本文引用了作者Smily(博客:blog.csdn.net/qq_20521573)的文章内容,感谢无私分享。
HTTPS(Hypertext Transfer Protocol Secure)是一种通过计算机网络进行安全通信的传输协议。HTTPS经由HTTP进行通信,但利用TLS来加密数据包。HTTPS开发的主要目的,是提供对网站服务器的身份认证,保护交换数据的隐私与完整性。
TLS是传输层加密协议,前身是SSL协议。由网景公司于1995年发布。后改名为TLS。常用的 TLS 协议版本有:TLS1.2, TLS1.1, TLS1.0 和 SSL3.0。其中 SSL3.0 由于 POODLE 攻击已经被证明不安全。TLS1.0 也存在部分安全漏洞,比如 RC4 和 BEAST 攻击。
1.jpeg (31.31 KB, 下载次数: 1143)
下载附件 保存到相册
6 年前 上传
2.jpeg (40.21 KB, 下载次数: 1165)
3.jpeg (21.6 KB, 下载次数: 1157)
4.jpeg (54.37 KB, 下载次数: 1145)
中间人攻击(MITM攻击)是指,黑客拦截并篡改网络中的通信数据。又分为被动MITM和主动MITM,被动MITM只窃取通信数据而不修改,而主动MITM不但能窃取数据,还会篡改通信数据。最常见的中间人攻击常常发生在公共wifi或者公共路由上。
5.jpeg (25.88 KB, 下载次数: 1155)
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
public static SSLSocketFactory getSSLSocketFactory() throws Exception { //创建一个不验证证书链的证书信任管理器。 final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { @Override public void checkClientTrusted( java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted( java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; } }}; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager return sslContext .getSocketFactory(); } //使用自定义SSLSocketFactory private void onHttps(OkHttpClient.Builder builder) { try { builder.sslSocketFactory(getSSLSocketFactory()).hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (Exception e) { e.printStackTrace(); } }
/** * 单项认证 */ public static SSLSocketFactory getSSLSocketFactoryForOneWay(InputStream... certificates) { try { CertificateFactory certificateFactory = CertificateFactory.getInstance(CLIENT_TRUST_MANAGER, CLIENT_TRUST_PROVIDER); KeyStore keyStore = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE); keyStore.load(null); int index = 0; for (InputStream certificate : certificates) { String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate)); try { if (certificate != null) certificate.close(); } catch (IOException e) { e.printStackTrace(); } } SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext.getSocketFactory(); } catch (Exception e) { e.printStackTrace(); } return null; }
InputStream certificate12306 = Utils.getContext().getResources().openRawResource(R.raw.srca); OkHttpClient okHttpClient = new OkHttpClient.Builder() .readTimeout(Constants.DEFAULT_TIMEOUT, TimeUnit.MILLISECONDS) .connectTimeout(Constants.DEFAULT_TIMEOUT, TimeUnit.MILLISECONDS) .addInterceptor(interceptor) .addInterceptor(new HttpHeaderInterceptor()) .addNetworkInterceptor(new HttpCacheInterceptor()) .sslSocketFactory(SslContextFactory.getSSLSocketFactoryForOneWay(certificate12306)) .hostnameVerifier(new SafeHostnameVerifier()) .cache(cache) .build();
private class SafeHostnameVerifier implements HostnameVerifier { @Override public boolean verify(String hostname, SSLSession session) { if (Constants.IP.equals(hostname)) {//校验hostname是否正确,如果正确则建立连接 return true; } return false; } }
6.png (108.25 KB, 下载次数: 1184)
/** * 双向认证 * * @return SSLSocketFactory */ public static SSLSocketFactory getSSLSocketFactoryForTwoWay() { try { InputStream certificate = Utils.getContext().getResources().openRawResource(R.raw.capk); // CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); KeyStore keyStore = KeyStore.getInstance(CLIENT_TRUST_KEY); keyStore.load(certificate, SELF_CERT_PWD.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, SELF_CERT_PWD.toCharArray()); try { if (certificate != null) certificate.close(); } catch (IOException e) { e.printStackTrace(); } //初始化keystore KeyStore clientKeyStore = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE); clientKeyStore.load(Utils.getContext().getResources().openRawResource(R.raw.cabks), TRUST_CA_PWD.toCharArray()); SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT); TrustManagerFactory trustManagerFactory = TrustManagerFactory. getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(clientKeyStore); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, SELF_CERT_PWD.toCharArray()); sslContext.init(kmf.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext.getSocketFactory(); } catch (Exception e) { e.printStackTrace(); } return null; }
OkHttpClient okHttpClient = new OkHttpClient.Builder() .readTimeout(Constants.DEFAULT_TIMEOUT, TimeUnit.MILLISECONDS) .connectTimeout(Constants.DEFAULT_TIMEOUT, TimeUnit.MILLISECONDS) .addInterceptor(interceptor) .addInterceptor(new HttpHeaderInterceptor()) .addNetworkInterceptor(new HttpCacheInterceptor()) .sslSocketFactory(SslContextFactory.getSSLSocketFactoryForTwoWay()) .hostnameVerifier(new SafeHostnameVerifier()) .cache(cache) .build();
来源:即时通讯网 - 即时通讯开发者社区!
轻量级开源移动端即时通讯框架。
快速入门 / 性能 / 指南 / 提问
轻量级Web端即时通讯框架。
详细介绍 / 精编源码 / 手册教程
移动端实时音视频框架。
详细介绍 / 性能测试 / 安装体验
基于MobileIMSDK的移动IM系统。
详细介绍 / 产品截图 / 安装体验
一套产品级Web端IM系统。
详细介绍 / 产品截图 / 演示视频
引用此评论
精华主题数超过100个。
连续任职达2年以上的合格正式版主
为论区做出突出贡献的开发者、版主等。
Copyright © 2014-2024 即时通讯网 - 即时通讯开发者社区 / 版本 V4.4
苏州网际时代信息科技有限公司 (苏ICP备16005070号-1)
Processed in 0.136710 second(s), 42 queries , Gzip On.