1建立HttpConnection,这种连接比较简单,但是是不安全的,网上例子比较多,现在主要说说如果建立HttpsConnection,这种连接时通过SSL协议加密,相对更安全,一般使用这种连接传输用户名密码,等重要信息的,下面看代码:
public HttpsURLConnection getHttpsConnection(){ try{ TrustManager[] tm = { new MyX509TrustManager() }; SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, tm, new java.security.SecureRandom()); SSLSocketFactory ssf = sslContext.getSocketFactory(); System.out.println(TAG+" getHttpsConnection serverUrl="+serverUrl); URL myURL = new URL(serverUrl); HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection(); httpsConn.setSSLSocketFactory(ssf); httpsConn.setRequestProperty("accept", "*/*"); httpsConn.setRequestProperty("connection", "Keep-Alive"); httpsConn.setRequestMethod("POST"); httpsConn.setDoOutput(true); httpsConn.setDoInput(true); httpsConn.connect(); return httpsConn; }catch(Exception e){ e.printStackTrace(); return null; } }
在上面的代码中比较重要的是MyX509TrustManager这个类,这个类是安全的保障,可以是用默认的,但是一般我们都需要对证书进行自定义,因此需要继承下,下面看代码:
package login; import java.io.FileInputStream; import java.security.KeyStore; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; public class MyX509TrustManager implements X509TrustManager { //private final String CER_NAME = "D:\Apache_Software_Foundation\Tomcat_6.0\cas.keystore"; private final String CER_NAME ="D:\apache-tomcat-7.0.42\cas.keystore"; private final String CER_PASSWORD = "changeit"; private final Log logger = LogFactory.getLog(getClass()); /* * The default X509TrustManager returned by SunX509. We'll delegate * decisions to it, and fall back to the logic in this class if the * default X509TrustManager doesn't trust it. */ X509TrustManager sunJSSEX509TrustManager; MyX509TrustManager() throws Exception { // create a "default" JSSE X509TrustManager. KeyStore ks = KeyStore.getInstance("JKS"); FileInputStream fis = new FileInputStream(CER_NAME); ks.load(fis,CER_PASSWORD.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", "SunJSSE"); tmf.init(ks); TrustManager tms [] = tmf.getTrustManagers(); for (int i = 0; i < tms.length; i++) { if (tms[i] instanceof X509TrustManager) { sunJSSEX509TrustManager = (X509TrustManager) tms[i]; return; } } throw new Exception("liqingguo Couldn't initialize"); } /* * Delegate to the default trust manager. */ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { sunJSSEX509TrustManager.checkClientTrusted(chain, authType); } catch (CertificateException excep) { // do any special handling here, or rethrow exception. } } /* * Delegate to the default trust manager. */ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { sunJSSEX509TrustManager.checkServerTrusted(chain, authType); } catch (CertificateException excep) { /* * Possibly pop up a dialog box asking whether to trust the * cert chain. */ } } /* * Merely pass this through. */ public X509Certificate[] getAcceptedIssuers() { return sunJSSEX509TrustManager.getAcceptedIssuers(); } }