1建立HttpConnection,这种连接比较简单,但是是不安全的,网上例子比较多,现在主要说说如果建立HttpsConnection,这种连接时通过SSL协议加密,相对更安全,一般使用这种连接传输用户名密码,等重要信息的,下面看代码:
public HttpsURLConnection getHttpsConnection(){
try{
TrustManager[] tm = { new MyX509TrustManager() };
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
SSLSocketFactory ssf = sslContext.getSocketFactory();
System.out.println(TAG+" getHttpsConnection serverUrl="+serverUrl);
URL myURL = new URL(serverUrl);
HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
httpsConn.setSSLSocketFactory(ssf);
httpsConn.setRequestProperty("accept", "*/*");
httpsConn.setRequestProperty("connection", "Keep-Alive");
httpsConn.setRequestMethod("POST");
httpsConn.setDoOutput(true);
httpsConn.setDoInput(true);
httpsConn.connect();
return httpsConn;
}catch(Exception e){
e.printStackTrace();
return null;
}
}在上面的代码中比较重要的是MyX509TrustManager这个类,这个类是安全的保障,可以是用默认的,但是一般我们都需要对证书进行自定义,因此需要继承下,下面看代码:
package login;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; public class MyX509TrustManager implements X509TrustManager {
//private final String CER_NAME = "D:\\Apache_Software_Foundation\\Tomcat_6.0\\cas.keystore";
private final String CER_NAME ="D:\\apache-tomcat-7.0.42\\cas.keystore";
private final String CER_PASSWORD = "changeit";
private final Log logger = LogFactory.getLog(getClass()); /*
* The default X509TrustManager returned by SunX509. We'll delegate
* decisions to it, and fall back to the logic in this class if the
* default X509TrustManager doesn't trust it.
*/
X509TrustManager sunJSSEX509TrustManager; MyX509TrustManager() throws Exception {
// create a "default" JSSE X509TrustManager.
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(CER_NAME);
ks.load(fis,CER_PASSWORD.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
tmf.init(ks);
TrustManager tms [] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
sunJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
throw new Exception("liqingguo Couldn't initialize");
} /*
* Delegate to the default trust manager.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
try {
sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
} catch (CertificateException excep) {
// do any special handling here, or rethrow exception.
}
} /*
* Delegate to the default trust manager.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
try {
sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException excep) {
/*
* Possibly pop up a dialog box asking whether to trust the
* cert chain.
*/
}
} /*
* Merely pass this through.
*/
public X509Certificate[] getAcceptedIssuers() {
return sunJSSEX509TrustManager.getAcceptedIssuers();
}
}