Android Volley 支持 SSL 吗?
Does Android Volley support SSL?
有谁知道 Android 中的 Volley 是否支持 SSl?
有什么方法可以通过 Volley 支持 SSL 吗?
当然可以。
Android Volley 是一个库,您可以使用它通过 http 轻松高效地管理网络操作。底层是否使用 SSL(即 https)完全无关。
换句话说:Volley 框架 TCP 层不可知 并且 SSL 只影响 TCP 层。
您可以参考我的工作示例代码。希望这对您有所帮助!
public class MainActivity extends AppCompatActivity {
private TextView mTextView;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
mTextView = (TextView) findViewById(R.id.textView);
String url = "https://192.168.1.100/testvolley";
HurlStack hurlStack = new HurlStack() {
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
try {
httpsURLConnection.setSSLSocketFactory(getSSLSocketFactory());
httpsURLConnection.setHostnameVerifier(getHostnameVerifier());
} catch (Exception e) {
e.printStackTrace();
}
return httpsURLConnection;
}
};
final JsonObjectRequest jsonObjectRequest = new JsonObjectRequest(Request.Method.GET, url, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
try {
mTextView.setText(response.toString(5));
} catch (JSONException e) {
mTextView.setText(e.toString());
}
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
mTextView.setText(error.toString());
}
});
final RequestQueue requestQueue = Volley.newRequestQueue(this, hurlStack);
requestQueue.add(jsonObjectRequest);
}
// Let's assume your server app is hosting inside a server machine
// which has a server certificate in which "Issued to" is "localhost",for example.
// Then, inside verify method you can verify "localhost".
// If not, you can temporarily return true
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//return true; // verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("localhost", session);
}
};
}
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
private SSLSocketFactory getSSLSocketFactory()
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.my_cert); // this cert file stored in \app\src\main\res\raw folder path
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
return sslContext.getSocketFactory();
}
}
IMO,您还应该在 Google's Documentation - Security with HTTPS and SSL
阅读更多内容
我想进一步查看@BNK 的回答。
建议
requestQueue = Volley.newRequestQueue(getApplicationContext(), new HurlStack(null, getSSLSocketFactory()));
就够了。
不知道为什么,按照@BNK 扩展 createConnection 的回答,Volley 创建了大约 5 个连接以供重用,这些连接由 netstat 命令观察到
通过仅将 getSSLSocketFactory() 作为 new HurlStack() 参数传递,减少了 Volley 打开的连接。
是的,我已经使用 Volley 实现了 SSL Pinning。我还将证书用作字符串和 .cer 文件。请按照我的步骤。
您需要创建 VolleySingleton class。
import android.content.Context;
import android.os.Build;
import androidx.annotation.RequiresApi;
import com.android.volley.Request;
import com.android.volley.RequestQueue;
import com.android.volley.toolbox.Volley;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class VolleySingleton {
private static VolleySingleton volleySingleton;
private RequestQueue requestQueue;
private static Context mctx;
private VolleySingleton(Context context){
this.mctx=context;
this.requestQueue=getRequestQueue();
}
public RequestQueue getRequestQueue(){
if (requestQueue==null){
requestQueue= Volley.newRequestQueue(mctx.getApplicationContext());
}
return requestQueue;
}
public static synchronized VolleySingleton getInstance(Context context){
if (volleySingleton==null){
volleySingleton=new VolleySingleton(context);
}
return volleySingleton;
}
public<T> void addToRequestQue(Request<T> request){
requestQueue.add(request);
}
public HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//return true;
// verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("Enter your host url", session);
}
};
}
@RequiresApi(api = Build.VERSION_CODES.O)
public SSLSocketFactory getGlobalSSlFactory() {
try {
//Use the certificate from raw folder...use below line
InputStream inputStream=mctx.getResources().openRawResource(R.raw.test);
//Use the certificate as a String.. I've done the conversion here for String
String certificate= "Paste your certificate as string";
byte encodedCert[] = Base64.getDecoder().decode(certificate);
ByteArrayInputStream inputStream = new ByteArrayInputStream(encodedCert);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(inputStream);
inputStream.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "xxxxxxx".toCharArray());
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
@RequiresApi(api = Build.VERSION_CODES.O)
public static X509Certificate convertToX509Cert(String certificateString) throws CertificateException {
X509Certificate certificate = null;
CertificateFactory cf = null;
try {
if (certificateString != null && !certificateString.trim().isEmpty()) {
certificateString = certificateString.replace("-----BEGIN CERTIFICATE-----\n", "")
.replace("-----END CERTIFICATE-----", ""); // NEED FOR PEM FORMAT CERT STRING
byte[] certificateData = Base64.getDecoder().decode(certificateString);
cf = CertificateFactory.getInstance("X509");
certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateData));
}
} catch (CertificateException e) {
throw new CertificateException(e);
}
return certificate;
}
现在您可以调用 API 并像这样验证 SSL 主机验证程序和证书。
HurlStack hurlStack = new HurlStack() {
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
try {
httpsURLConnection.setSSLSocketFactory(VolleySingleton.getInstance(getApplicationContext()).getGlobalSSlFactory());
httpsURLConnection.setHostnameVerifier(VolleySingleton.getInstance(getApplicationContext()).getHostnameVerifier());
Log.i("SSL","SUCCESS");
} catch (Exception e) {
e.printStackTrace();
}
return httpsURLConnection;
}
};
JsonObjectRequest request = new JsonObjectRequest(Request.Method.GET,"URL", null,new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
Log.i("onResponse", response.toString());
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.e("onErrorResponse", error.toString());
}
});
final RequestQueue requestQueue = Volley.newRequestQueue(this, hurlStack);
requestQueue.add(request);
您可以在生产模式下使用它。快乐编码..请点赞。如果有效。 :)
有谁知道 Android 中的 Volley 是否支持 SSl? 有什么方法可以通过 Volley 支持 SSL 吗?
