如何在我的android studio應用程序中實現TLS V1.1和V1.2？

Question

我已經在我的主機上購買了SSL認證，但我不知道如何在我的java代碼端（使用Android Studio）實現。

這是我TLSSocketFactory.java（我從另一個頁面複製這個類，我把它放在我的Java代碼）

import java.io.IOException; 
import java.net.InetAddress; 
import java.net.Socket; 
import java.net.UnknownHostException; 
import java.security.KeyManagementException; 
import java.security.NoSuchAlgorithmException; 

import javax.net.ssl.SSLContext; 
import javax.net.ssl.SSLSocket; 
import javax.net.ssl.SSLSocketFactory; 

public class TLSSocketFactory extends SSLSocketFactory { 

private SSLSocketFactory internalSSLSocketFactory; 

public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException { 
    SSLContext context = SSLContext.getInstance("TLS"); 
    context.init(null, null, null); 
    internalSSLSocketFactory = context.getSocketFactory(); 
} 

@Override 
public String[] getDefaultCipherSuites() { 
    return internalSSLSocketFactory.getDefaultCipherSuites(); 
} 

@Override 
public String[] getSupportedCipherSuites() { 
    return internalSSLSocketFactory.getSupportedCipherSuites(); 
} 

@Override 
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { 
    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose)); 
} 

@Override 
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { 
    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); 
} 

@Override 
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { 
    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort)); 
} 

@Override 
public Socket createSocket(InetAddress host, int port) throws IOException { 
    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); 
} 

@Override 
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { 
    return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); 
} 

private Socket enableTLSOnSocket(Socket socket) { 
    if(socket != null && (socket instanceof SSLSocket)) { 
     ((SSLSocket)socket).setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"}); 
    } 
    return socket; 
} 
} 

這是我的方法使用get和post：

GET方法：

import org.json.JSONException; 
import org.json.JSONObject; 
import java.io.BufferedReader; 
import java.io.IOException; 
import java.io.InputStream; 
import java.io.InputStreamReader; 
import java.io.Reader; 
import java.net.URL; 
import java.nio.charset.Charset; 

public class JSONParser { 

public static JSONObject readJsonFromUrl(String url) throws IOException, JSONException { 
    InputStream is = new URL(url).openStream(); 
    try { 
     BufferedReader rd = new BufferedReader(new InputStreamReader(is, Charset.forName("UTF-8"))); 
     String jsonText = readAll(rd); 
     return new JSONObject(jsonText); 
    } finally { 
     is.close(); 
    } 
} 

private static String readAll(Reader rd) throws IOException { 
    StringBuilder sb = new StringBuilder(); 
    int cp; 
    while ((cp = rd.read()) != -1) { 
     sb.append((char) cp); 
    } 
    return sb.toString(); 
} 

} 

POT方法：

public String performPostCall(String requestURL, HashMap<String, String> postDataParams) { 

    URL url; 

    StringBuffer response = new StringBuffer(); 
    try { 
     url = new URL(requestURL); 

     HttpURLConnection conn = (HttpURLConnection) url.openConnection(); 
     conn.setReadTimeout(15000); 
     conn.setConnectTimeout(15000); 
     conn.setRequestMethod("POST"); 
     conn.setDoInput(true); 
     conn.setDoOutput(true); 


     OutputStream os = conn.getOutputStream(); 
     BufferedWriter writer = new BufferedWriter(
       new OutputStreamWriter(os, "UTF-8")); 
     writer.write(getPostDataString(postDataParams)); 

     writer.flush(); 
     writer.close(); 
     os.close(); 
     int responseCode=conn.getResponseCode(); 

     if (responseCode == HttpsURLConnection.HTTP_OK) { 
      String line; 
      BufferedReader br=new BufferedReader(new InputStreamReader(conn.getInputStream())); 

      while ((line=br.readLine()) != null) { 
       response.append(line); 
      } 
      br.close(); 
     } 
     else { 
      response.append(""); 
     } 
    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
    return response.toString(); 
} 
private String getPostDataString(HashMap<String, String> params) throws UnsupportedEncodingException { 
    StringBuilder result = new StringBuilder(); 
    boolean first = true; 
    for(Map.Entry<String, String> entry : params.entrySet()){ 
     if (first) 
      first = false; 
     else 
      result.append("&"); 

     result.append(URLEncoder.encode(entry.getKey(), "UTF-8")); 
     result.append("="); 
     result.append(URLEncoder.encode(entry.getValue(), "UTF-8")); 
    } 

    return result.toString(); 
} 

1.問題1：如何將我的TLSSocketFactory實例與我的POST和GET請求混合？對於我的noob問題抱歉。

2.問題2：我在我的網絡服務中做了些什麼？或者只是讓我的Web服務與證書是好的？

謝謝！

Answer 1

你並不需要一個TLSSocketFactory，Android使用Apache的百科全書HTTP客戶端來管理你的，看（Android - Sending HTTPS Get Request）

如果從有效的實體，這意味着該證書鏈是有效的購買憑證，你不應該有任何問題。

我建議你閱讀this

UPDATE我建議使用this library HTTP請求

Answer 2

如果您的網址以https://開始返回的連接是HttpsUrlConnection上，你可以連接到之前設置使用套接字工廠服務器：

TLSSocketFactory myTlsSocketFactory = new TLSSocketFactory(); 
... 
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); 
conn.setSSLSocketFactory(myTlsSocketFactory);