学步园

android开发可以用key连接https地址，但是没有key的时候也可以用如下的办法信任任何主机连接https地址：

一 HttpsURLConnection：

import java.security.SecureRandom; 
import java.security.cert.CertificateException; 
import java.security.cert.X509Certificate; 
 
import javax.net.ssl.HostnameVerifier; 
import javax.net.ssl.HttpsURLConnection; 
import javax.net.ssl.SSLContext; 
import javax.net.ssl.SSLSession; 
import javax.net.ssl.X509TrustManager; 
 
private void trustEveryone() { 
        try { 
                HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){ 
                        public boolean verify(String hostname, SSLSession session) { 
                                return true; 
                        }}); 
                SSLContext context = SSLContext.getInstance("TLS"); 
                context.init(null, new X509TrustManager[]{new X509TrustManager(){ 
                        public void checkClientTrusted(X509Certificate[] chain, 
                                        String authType) throws CertificateException {} 
                        public void checkServerTrusted(X509Certificate[] chain, 
                                        String authType) throws CertificateException {} 
                        public X509Certificate[] getAcceptedIssuers() { 
                                return new X509Certificate[0]; 
                        }}}, new SecureRandom()); 
                HttpsURLConnection.setDefaultSSLSocketFactory( 
                                context.getSocketFactory()); 
        } catch (Exception e) { // should never happen 
                e.printStackTrace(); 
        } 
} 

 二  DefaultHttpClient

在android中的SSLSocketFactory中有这样一个构造函数：

    /**
     * Constructs an HttpClient SSLSocketFactory backed by the given JSSE
     * SSLSocketFactory.
     *
     * @hide
     */
    public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) {
        super();
        this.sslcontext = null;
        this.socketfactory = socketfactory;
        this.nameResolver = null;
    }

但是是hide的。所以把SSLSocketFactory源码复制出来放开了了这个函数。命名为MySSLSocketFactory。如下可以构造一个MySSLSocketFactory：

	private MySSLSocketFactory newSslSocketFactory() {
		try {
			SSLContext context = SSLContext.getInstance("TLS");
			context.init(null, new X509TrustManager[] { new X509TrustManager() {
				public void checkClientTrusted(X509Certificate[] chain,
						String authType) throws CertificateException {
				}

				public void checkServerTrusted(X509Certificate[] chain,
						String authType) throws CertificateException {
				}

				public X509Certificate[] getAcceptedIssuers() {
					return new X509Certificate[0];
				}
			} }, new SecureRandom());

			// Pass the keystore to the SSLSocketFactory. The factory is
			// responsible
			// for the verification of the server certificate.
			MySSLSocketFactory sf = new MySSLSocketFactory(
					context.getSocketFactory());
			// Hostname verification from certificate
			// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
			sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
			return sf;
		} catch (Exception e) {
			throw new AssertionError(e);
		}
	}

这样也解决了在android中用DefaultHttpClient连接https的问题。