Android Https通讯

https与http的通信，在我看来主要的区别在于https多了一个安全验证机制，而Android采用的是X509验证，首先我们需要这重写X509类，建立我们的验证规则、、不过对于特定的项目，我们一般都是无条件信任服务端的，因此我们可以对任何证书都无条件信任（其实本质上我们只是信任了特定url的证书，为了偷懒，才那么选择的）/**

 * 信任所有主机-对于任何证书都不做检查 */class MytmArray implements X509TrustManager {	public X509Certificate[] getAcceptedIssuers() {		// return null;		return new X509Certificate[] {};	}	@Override	public void checkClientTrusted(X509Certificate[] chain, String authType)			throws CertificateException {		// TODO Auto-generated method stub	}	@Override	public void checkServerTrusted(X509Certificate[] chain, String authType)			throws CertificateException {		// TODO Auto-generated method stub		// System.out.println("cert: " + chain[0].toString() + ", authType: "		// + authType);	}};

?好了，我们写好了信任规则，接下载就要创建一个主机的信任列表

static TrustManager[] xtmArray = new MytmArray[] { new MytmArray() };	/**	 * 信任所有主机-对于任何证书都不做检查	 */	private static void trustAllHosts() {		// Create a trust manager that does not validate certificate chains		// Android 采用X509的证书信息机制		// Install the all-trusting trust manager		try {			SSLContext sc = SSLContext.getInstance("TLS");			sc.init(null, xtmArray, new java.security.SecureRandom());			HttpsURLConnection					.setDefaultSSLSocketFactory(sc.getSocketFactory());			// HttpsURLConnection.setDefaultHostnameVerifier(DO_NOT_VERIFY);//			// 不进行主机名确认		} catch (Exception e) {			e.printStackTrace();		}	}	static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {		@Override		public boolean verify(String hostname, SSLSession session) {			// TODO Auto-generated method stub			// System.out.println("Warning: URL Host: " + hostname + " vs. "			// + session.getPeerHost());			return true;		}	};

?上面的都是https通信需要做的几个基本要求，接下载我们要做的就是https的使用啦下面就以get和post为例进行说明，中间还涉及到cookie的使用

String httpUrl＝"XXXXX"String result = "";		HttpURLConnection http = null;		URL url;		try {			url = new URL(httpUrl);			// 判断是http请求还是https请求			if (url.getProtocol().toLowerCase().equals("https")) {				trustAllHosts();				http = (HttpsURLConnection) url.openConnection();				((HttpsURLConnection) http).setHostnameVerifier(DO_NOT_VERIFY);// 不进行主机名确认			} else {				http = (HttpURLConnection) url.openConnection();			}			http.setConnectTimeout(10000);// 设置超时时间			http.setReadTimeout(50000);			http.setRequestMethod("GET");// 设置请求类型为			http.setDoInput(true);			http.setRequestProperty("Content-Type", "text/xml");//http.getResponseCode());http或https返回状态200还是403BufferedReader in = null;			if (obj.getHttpStatus() == 200) {				getCookie(http);				in = new BufferedReader(new InputStreamReader(						http.getInputStream()));			} else				in = new BufferedReader(new InputStreamReader(						http.getErrorStream()));			result = in.readLine();			Log.i("result", result);			in.close();			http.disconnect();

?https或http的get请求写好了，哦中间涉及到了一个getCookie的方法，如下：

/** 得到cookie */	private static void getCookie(HttpURLConnection http) {		String cookieVal = null;		String key = null;		DataDefine.mCookieStore = "";		for (int i = 1; (key = http.getHeaderFieldKey(i)) != null; i++) {			if (key.equalsIgnoreCase("set-cookie")) {				cookieVal = http.getHeaderField(i);				cookieVal = cookieVal.substring(0, cookieVal.indexOf(";"));				DataDefine.mCookieStore = DataDefine.mCookieStore + cookieVal						+ ";";			}		}	}

		String result = "";		Log.i("控制", httpUrl);		Query obj = new Query();		HttpURLConnection http = null;		URL url;		try {			url = new URL(httpUrl);			// 判断是http请求还是https请求			if (url.getProtocol().toLowerCase().equals("https")) {				trustAllHosts();				http = (HttpsURLConnection) url.openConnection();				((HttpsURLConnection) http).setHostnameVerifier(DO_NOT_VERIFY);// 不进行主机名确认			} else {				http = (HttpURLConnection) url.openConnection();			}			http.setConnectTimeout(10000);// 设置超时时间			http.setReadTimeout(50000);			http.setRequestMethod("POST");// 设置请求类型为post			http.setDoInput(true);			http.setDoOutput(true);			http.setRequestProperty("Content-Type", "text/xml");			http.setRequestProperty("Cookie", DataDefine.mCookieStore);			DataOutputStream out = new DataOutputStream(http.getOutputStream());			out.writeBytes(base64);			out.flush();			out.close();			obj.setHttpStatus(http.getResponseCode());// 设置http返回状态200还是403			BufferedReader in = null;			if (obj.getHttpStatus() == 200) {				getCookie(http);				in = new BufferedReader(new InputStreamReader(						http.getInputStream()));			} else				in = new BufferedReader(new InputStreamReader(						http.getErrorStream()));			result = in.readLine();// 得到返回结果			in.close();			http.disconnect();		} catch (Exception e) {			// TODO Auto-generated catch block			e.printStackTrace();		}}