HTTPS和HTTP的區別及自定義證書使用教程詳情 - IOS,iOS,移動開發,yyds乾貨盤點愛分享技術的小文博客

HTTPS(全稱:Hyper Text Transfer Protocol over Secure Socket Layer)，是以安全為目標的HTTP通道，簡單講是HTTP的安全版。即HTTP下加入SSL層，HTTPS的安全基礎是SSL，因此加密的詳細內容就需要SSL。它是一個URI scheme(抽象標識符體系)，句法類同http:體系。用於安全的HTTP數據傳輸。https:URL表明它使用了HTTP，但HTTPS存在不同於HTTP的默認端口及一個加密/身份驗證層(在HTTP與TCP之間)。這個系統的最初研發由網景公司(Netscape)進行，並內置於其瀏覽器Netscape Navigator中，提供了身份驗證與加密通訊方法。現在它被廣泛用於萬維網上安全敏感的通訊，例如交易支付方面。

HTTPS和HTTP的區別

一、https協議需要到 ca 申請證書，一般免費證書很少，需要交費。

二、http是超文本傳輸協議，信息是明文傳輸，https 則是具有安全性的ssl加密傳輸協議。

三、http和https使用的是完全不同的連接方式，用的端口也不一樣，前者是80，後者是443。

四、http的連接很簡單，是無狀態的；HTTPS協議是由SSL+HTTP協議構建的可進行加密傳輸、身份認證的網絡協議，比http協議安全。

對於網絡抓包和分析，工具如 Sniffmaster 可以簡化 HTTPS 流量的解密過程，它支持全平台抓包，無需代理或越獄。

第一種使用自定義證書

SSLSocketFactory.getSocketFactory() 使用自定義證書不被系統承認


public static void GetNetWork() {
try {
String path = "https://192.168.0.102:8443/123.html";
BasicHttpParams params = new BasicHttpParams();
			HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
			HttpProtocolParams.setContentCharset(params,
					HTTP.DEFAULT_CONTENT_CHARSET);
			HttpProtocolParams.setUseExpectContinue(params, true);
			SSLSocketFactory.getSocketFactory().setHostnameVerifier(
new AllowAllHostnameVerifier());
SchemeRegistry schReg = new SchemeRegistry();
			schReg.register(new Scheme("http", PlainSocketFactory
					.getSocketFactory(), 80));
			schReg.register(new Scheme("https", SSLTrustAllSocketFactory
					.getSocketFactory(), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(
					params, schReg);
DefaultHttpClient client = new DefaultHttpClient(connMgr, params);
HttpGet request = new HttpGet(path);
HttpResponse httpResponse = client.execute(request);
int responseCode = httpResponse.getStatusLine().getStatusCode();
String message = httpResponse.getStatusLine().getReasonPhrase();
HttpEntity entity = httpResponse.getEntity();
if (responseCode == 200 && entity != null) {
				Log.e("log", entity.toString());
			}
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
public static class SSLTrustAllSocketFactory extends SSLSocketFactory {
private static final String TAG = "SSLTrustAllSocketFactory";
private SSLContext mCtx;
public class SSLTrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
			}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
			}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
			}
		}
public SSLTrustAllSocketFactory(KeyStore truststore) throws Throwable {
super(truststore);
try {
				mCtx = SSLContext.getInstance("TLS");
				mCtx.init(null,
new TrustManager[] { new SSLTrustAllManager() }, null);
				setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
			} catch (Exception ex) {
			}
		}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return mCtx.getSocketFactory().createSocket(socket, host, port,
					autoClose);
		}
@Override
public Socket createSocket() throws IOException {
return mCtx.getSocketFactory().createSocket();
		}
public static SSLSocketFactory getSocketFactory() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore
						.getDefaultType());
				trustStore.load(null, null);
SSLSocketFactory factory = new SSLTrustAllSocketFactory(
						trustStore);
return factory;
			} catch (Throwable e) {
				Log.d(TAG, e.getMessage());
				e.printStackTrace();
			}
return null;
		}
	}

