog.d("certification is null");
            AllTrustManager trustManager = new AllTrustManager();
            builder.sslSocketFactory(providerSSLSocketFactory(trustManager), trustManager);
        }
        builder
                .hostnameVerifier((hostname, session) -> true)
                .connectTimeout(mBuilder.mConnectTimeout, TimeUnit.MILLISECONDS)
                .readTimeout(mBuilder.mReadTimeout, TimeUnit.MILLISECONDS)
                .writeTimeout(mBuilder.mWriteTimeout, TimeUnit.MILLISECONDS);

        if (mBuilder.mHttpLog) {
            HttpLoggingInterceptor loggingInterceptor = new HttpLoggingInterceptor(
                    message -> FLog.i("HttpLog", message));
            loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
            builder.addInterceptor(loggingInterceptor);
        }
        //刷新token
        builder.addInterceptor(new AuthenticatorInterceptor(mBuilder.mBaseUrl));
        return builder.build();
    }
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

Android筆記02-真機調式

1、手機打開開發者,並且usb連接電腦 2、打開sdk manager,安裝google usb driver 3、打開設備管理器,更新驅動程序,驅動程序目錄E:\android_sdk\extras\google\usb_driver

原創 2023-10-31 09:11:15

完美解決 Android 滑動衝突!

處理自定義 View 中的滑動衝突 對於大多數 Android 開發來說,處理滑動衝突好像很難,但實戰一下又發現,好像也挺簡單,因爲這個實際上是有套路可循的。基本就兩種方案:外部攔截法 && 內部攔截法。 2.1 外部攔截法 所謂外部攔截法

原創 2023-10-10 02:19:38

Android C++系列:Linux線程(一)概念

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1. 什麼是線程",

轻口味 2021-12-08 11:33:58

Android無障礙體驗與開發

有着不同無障礙需求的用戶看到或者聽到的Android應用界面也是一種完全不同的交互體驗,使用Google開源的“無障礙體驗”項目來從用戶的視角親身體驗無障礙適配對用戶體驗的影響。在本次專題演講中,你也可以瞭解Google最新發布在Andro

王莹 2021-11-26 09:58:53

Android Studio 的更新

在本次專題演講中,將介紹 Android Studio 的一些新開發工具和功能的最新動態及其演示版,還會示範如何在您的應用開發流程中集成這些工具。 直達 Google 開發者在線課程,收穫 Android 技術乾貨 https://deve

王莹 2021-11-25 10:58:57

拒絕卡頓,揭祕盒馬鮮生 APP Android 短視頻秒播優化方案

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image"

阿里巴巴移动技术 2021-11-24 10:23:56

Android 遊戲開發和結算服務的新特性

Android 遊戲開發工具包 (AGDK) 是一套工具和應用組件,可幫助您開發、優化和發佈優質的 Android 遊戲。 Google Play 結算系統是一項可讓您在 Android 應用中銷售數字產品和內容的服務。 在本次專題演講中,

王莹 2021-11-24 09:58:54

Android TV 與 Google TV 的新特性

在本次專題演講中,我們將向開發者介紹Android TV以及Google TV的新功能和用戶體驗。 直達 Google 開發者在線課程,收穫 Android 技術乾貨 https://developers.google.cn/learn/p

王莹 2021-11-24 09:53:53

Android 12L-針對大屏設備的新特性

Android 大屏設備及摺疊屏設備越來越受到用戶的青睞。在本次專題演講中,我們會向大家介紹 Android 平臺新增的對於大屏應用開發的支持,包括新的 API 和開發庫,以及更新的開發人員指南。 直達 Google 開發者在線課程,收穫

王莹 2021-11-24 09:53:53

Android C++系列:Linux文件IO操作(一)

{"type":"doc","content":[{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.1 C標準函數與

轻口味 2021-11-23 18:23:51

Android C++系列:JNI調用時的異常處理

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

轻口味 2021-11-19 10:03:53

2021 Google 開發者大會一覽,同步Android、TensorFlow、Web開發等最新動態

{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"typ

罗燕珊 2021-11-16 19:33:53

Jetpack Compose 佈局詳情

Jetpack Compose 提供了全新的佈局模型,可用於構建美觀流暢的界面。在此講座中,我們將深入介紹佈局模型及其功能和底層工作原理;並詳細說明捆綁式佈局和修飾符的構建方式,以及如何輕鬆創建自定義佈局和修飾符。本講座有助於您理解 Com

谷歌 2021-11-16 15:33:49

Google開發者大會

2021 年 Google 開發者大會以“Develop as One”爲主題,共享 Google 前沿產品資訊與技術趨勢洞見,攜手開發者和合作夥伴激活潛能,共創機遇,共謀發展。

王莹 2021-11-16 12:13:51

爲 Android 12 做好準備

Android 12 是今年剛剛發佈的 Android 新系統版本,它對操作系統的各個方面都做出了很多改進,包括用戶體驗、性能、和隱私。而伴隨着這些改進,也必然會在現有 API 或系統界面方面發生一些行爲變更。 在本次專題演講中,我們會介紹

王莹 2021-11-16 12:13:51