Android平台实现与服务器安全数据传输.pdf

Android 平台与实现服务器安全数据传输Android 上实现 SSL 通讯，实现服务器和客户端之间基于数字证书的Socket 交互Android 的私钥和信任证书的格式必须是BKS 格式的，通过配置本地 JDK，让 keytool 可以生成 BKS 格式的私钥和信任证书,java本身没有 BouncyCastle密库服务端：Java 代码1.publicclass SSLServer 2.3.privatestaticfinalint SERVER_PORT=50030;4.privatestaticfinal String SERVER_KEY_PASSWORD=123456;5.privatestaticfinal String SERVER_AGREEMENT=TLS;/使用协议6.privatestaticfinal String SERVER_KEY_MANAGER=SunX509;/密钥管理器7.privatestaticfinal String SERVER_KEY_KEYSTORE=JKS;/密库，这里用的是Java 自带密库8.privatestaticfinal String SERVER_KEYSTORE_PATH=src/data/kserver.keystore;/密库路径9.private SSLServerSocket serverSocket;10.11.publicstaticvoid main(String args)12.SSLServer server=new SSLServer();13.server.init();14.server.start();15.16.17./由于该程序不是演示Socket监听，所以简单采用单线程形式，并且仅仅接受客户端的消息，并且返回客户端指定消息18.publicvoid start()19.if (serverSocket=null)20.System.out.println(ERROR);21.return;22.23.while (true)24.try 25.System.out.println(Server Side.);26.Socket s=serverSocket.accept();27.InputStream input=s.getInputStream();本文由 http:/www.5i-收集整理28.29.OutputStream output=s.getOutputStream();30.31.BufferedInputStream bis=new BufferedInputStream(input);32.BufferedOutputStream bos=new BufferedOutputStream(output);33.34.byte buffer=new byte 20;35.bis.read(buffer);36.System.out.println(new String(buffer);37.38.bos.write(This is Server.getBytes();39.bos.flush();40.41.s.close();42.catch (Exception e)43.System.out.println(e);44.45.46.47.48.publicvoid init()49.try 50./取得 SSLContext51.SSLContext ctx=SSLContext.getInstance(SERVER_AGREEMENT);52./取得 SunX509 私钥管理器53.KeyManagerFactory kmf=KeyManagerFactory.getInstance(SERVER_KEY_MANAGER);54./取得 JKS密库实例55.KeyStore ks=KeyStore.getInstance(SERVER_KEY_KEYSTORE);56./加载服务端私钥57.ks.load(new FileInputStream(SERVER_KEYSTORE_PATH),SERVER_KEY_PASSWORD.toCharArray();58./初始化59.kmf.init(ks,SERVER_KEY_PASSWORD.toCharArray();60./初始化 SSLContext61.ctx.init(kmf.getKeyManagers(),null,null);62./通过 SSLContext取得 ServerSocketFactory，创建ServerSocket63.serverSocket=(SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(SERVER_PORT);本文由 http:/www.5i-收集整理64.catch (Exception e)65.System.out.println(e);66.67.68.客户端：Java 代码1.publicclass MySSLSocket extends Activity 2.privatestaticfinalint SERVER_PORT=50030;/端口号3.privatestaticfinal String SERVER_IP=www.5i-;/连接 IP4.privatestaticfinal String CLIENT_KET_PASSWORD=123456;/私钥密码5.privatestaticfinal String CLIENT_TRUST_PASSWORD=123456;/信任证书密码6.privatestaticfinal String CLIENT_AGREEMENT=TLS;/使用协议7.privatestaticfinal String CLIENT_KEY_MANAGER=X509;/密钥管理器8.privatestaticfinal String CLIENT_TRUST_MANAGER=X509;/9.privatestaticfinal String CLIENT_KEY_KEYSTORE=BKS;/密库，这里用的是BouncyCastle密库10.privatestaticfinal String CLIENT_TRUST_KEYSTORE=BKS;/11.privatestaticfinal String ENCONDING=utf-8;/字符集12.private SSLSocket Client_sslSocket;13.private Log tag;14.private TextView tv;15.private Button btn;16.private Button btn2;17.private Button btn3;18.private EditText et;19.20./*Called when the activity is first created.