下面列出了怎么用android.net.SSLCertificateSocketFactory的API类实例代码及写法,或者点击链接到github查看源代码。
@Override
public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException
{
InetAddress address = plainSocket.getInetAddress();
Log.i("!", "Address: " + address.getHostAddress());
if (autoClose)
{
plainSocket.close();
}
SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(address, port);
ssl.setEnabledProtocols(ssl.getSupportedProtocols());
SSLSession session = ssl.getSession();
Log.i("!", "Protocol " + session.getProtocol() + " PeerHost " + session.getPeerHost() +
" CipherSuite " + session.getCipherSuite());
return ssl;
}
@NotNull
public Socket createSocket(@Nullable Socket paramSocket, @Nullable String paramString, int paramInt, boolean paramBoolean) throws IOException {
if (paramSocket == null)
Intrinsics.throwNpe();
InetAddress inetAddress = paramSocket.getInetAddress();
Intrinsics.checkExpressionValueIsNotNull(inetAddress, "address");
Log.d("address", inetAddress.getHostAddress());
if (paramBoolean)
paramSocket.close();
SocketFactory socketFactory = SSLCertificateSocketFactory.getDefault(0);
if (socketFactory != null) {
Socket socket = socketFactory.createSocket(inetAddress, paramInt);
if (socket != null) {
((SSLSocket) socket).setEnabledProtocols(((SSLSocket) socket).getSupportedProtocols());
Log.i("X", "Setting SNI hostname");
SSLSession sSLSession = ((SSLSocket) socket).getSession();
StringBuilder stringBuilder = new StringBuilder();
stringBuilder.append("Established ");
Intrinsics.checkExpressionValueIsNotNull(sSLSession, "session");
stringBuilder.append(sSLSession.getProtocol());
stringBuilder.append(" connection with ");
stringBuilder.append(sSLSession.getPeerHost());
stringBuilder.append(" using ");
stringBuilder.append(sSLSession.getCipherSuite());
Log.d("X", stringBuilder.toString());
return socket;
}
throw new TypeCastException("null cannot be cast to non-null type javax.net.ssl.SSLSocket");
}
throw new TypeCastException("null cannot be cast to non-null type android.net.SSLCertificateSocketFactory");
}
public void startConnection() {
try {
String host = mWebSocketURI.getHost();
int port = mWebSocketURI.getPort();
if (port == -1) {
if (mWebSocketURI.getScheme().equals(WSS_URI_SCHEME)) {
port = 443;
} else {
port = 80;
}
}
SocketFactory factory = null;
if (mWebSocketURI.getScheme().equalsIgnoreCase(WSS_URI_SCHEME)) {
factory = SSLCertificateSocketFactory.getDefault();
} else {
factory = SocketFactory.getDefault();
}
// Do not replace host string with InetAddress or you lose automatic host name verification
this.mSocket = factory.createSocket(host, port);
} catch (IOException e) {
this.mFailureMessage = e.getLocalizedMessage();
}
synchronized (this) {
notifyAll();
}
}
@Override
public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose)
throws IOException {
String peerHost = this.conn.getRequestProperty("Host");
if (peerHost == null){
peerHost = host;
}
X5LogUtils.i("customized createSocket. host: " + peerHost);
InetAddress address = plainSocket.getInetAddress();
if (autoClose) {
// we don't need the plainSocket
plainSocket.close();
}
// create and connect SSL socket, but don't do hostname/certificate verification yet
SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory)
SSLCertificateSocketFactory.getDefault(0);
SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(address, port);
// enable TLSv1.1/1.2 if available
ssl.setEnabledProtocols(ssl.getSupportedProtocols());
// set up SNI before the handshake
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
X5LogUtils.i("Setting SNI hostname");
sslSocketFactory.setHostname(ssl, peerHost);
} else {
X5LogUtils.d("No documented SNI support on Android <4.2, trying with reflection");
try {
java.lang.reflect.Method setHostnameMethod =
ssl.getClass().getMethod("setHostname", String.class);
setHostnameMethod.invoke(ssl, peerHost);
} catch (Exception e) {
X5LogUtils.e("SNI not useable", e);
}
}
// verify hostname and certificate
SSLSession session = ssl.getSession();
if (!hostnameVerifier.verify(peerHost, session)){
throw new SSLPeerUnverifiedException("Cannot verify hostname: " + peerHost);
}
X5LogUtils.i("Established " + session.getProtocol() + " connection with " +
session.getPeerHost() + " using " + session.getCipherSuite());
return ssl;
}
@Override
public Socket createSocket (final Socket plainSocket, final String host, final int port, final boolean autoClose) throws IOException, UnknownHostException {
// we don't need the plainSocket
if (autoClose) plainSocket.close();
// create and connect SSL socket, but don't do hostname/certificate verification yet.
final SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);
sslSocketFactory.setTrustManagers(this.trustManager);
final SSLSocket sock = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port);
// Protocols...
final List<String> protocols = new ArrayList<String>();
for (final String protocol : sock.getSupportedProtocols()) {
if (!protocol.toUpperCase(Locale.ENGLISH).contains("SSL")) protocols.add(protocol);
}
sock.setEnabledProtocols(protocols.toArray(new String[0]));
// Ciphers...
final HashSet<String> ciphers = new HashSet<String>(ALLOWED_CIPHERS);
ciphers.retainAll(Arrays.asList(sock.getSupportedCipherSuites()));
ciphers.addAll(new HashSet<String>(Arrays.asList(sock.getEnabledCipherSuites()))); // All all already enabled ones for compatibility.
sock.setEnabledCipherSuites(ciphers.toArray(new String[0]));
// set up SNI before the handshake.
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
sslSocketFactory.setHostname(sock, host);
}
else { // This hack seems to work on my 4.0.4 tablet.
try {
final java.lang.reflect.Method setHostnameMethod = sock.getClass().getMethod("setHostname", String.class);
setHostnameMethod.invoke(sock, host);
}
catch (final Exception e) {
LOG.w("SNI not useable: %s", ExcpetionHelper.causeTrace(e));
}
}
// verify hostname and certificate.
final SSLSession session = sock.getSession();
if (!HOSTNAME_VERIFIER.verify(host, session)) throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host);
LOG.i("Connected %s %s %s.", session.getPeerHost(), session.getProtocol(), session.getCipherSuite());
return sock;
}
public AndroidInsecureSSLSocketFactory(KeyStore truststore, Context context) throws Exception {
super(truststore);
this.innerFactory = SSLCertificateSocketFactory.getInsecure(SSL_HANDSHAKE_TO,
new SSLSessionCache(context));
}