当然可以。
Android Volley 是一个库,您可以使用它通过 http 轻松高效地管理网络操作。底层是否使用 SSL(即 https)完全无关。
换句话说:Volley 框架 TCP 层不可知 并且 SSL 只影响 TCP 层。
您可以参考我的工作示例代码。希望这对您有所帮助!
public class MainActivity extends AppCompatActivity {
private TextView mTextView;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
mTextView = (TextView) findViewById(R.id.textView);
String url = "https://192.168.1.100/testvolley";
HurlStack hurlStack = new HurlStack() {
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
try {
httpsURLConnection.setSSLSocketFactory(getSSLSocketFactory());
httpsURLConnection.setHostnameVerifier(getHostnameVerifier());
} catch (Exception e) {
e.printStackTrace();
}
return httpsURLConnection;
}
};
final JsonObjectRequest jsonObjectRequest = new JsonObjectRequest(Request.Method.GET, url, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
try {
mTextView.setText(response.toString(5));
} catch (JSONException e) {
mTextView.setText(e.toString());
}
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
mTextView.setText(error.toString());
}
});
final RequestQueue requestQueue = Volley.newRequestQueue(this, hurlStack);
requestQueue.add(jsonObjectRequest);
}
// Let's assume your server app is hosting inside a server machine
// which has a server certificate in which "Issued to" is "localhost",for example.
// Then, inside verify method you can verify "localhost".
// If not, you can temporarily return true
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//return true; // verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("localhost", session);
}
};
}
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
private SSLSocketFactory getSSLSocketFactory()
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.my_cert); // this cert file stored in \app\src\main\res\raw folder path
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
return sslContext.getSocketFactory();
}
}
IMO,您还应该在 Google's Documentation - Security with HTTPS and SSL
阅读更多内容我想进一步查看@BNK 的回答。 建议
requestQueue = Volley.newRequestQueue(getApplicationContext(), new HurlStack(null, getSSLSocketFactory()));
就够了。
不知道为什么,按照@BNK 扩展 createConnection 的回答,Volley 创建了大约 5 个连接以供重用,这些连接由 netstat 命令观察到
通过仅将 getSSLSocketFactory() 作为 new HurlStack() 参数传递,减少了 Volley 打开的连接。
是的,我已经使用 Volley 实现了 SSL Pinning。我还将证书用作字符串和 .cer 文件。请按照我的步骤。
您需要创建 VolleySingleton class。
import android.content.Context;
import android.os.Build;
import androidx.annotation.RequiresApi;
import com.android.volley.Request;
import com.android.volley.RequestQueue;
import com.android.volley.toolbox.Volley;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class VolleySingleton {
private static VolleySingleton volleySingleton;
private RequestQueue requestQueue;
private static Context mctx;
private VolleySingleton(Context context){
this.mctx=context;
this.requestQueue=getRequestQueue();
}
public RequestQueue getRequestQueue(){
if (requestQueue==null){
requestQueue= Volley.newRequestQueue(mctx.getApplicationContext());
}
return requestQueue;
}
public static synchronized VolleySingleton getInstance(Context context){
if (volleySingleton==null){
volleySingleton=new VolleySingleton(context);
}
return volleySingleton;
}
public<T> void addToRequestQue(Request<T> request){
requestQueue.add(request);
}
public HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//return true;
// verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
return hv.verify("Enter your host url", session);
}
};
}
@RequiresApi(api = Build.VERSION_CODES.O)
public SSLSocketFactory getGlobalSSlFactory() {
try {
//Use the certificate from raw folder...use below line
InputStream inputStream=mctx.getResources().openRawResource(R.raw.test);
//Use the certificate as a String.. I've done the conversion here for String
String certificate= "Paste your certificate as string";
byte encodedCert[] = Base64.getDecoder().decode(certificate);
ByteArrayInputStream inputStream = new ByteArrayInputStream(encodedCert);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(inputStream);
inputStream.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "xxxxxxx".toCharArray());
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
@RequiresApi(api = Build.VERSION_CODES.O)
public static X509Certificate convertToX509Cert(String certificateString) throws CertificateException {
X509Certificate certificate = null;
CertificateFactory cf = null;
try {
if (certificateString != null && !certificateString.trim().isEmpty()) {
certificateString = certificateString.replace("-----BEGIN CERTIFICATE-----\n", "")
.replace("-----END CERTIFICATE-----", ""); // NEED FOR PEM FORMAT CERT STRING
byte[] certificateData = Base64.getDecoder().decode(certificateString);
cf = CertificateFactory.getInstance("X509");
certificate = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(certificateData));
}
} catch (CertificateException e) {
throw new CertificateException(e);
}
return certificate;
}
现在您可以调用 API 并像这样验证 SSL 主机验证程序和证书。
HurlStack hurlStack = new HurlStack() {
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
try {
httpsURLConnection.setSSLSocketFactory(VolleySingleton.getInstance(getApplicationContext()).getGlobalSSlFactory());
httpsURLConnection.setHostnameVerifier(VolleySingleton.getInstance(getApplicationContext()).getHostnameVerifier());
Log.i("SSL","SUCCESS");
} catch (Exception e) {
e.printStackTrace();
}
return httpsURLConnection;
}
};
JsonObjectRequest request = new JsonObjectRequest(Request.Method.GET,"URL", null,new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
Log.i("onResponse", response.toString());
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
Log.e("onErrorResponse", error.toString());
}
});
final RequestQueue requestQueue = Volley.newRequestQueue(this, hurlStack);
requestQueue.add(request);
您可以在生产模式下使用它。快乐编码..请点赞。如果有效。 :)