检查Android套接字连接使用的ssl证书

时间:2013-12-18 04:53:00

标签: android ssl keystore sslsocketfactory

我正在检查建立ssl连接的Android代码。 createSSLSocketFactory函数是个问题。它加载一个密钥库。我不知道ssl连接用于信任服务器证书或发送客户端证书。

请帮我查一下并给我一些解释。

这里是代码:

private DefaultHttpClient createHttpClient() {
        DefaultHttpClient ret = new DefaultHttpClient(){
            /* (non-Javadoc)
             * @see org.apache.http.impl.client.DefaultHttpClient#createClientConnectionManager()
             */
            @Override
            protected ClientConnectionManager createClientConnectionManager() {
                SchemeRegistry registry = new SchemeRegistry();
                try {
                    URI uri;
                    uri = new URI(getURI());
                    if (Http.SCHEME_HTTP.equals(uri.getScheme())) {
                        registry.register(new Scheme(Http.SCHEME_HTTP, PlainSocketFactory.getSocketFactory(), 80));
                    } else if (Http.SCHEME_HTTPS.equals(uri.getScheme())) {
                        registry.register(new Scheme(Http.SCHEME_HTTPS, createSSLSocketFactory(), 443));
                    }
                } catch (URISyntaxException e) {
                    LogUtils.e(e.getMessage(), e);
                }
                return new SingleClientConnManager(getParams(), registry);
            }
            private SSLSocketFactory createSSLSocketFactory() {

                final Resources resources = mContext.getResources();
                final InputStream in = resources.openRawResource(R.raw.ippaps);

                ApplicationManeger apm = ApplicationManeger.getInstance();
                final char[] passwdchars = apm.getProperty(
                        PropertiesConstants.SSL_PASSWORD).toCharArray();

                SSLSocketFactory socketFactory = null;
                try {
                    KeyStore keyStore = KeyStore.getInstance("BKS");
                    try {
                        keyStore.load(in, passwdchars);
                    } finally {
                        in.close();
                    }
                    socketFactory = new SSLSocketFactory(keyStore);
                    socketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
                } catch (Exception e) {
                    LogUtils.d(e.getMessage(), e);
                }
                return socketFactory;
            }
        };

        return ret;
    }

谢谢!!!

1 个答案:

答案 0 :(得分:0)

即使android javadoc不是很清楚,当使用单个SSLSocketFactory类型参数创建KeyStore时,此密钥库也会用作信任存储。这意味着密钥库将用于验证服务器证书,但如果服务器需要客户端身份验证,则连接将失败。