前:最近做基於XMPP協議的IM,服務端用的是OpenFire,客戶端用的Smack包,需要進行TLS加密服務端設置爲只支持TLS1.2,可是我開加密的時候客戶端總是TLS1,不知爲何,最終在stackoverflow找到答案:http://stackoverflow.com/questions/37815995/android-smack-ssl-tls-connection-to-xmpp-ejabberd-server-with-ca-certificate
我的代碼:
MySSLSocketFactory mySSLSocketFactory=null;
try {
KeyStore trustStore = KeyStore.getInstance("BKS");
mySSLSocketFactory = new MySSLSocketFactory(trustStore,服務器HOST);
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
userName=StringUtils.escapeJIDName(userName);
SmackConfiguration.setDefaultPacketReplyTimeout(30*1000);
DomainBareJid serviceName= null;
try {
serviceName = JidCreate.domainBareFrom(HttpUrl.getInstante().getEasyLifeHost());
} catch (XmppStringprepException e) {
e.printStackTrace();
}
mXmpptcpConnectionConfiguration=XMPPTCPConnectionConfiguration.builder()
.setServiceName(serviceName)
.setHost(HttpUrl.getInstante().getEasyLifeHost())
.setPort(5222)
// .setResource("Android")
.setUsernameAndPassword(userName, password)
.setSendPresence(isPresence)
.setDebuggerEnabled(true)
.setSecurityMode(SecurityMode.required)
.setCompressionEnabled(false)
.setConnectTimeout(30*1000)
.setCustomSSLContext(mySSLSocketFactory.getSSLContext())
.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})
.setEnabledSSLProtocols(new String[]{"TLSv1","TLSv1.1","TLSv1.2"})
.build();
import org.apache.http.conn.ssl.SSLSocketFactory;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class MySSLSocketFactory extends SSLSocketFactory {
private SSLContext sslContext = SSLContext.getInstance("TLS");
private String baseUrl;
public MySSLSocketFactory(KeyStore truststore,String url)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore);
baseUrl=url;
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
trustManagerFactory.init(truststore);
X509TrustManager trustManager=(X509TrustManager) trustManagerFactory.getTrustManagers()[0];
MyX509TrustManager myTrustManager = new MyX509TrustManager(trustManager);
sslContext.init(null, new TrustManager[]{myTrustManager}, null);
}
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
SSLSocket sslSocket= (SSLSocket) sslContext.getSocketFactory().createSocket(socket, host, port,
autoClose);
sslSocket.setEnabledProtocols(new String[]{"TLSv1","TLSv1.1","TLSv1.2"});
return sslSocket;
}
public Socket createSocket() throws IOException {
SSLSocket sslSocket=(SSLSocket) sslContext.getSocketFactory().createSocket();
sslSocket.setEnabledProtocols(new String[]{"TLSv1","TLSv1.1","TLSv1.2"});
return sslSocket;
}
public SSLContext getSSLContext(){
return sslContext;
}
public class MyX509TrustManager implements X509TrustManager {
private X509TrustManager tm;
public MyX509TrustManager(X509TrustManager tm) {
this.tm = tm;
}
public X509Certificate[] getAcceptedIssuers() {
throw new UnsupportedOperationException();
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
throw new UnsupportedOperationException();
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
}