*/21.Override22.publicvoid onCreate(Bundle savedInstanceState)23.super.onCreate(savedInstanceState);24.setContentView(R.layout.main);25.tv=(TextView)findViewById(R.id.TextView01);26.et=(EditText)findViewById(R.id.EditText01);本文由 http:/www.5i-收集整理27.btn=(Button)findViewById(R.id.Button01);28.btn2=(Button)findViewById(R.id.Button02);29.btn3=(Button)findViewById(R.id.Button03);30.31.btn.setOnClickListener(new Button.OnClickListener()32.Override33.publicvoid onClick(View arg0)34.if(null!=Client_sslSocket)35.getOut(Client_sslSocket,et.getText().toString();36.getIn(Client_sslSocket);37.et.setText();38.39.40.);41.btn2.setOnClickListener(new Button.OnClickListener()42.Override43.publicvoid onClick(View arg0)44.try 45.Client_sslSocket.close();46.Client_sslSocket=null;47.catch (IOException e)48.e.printStackTrace();49.50.51.);52.btn3.setOnClickListener(new View.OnClickListener()53.Override54.publicvoid onClick(View arg0)55.init();56.getIn(Client_sslSocket);57.58.);59.60.61.publicvoid init()62.try 63./取得 SSL的 SSLContext实例64.SSLContext sslContext=SSLContext.getInstance(CLIENT_AGREEMENT);65./取得 KeyManagerFactory和 TrustManagerFactory的X509 密钥管理器实例本文由 http:/www.5i-收集整理66.KeyManagerFactory keyManager=KeyManagerFactory.getInstance(CLIENT_KEY_MANAGER);67.TrustManagerFactory trustManager=TrustManagerFactory.getInstance(CLIENT_TRUST_MANAGER);68./取得 BKS密库实例69.KeyStore kks=KeyStore.getInstance(CLIENT_KEY_KEYSTORE);70.KeyStore tks=KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);71./加客户端载证书和私钥,通过读取资源文件的方式读取密钥和信任证书72.kks.load(getBaseContext()73.getResources()74.openRawResource(R.drawable.kclient),CLIENT_KET_PASSWORD.toCharArray();75.tks.load(getBaseContext()76.getResources()77.openRawResource(R.drawable.lt_client),CLIENT_TRUST_PASSWORD.toCharArray();78./初始化密钥管理器79.keyManager.init(kks,CLIENT_KET_PASSWORD.toCharArray();80.trustManager.init(tks);81./初始化 SSLContext82.sslContext.init(keyManager.getKeyManagers(),trustManager.getTrustManagers(),null);83./生成 SSLSocket84.Client_sslSocket=(SSLSocket)sslContext.getSocketFactory().createSocket(SERVER_IP,SERVER_PORT);85.catch (Exception e)86.tag.e(MySSLSocket,e.getMessage();87.88.89.90.publicvoid getOut(SSLSocket socket,String message)91.PrintWriter out;92.try 93.out=new PrintWriter(94.new BufferedWriter(95.new OutputStreamWriter(96.socket.getOutputStream()97.)98.),true);99.out.println(message);本文由 http:/www.5i-收集整理100.catch (IOException e)101.e.printStackTrace();102.103.104.105.publicvoid getIn(SSLSocket socket)106.BufferedReader in=null;107.String str=null;108.try 109.in=new BufferedReader(110.new InputStreamReader(111.socket.getInputStream();112.str=new String(in.readLine().getBytes(),ENCONDING);113.catch (UnsupportedEncodingException e)114.e.printStackTrace();115.catch (IOException e)116.e.printStackTrace();117.118.new AlertDialog 119.Builder(MySSLSocket.this)120.setTitle(服务器消息 )121.setNegativeButton(确定,null)122.setIcon(android.R.drawable.ic_menu_agenda)123.setMessage(str)124.show();125.126.