我正在检查一个建立ssl连接的Android代码。函数createSSLSocketFactory有问题。它加载一个密钥库。我不知道ssl连接是否用于信任服务器证书或发送客户端证书。
请帮我检查一下,并给我一些解释。
这里的代码:
private DefaultHttpClient createHttpClient() {
DefaultHttpClient ret = new DefaultHttpClient(){
/* (non-Javadoc)
* @see org.apache.http.impl.client.DefaultHttpClient#createClientConnectionManager()
*/
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
try {
URI uri;
uri = new URI(getURI());
if (Http.SCHEME_HTTP.equals(uri.getScheme())) {
registry.register(new Scheme(Http.SCHEME_HTTP, PlainSocketFactory.getSocketFactory(), 80));
} else if (Http.SCHEME_HTTPS.equals(uri.getScheme())) {
registry.register(new Scheme(Http.SCHEME_HTTPS, createSSLSocketFactory(), 443));
}
} catch (URISyntaxException e) {
LogUtils.e(e.getMessage(), e);
}
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory createSSLSocketFactory() {
final Resources resources = mContext.getResources();
final InputStream in = resources.openRawResource(R.raw.ippaps);
ApplicationManeger apm = ApplicationManeger.getInstance();
final char[] passwdchars = apm.getProperty(
PropertiesConstants.SSL_PASSWORD).toCharArray();
SSLSocketFactory socketFactory = null;
try {
KeyStore keyStore = KeyStore.getInstance("BKS");
try {
keyStore.load(in, passwdchars);
} finally {
in.close();
}
socketFactory = new SSLSocketFactory(keyStore);
socketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
} catch (Exception e) {
LogUtils.d(e.getMessage(), e);
}
return socketFactory;
}
};
return ret;
}
谢谢!!!
即使android javadoc不是很清楚,当使用单个KeyStore类型参数创建SSLSocketFactory时,该密钥库也被用作信任存储。这意味着密钥库将用于对服务器证书进行身份验证,但如果服务器需要客户端身份验证,则连接将失败。