第二種直接從 https://kyfw.12306.cn/otn/ 下載根證書導入應用中驗證


public static void GetNetWork2(Context context) {
try {
String path = "https://kyfw.12306.cn/otn/";
BasicHttpParams params = new BasicHttpParams();
			HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
			HttpProtocolParams.setContentCharset(params,
					HTTP.DEFAULT_CONTENT_CHARSET);
			HttpProtocolParams.setUseExpectContinue(params, true);
			SSLSocketFactory.getSocketFactory().setHostnameVerifier(
new AllowAllHostnameVerifier());
SchemeRegistry schReg = new SchemeRegistry();
			schReg.register(new Scheme("http", PlainSocketFactory
					.getSocketFactory(), 80));
			schReg.register(new Scheme("https", SSLCustomSocketFactory
					.getSocketFactory(context), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(
					params, schReg);
DefaultHttpClient client = new DefaultHttpClient(connMgr, params);
HttpGet request = new HttpGet(path);
HttpResponse httpResponse = client.execute(request);
int responseCode = httpResponse.getStatusLine().getStatusCode();
String message = httpResponse.getStatusLine().getReasonPhrase();
HttpEntity entity = httpResponse.getEntity();
if (responseCode == 200 && entity != null) {
				Log.e("log", entity.toString());
			}
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
public static class SSLCustomSocketFactory extends SSLSocketFactory {
private static final String TAG = "SSLCustomSocketFactory";
private static final String KEY_PASS = "123456";
public SSLCustomSocketFactory(KeyStore trustStore) throws Throwable {
super(trustStore);
		}
public static SSLCustomSocketFactory getSocketFactory(Context context) {
InputStream ins = null;
			KeyStore trustStore;
try {
				ins = context.getResources().openRawResource(R.raw.srca);
				trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
				trustStore.load(null);
CertificateFactory certificateFactory = CertificateFactory
						.getInstance("X.509");
String certificateAlias = Integer.toString(2);
				trustStore.setCertificateEntry(certificateAlias,
						certificateFactory.generateCertificate(ins));
				ins.close();
SSLCustomSocketFactory factory = new SSLCustomSocketFactory(
						trustStore);
return factory;
			} catch (KeyStoreException e) {
				e.printStackTrace();
			} catch (IOException e) {
				e.printStackTrace();
			} catch (CertificateException e) {
				e.printStackTrace();
			} catch (NoSuchAlgorithmException e) {
				e.printStackTrace();
			} catch (Throwable e) {
				e.printStackTrace();
			}finally{
if(ins!=null){
try {
						ins.close();
					} catch (IOException e) {
						e.printStackTrace();
					}
				}
			}
return null;
		}
	}

不論是瀏覽器導出，還是服務器端獲得，都是公鑰證書，有兩種格式：純文本的.crt格式或是二進制的.cer格式。兩種都可以用。

然後，你如果需要一個特定版本的JCE Provider，然後在這個目錄下運行以下命令： keytool -importcert -v -trustcacerts -alias cert12306 -file srca.cer -keystore cert12306.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk15on-148.jarr -storepass 123456

生成cert12306.bks文件導入應用中


public static void GetNetWork3(Context context) {
try {
String path = "https://kyfw.12306.cn/otn/";
BasicHttpParams params = new BasicHttpParams();
			HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
			HttpProtocolParams.setContentCharset(params,
					HTTP.DEFAULT_CONTENT_CHARSET);
			HttpProtocolParams.setUseExpectContinue(params, true);
			SSLSocketFactory.getSocketFactory().setHostnameVerifier(
new AllowAllHostnameVerifier());
SchemeRegistry schReg = new SchemeRegistry();
			schReg.register(new Scheme("http", PlainSocketFactory
					.getSocketFactory(), 80));
			schReg.register(new Scheme("https", SSLCustomSocketFactory2
					.getSocketFactory(context), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(
					params, schReg);
DefaultHttpClient client = new DefaultHttpClient(connMgr, params);
HttpGet request = new HttpGet(path);
HttpResponse httpResponse = client.execute(request);
int responseCode = httpResponse.getStatusLine().getStatusCode();
String message = httpResponse.getStatusLine().getReasonPhrase();
HttpEntity entity = httpResponse.getEntity();
if (responseCode == 200 && entity != null) {
				Log.e("log", entity.toString());
			}
		} catch (MalformedURLException e) {
			e.printStackTrace();
		} catch (ClientProtocolException e) {
			e.printStackTrace();
		} catch (IOException e) {
			e.printStackTrace();
		}
	}
public static class SSLCustomSocketFactory2 extends SSLSocketFactory {
private static final String TAG = "SSLCustomSocketFactory";
private static final String KEY_PASS = "123456";
public SSLCustomSocketFactory2(KeyStore trustStore) throws Throwable {
super(trustStore);
		}
public static SSLCustomSocketFactory2 getSocketFactory(Context context) {
InputStream ins = null;
			KeyStore trustStore;
try {
				ins = context.getResources().openRawResource(R.raw.cert12306);
				trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
				trustStore.load(ins, KEY_PASS.toCharArray());
SSLCustomSocketFactory2 factory = new SSLCustomSocketFactory2(
						trustStore);
return factory;
			} catch (KeyStoreException e) {
				e.printStackTrace();
			} catch (IOException e) {
				e.printStackTrace();
			} catch (CertificateException e) {
				e.printStackTrace();
			} catch (NoSuchAlgorithmException e) {
				e.printStackTrace();
			} catch (Throwable e) {
				e.printStackTrace();
			}finally{
if(ins!=null){
try {
						ins.close();
					} catch (IOException e) {
						e.printStackTrace();
					}
				}
			}
return null;
		}
	}

愛分享技術的小文博客

愛分享技術的小文博客

博客 / 詳情

HTTPS和HTTP的區別及自定義證書使用教程

發佈評論

Product

Company

Support

Company

博客 / 詳情

HTTPS和HTTP的區別及自定義證書使用教程

發佈 評論

發佈評論