建立HttpsConnection

1建立HttpConnection，这种连接比较简单，但是是不安全的，网上例子比较多，现在主要说说如果建立HttpsConnection，这种连接时通过SSL协议加密，相对更安全，一般使用这种连接传输用户名密码，等重要信息的，下面看代码：

public HttpsURLConnection getHttpsConnection(){
        try{
            TrustManager[] tm = { new MyX509TrustManager() };
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, tm, new java.security.SecureRandom());
            SSLSocketFactory ssf = sslContext.getSocketFactory();
            System.out.println(TAG+" getHttpsConnection serverUrl="+serverUrl);
            URL myURL = new URL(serverUrl);
            HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
            httpsConn.setSSLSocketFactory(ssf);
            httpsConn.setRequestProperty("accept", "*/*");
            httpsConn.setRequestProperty("connection", "Keep-Alive");
            httpsConn.setRequestMethod("POST");
            httpsConn.setDoOutput(true);
            httpsConn.setDoInput(true);
            httpsConn.connect();
            return httpsConn;
        }catch(Exception e){
            e.printStackTrace();
            return null;
        }
 
    }

在上面的代码中比较重要的是MyX509TrustManager这个类，这个类是安全的保障，可以是用默认的，但是一般我们都需要对证书进行自定义，因此需要继承下，下面看代码：

package login;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
 
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
 
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
 
public class MyX509TrustManager implements X509TrustManager {
    //private final String CER_NAME = "D:\\Apache_Software_Foundation\\Tomcat_6.0\\cas.keystore";
    private final String CER_NAME ="D:\\apache-tomcat-7.0.42\\cas.keystore";
    private final String CER_PASSWORD = "changeit";
    private final Log logger = LogFactory.getLog(getClass());
 
    /*
     * The default X509TrustManager returned by SunX509.  We'll delegate
     * decisions to it, and fall back to the logic in this class if the
     * default X509TrustManager doesn't trust it.
     */
    X509TrustManager sunJSSEX509TrustManager;
 
    MyX509TrustManager() throws Exception {
        // create a "default" JSSE X509TrustManager.
       KeyStore ks = KeyStore.getInstance("JKS");
       FileInputStream fis = new FileInputStream(CER_NAME);
       ks.load(fis,CER_PASSWORD.toCharArray());
       TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
       tmf.init(ks);
       TrustManager tms [] = tmf.getTrustManagers();
        for (int i = 0; i < tms.length; i++) {
            if (tms[i] instanceof X509TrustManager) {
                sunJSSEX509TrustManager = (X509TrustManager) tms[i];
                return;
            }
        }
        throw new Exception("liqingguo Couldn't initialize");
    }
 
    /*
     * Delegate to the default trust manager.
     */
    public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
        try {
            sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
        } catch (CertificateException excep) {
            // do any special handling here, or rethrow exception.
        }
    }
 
    /*
     * Delegate to the default trust manager.
     */
    public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException {
        try {
            sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
        } catch (CertificateException excep) {
            /*
             * Possibly pop up a dialog box asking whether to trust the
             * cert chain.
             */
        }
    }
 
    /*
     * Merely pass this through.
     */
    public X509Certificate[] getAcceptedIssuers() {
        return sunJSSEX509TrustManager.getAcceptedIssuers();
    }
}