Android App客户端和服务器通信的SSL安全性

时间:2016-03-15 09:11:02

标签: android http ssl https

我在Linux上使用Apache服务器托管网站。

我的网站使用HTTPS(使用SSL保护)用于桌面应用程序(PC浏览器)。

我的网站有SSL安全性。我在浏览器中使用SSL和Https。

如何在Android应用中应用SSL安全性(针对来自Android应用和服务器的所有请求)?

现在我使用HTTP和JSON协议在android中使用HTTPClinet包在客户端和服务器之间进行通信。

2 个答案:

答案 0 :(得分:0)

您不必担心这一点。在构建网址时,只需使用" https://yoursite.com"而不是" http://yoursite.com"。

当您使用" https"时,Android库将负担建立SSL连接的负担。在您的网址中。

如果您已正确配置网站,那么您真的不必担心!

答案 1 :(得分:0)

您还有一种方法可以为我们的apis提供ssl证书,

public static void allowAllSSL() {

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });

javax.net.ssl.SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[] { new _FakeX509TrustManager() };
}
try {
context = javax.net.ssl.SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {

} catch (KeyManagementException e) {

}
HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
}

在拨打https电话之前请先拨打此电话。 示例:

 if (url.contains("https")) {
    allowAllSSL();
  HttpsURLConnection conn = null;
  URL url2 = new URL(url);
 conn = (HttpsURLConnection) url2.openConnection();
  conn.setReadTimeout(60000); // //milliseconds
 conn.setConnectTimeout(60000);
conn.setRequestMethod("GET");
conn.setDoInput(true);
conn.connect();
is = conn.getInputStream();
if (is != null) {
 result = convertStreamToString(is);
 System.out.println(url+"-----------------" + result);
 conn.disconnect();
}
} else {
HttpParams httpParameters = new BasicHttpParams();
int timeoutConnection = 30000;
HttpConnectionParams.setConnectionTimeout(httpParameters,
  timeoutConnection);
int timeoutSocket = 50000;
HttpConnectionParams
  .setSoTimeout(httpParameters, timeoutSocket);
DefaultHttpClient httpclient = new DefaultHttpClient(
  httpParameters);
HttpGet httpget = new HttpGet(urlnew);
httpget.setHeader("Accept", "application/json");
httpget.setHeader("Content-type", "application/json");
// httpget.setHeader("Authorization",
// "ApiKey "+TOKEN_PREF.getString("DEVICE_USER_NAME","NOTHING")+":"+TOKEN_PREF.getString("API_KEY","NOTHING"));
// httpget.setHeader("Authorization",
// "ApiKey testing_application:13ec21837c64890527713e8f4cd86e1a8dac646a");
HttpResponse response = (HttpResponse) httpclient
  .execute(httpget);
HttpEntity entity = response.getEntity();
if (entity != null) {
 InputStream instream = entity.getContent();
 result = convertStreamToString(instream);
 System.out.println(url+"-----------------" + result);
 instream.close();
}
}

谢谢

希望这会对你有所帮助。 :)

相关问题
最新问题