php大流量网站开发规范,全国妇联官方网站儿童之家建设,网站推广公司兴田德润官网多少,龙岗网站建设icxunhttps是加密的http协议#xff0c;通过不对称加密确认对称加密的密钥#xff0c;之后使用对称加密进行通信。通信流程#xff1a;客户端-服务端1. 请求服务器 并添加支持的 非对称加密算法 对称加密算法 hash算法----2. 服务器返回证书#xff0c;加密算法的种类#xff0…https是加密的http协议通过不对称加密确认对称加密的密钥之后使用对称加密进行通信。通信流程客户端-服务端1. 请求服务器 并添加支持的 非对称加密算法 对称加密算法 hash算法----2. 服务器返回证书加密算法的种类3.验证证书的真实性--4.生成后期通信的通信密码并使用证书中的公钥对通信密码进行加密--5. 将握手信息使用通信密码加密并使用hash算法进行计算。----6. 使用私钥进行加密获取通信密码。对握手信息使用私钥进行加密并通过hash比对通信秘密的正确性, hash握手信息使用通信密码进行加密7.使用通信密码进行解密握手信息同时计算hash确认双发的通信密钥是一样的。--8. 握手结束使用通信秘密进行加密--http 握手在TCP/IP协议中TCP协议提供可靠的连接服务采用三次握手建立一个连接。第一次握手建立连接时客户端发送syn包(synj)到服务器并进入SYN_SEND状态等待服务器确认第二次握手服务器收到syn包必须确认客户的SYN(ackj1)同时自己也发送一个SYN包(synk)即SYNACK包此时服务器进入SYN_RECV状态 第三次握手客户端收到服务器的SYNACK包向服务器发送确认包ACK(ackk1)此包发送完毕客户端和服务器进入ESTABLISHED状态完成三次握手。 完成三次握手客户端与服务器开始传送数据.http端口80 https 443tomcat 开启https生成证书 如果没有的话keytool -genkey -alias tomcat -keyalg RSA 在user目录下(mac).keystore 文件填写一些信息就可以了今天tomcat 的配置文件进行配置 server.xmlmaxThreads150 SSLEnabledtrue schemehttps securetrue keystoreFile${user.home}/.keystore keystorePass_密码_ clientAuthfalse sslProtocalTLS启动tomcat 进入https://localhost:8443 , 信任证书后看见tomcat就配置成功了。android UrlConnection 使用https把证书放在assets文件下打开应该是这样的-----BEGIN CERTIFICATE-----MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwHhcNMDMwMjI1MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwCo6h4T44m7veBrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3LafbbZYju0imlQLGMEVAtNDdiYICcBcKsapr2dxOi31Nv0moCkOj7iQueMVU4E1TghYIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5cL6zNwV25gbn3AgMBAAGjggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEGA1UdIwSBuTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMRQwEgYDVQQLEwtVVyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0ExJjAkBgkqhkiG9w0BCQEWF2hlbHBAY2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1UdEwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2NlcnRzLmNhYy53YXNoaW5ndG9uLmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNhYy53YXNoaW5ndG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmIJjT9bM5dBtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9RdW4GnNDAMV40wes8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4EskaIXSx0PywbyfIR1wWxMpr8gbCjAEUHNF/-----END CERTIFICATE----------BEGIN CERTIFICATE-----MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwHhcNMDMwMjI1MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwCo6h4T44m7veBrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3LafbbZYju0imlQLGMEVAtNDdiYICcBcKsapr2dxOi31Nv0moCkOj7iQueMVU4E1TghYIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5cL6zNwV25gbn3AgMBAAGjggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEGA1UdIwSBuTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMRQwEgYDVQQLEwtVVyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0ExJjAkBgkqhkiG9w0BCQEWF2hlbHBAY2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1UdEwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2NlcnRzLmNhYy53YXNoaW5ndG9uLmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNhYy53YXNoaW5ndG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmIJjT9bM5dBtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9RdW4GnNDAMV40wes8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4EskaIXSx0PywbyfIR1wWxMpr8gbCjAEUHNF/-----END CERTIFICATE-----官方的例子private void googleTest() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {// Load CAs from an InputStream// (could be from a resource or ByteArrayInputStream or ...)CertificateFactory cf CertificateFactory.getInstance(X.509);// From https://www.washington.edu/itconnect/security/ca/load-der.crt//载入证书InputStream caInput new BufferedInputStream(getAssets().open(uwca.crt));Certificate ca;try {ca cf.generateCertificate(caInput);System.out.println(ca ((X509Certificate) ca).getSubjectDN());} finally {caInput.close();}//添加我们都证书来认证// Create a KeyStore containing our trusted CAsString keyStoreType KeyStore.getDefaultType();KeyStore keyStore KeyStore.getInstance(keyStoreType);keyStore.load(null, null);keyStore.setCertificateEntry(ca, ca);// Create a TrustManager that trusts the CAs in our KeyStoreString tmfAlgorithm TrustManagerFactory.getDefaultAlgorithm();TrustManagerFactory tmf TrustManagerFactory.getInstance(tmfAlgorithm);tmf.init(keyStore);// Create an SSLContext that uses our TrustManagerSSLContext context SSLContext.getInstance(TLS);context.init(null, tmf.getTrustManagers(), null);// Tell the URLConnection to use a SocketFactory from our SSLContextURL url new URL(https://www.baidu.com/);HttpsURLConnection urlConnection (HttpsURLConnection) url.openConnection();urlConnection.setSSLSocketFactory(context.getSocketFactory());InputStream in urlConnection.getInputStream();// copyInputStreamToOutputStream(in, System.out);String str null;BufferedReader reader new BufferedReader(new InputStreamReader(in));while ((str reader.readLine()) ! null) {Log.i(Tag, 获取到的信息 str);}reader.close();in.close();}exceptionjavax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.证书没有通过验证,证书一定要和我们访问的链接匹配。官方教材
