谁知道Volley在Android中是否支持SSl ?有什么方法可以通过Volley支持SSL吗?
您可以参考我的工作示例代码。希望这对你有帮助!
public class MainActivity extends AppCompatActivity {
private TextView mTextView;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
mTextView = (TextView) findViewById(R.id.textView);
String url = "https://192.168.1.100/testvolley";
HurlStack hurlStack = new HurlStack() {
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
try {
httpsURLConnection.setSSLSocketFactory(getSSLSocketFactory());
httpsURLConnection.setHostnameVerifier(getHostnameVerifier());
} catch (Exception e) {
e.printStackTrace();
}
return httpsURLConnection;
}
};
final JsonObjectRequest jsonObjectRequest = new JsonObjectRequest(Request.Method.GET, url, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
try {
mTextView.setText(response.toString(5));
} catch (JSONException e) {
mTextView.setText(e.toString());
}
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
mTextView.setText(error.toString());
}
});
final RequestQueue requestQueue = Volley.newRequestQueue(this, hurlStack);
requestQueue.add(jsonObjectRequest);
}
// Let's assume your server app is hosting inside a server machine
// which has a server certificate in which "Issued to" is "localhost",for example.
// Then, inside verify method you can verify "localhost".
// If not, you can temporarily return true
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//return true; // verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("localhost", session);
}
};
}
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
private SSLSocketFactory getSSLSocketFactory()
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.my_cert); // this cert file stored in appsrcmainresraw folder path
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
return sslContext.getSocketFactory();
}
}
在我看来,你也应该阅读更多的谷歌文档-安全与HTTPS和SSL
当然可以。
Android Volley是一个库,你可以使用它来轻松有效地管理你的http网络操作。底层是否使用SSL(即https)是完全无关的。
换句话说:Volley框架与TCP层无关, SSL只影响TCP层。
我想进一步看看@BNK的回答。建议
requestQueue = Volley.newRequestQueue(getApplicationContext(), new HurlStack(null, getSSLSocketFactory()));
就足够了。不知道为什么,根据@BNK的回答,扩展createConnection
, Volley创建了大约5个连接用于重用,这是netstat
命令观察到的通过将getSSLSocketFactory()
作为new HurlStack()
参数,减少了Volley打开的连接。
是的,我已经实现了SSL绑定与Volley。我还使用证书作为字符串和.cer文件。请跟随我的脚步。
你需要创建VolleySingleton类
import android.content.Context;
import android.os.Build;
import androidx.annotation.RequiresApi;
import com.android.volley.Request;
import com.android.volley.RequestQueue;
import com.android.volley.toolbox.Volley;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class VolleySingleton {
private static VolleySingleton volleySingleton;
private RequestQueue requestQueue;
private static Context mctx;
private VolleySingleton(Context context){
this.mctx=context;
this.requestQueue=getRequestQueue();
}
public RequestQueue getRequestQueue(){
if (requestQueue==null){
requestQueue= Volley.newRequestQueue(mctx.getApplicationContext());
}
return requestQueue;
}
public static synchronized VolleySingleton getInstance(Context context){
if (volleySingleton==null){
volleySingleton=new VolleySingleton(context);
}
return volleySingleton;
}
public<T> void addToRequestQue(Request<T> request){
requestQueue.add(request);
}
public HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//return true;
// verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("Enter your host url", session);
}
};
}
@RequiresApi(api = Build.VERSION_CODES.O)
public SSLSocketFactory getGlobalSSlFactory() {
try {
//Use the certificate from raw folder...use below line
InputStream inputStream=mctx.getResources().openRawResource(R.raw.test);
//Use the certificate as a String.. I've done the conversion here for String
String certificate= "Paste your certificate as string";
byte encodedCert[] = Base64.getDecoder().decode(certificate);
ByteArrayInputStream inputStream = new ByteArrayInputStream(encodedCert);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(inputStream);
inputStream.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "xxxxxxx".toCharArray());
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
@RequiresApi(api = Build.VERSION_CODES.O)
public static X509Certificate convertToX509Cert(String certificateString) throws CertificateException {
X509Certificate certificate = null;
CertificateFactory cf = null;
try {
if (certificateString != null && !certificateString.trim().isEmpty()) {
certificateString = certificateString.replace("-----BEGIN CERTIFICATE-----n", "")
.replace("-----END CERTIFICATE-----", ""); // NEED FOR PEM FORMAT CERT STRING
byte[] certificateData = Base64.getDecoder().decode(certificateString);
cf = CertificateFactory.getInstance("X509");
certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateData));
}
} catch (CertificateException e) {
throw new CertificateException(e);
}
return certificate;
}
现在你可以调用你的API并像这样验证SSL主机验证器和证书。
HurlStack hurlStack = new HurlStack() {
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
try {
httpsURLConnection.setSSLSocketFactory(VolleySingleton.getInstance(getApplicationContext()).getGlobalSSlFactory());
httpsURLConnection.setHostnameVerifier(VolleySingleton.getInstance(getApplicationContext()).getHostnameVerifier());
Log.i("SSL","SUCCESS");
} catch (Exception e) {
e.printStackTrace();
}
return httpsURLConnection;
}
};
JsonObjectRequest request = new JsonObjectRequest(Request.Method.GET,"URL", null,new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
Log.i("onResponse", response.toString());
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.e("onErrorResponse", error.toString());
}
});
final RequestQueue requestQueue = Volley.newRequestQueue(this, hurlStack);
requestQueue.add(request);
可以在生产模式下使用。编码快乐. .请竖起大拇指。如果成功的话。:)