如何在Android客户端和Java服务器之间创建安全的SSL连接？(How to create a secure SSL connection between Android client and

如何在Android客户端和Java服务器之间创建安全的SSL连接？(How to create a secure SSL connection between Android client and Java server?)

我正在尝试在我的android客户端和java服务器之间创建一个安全的TCP / IP连接。到目前为止的密码学不是我的强项。我知道我必须使用Bouncy Castle的钥匙商，但我被困住了。

我需要创建一个可以与服务器和客户端一起使用的自签名证书。这就是我被困住的地方。

InputStream clientTruststoreIs = getResources().openRawResource(R.raw.bks); KeyStore trustStore = null; trustStore = KeyStore.getInstance("BKS"); trustStore.load(clientTruststoreIs, "123456".toCharArray()); InetAddress serverAddr = InetAddress.getByName(serverIpAddress); SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault(); sslSocket = (SSLSocket) sslsocketfactory.createSocket(serverAddr, 2222); inputStream = sslSocket.getInputStream(); Log.d("TEST", "\n1 input");

它连接正常，它显示服务器端的连接，但行inputStream = sslSocket.getInputStream()完全锁定/不返回。我不确定我是否正确设置了任何充气城堡，或者是否正确设置了服务器。请帮助，我在我的智慧结束....

编辑：我修改了服务器，以便它在连接时发送数据，但仍然没有，我更改了输入和输出流的顺序，然后锁定了我获取输出流的位置：

sslSocket = (SSLSocket) sslsocketfactory.createSocket(serverAddr, 9999); outputStream = sslSocket.getOutputStream(); Log.d("test", "--**--- created socket 2.0 outputsreams"); // does not reach here outputStreamWriter = new OutputStreamWriter(outputStream); bufferedWriter = new BufferedWriter(outputStreamWriter); inputStream = sslSocket.getInputStream(); inputStreamReader = new InputStreamReader(inputStream); bufferedReader = new BufferedReader(inputStreamReader); ... String line = bufferedReader.readLine(); // where I'd expect it to lock...

所以仍然没有运气，没有超时，没有例外，只是等待那里......

I'm trying to create a secure TCP/IP connection between my android client and java server. Cryptography by far is not my strong point. I know I have to use the Bouncy Castle keystores, but I'm stuck.

I need to create a self signed cert that I can use with the server and the client. This is where I'm stuck.

It connects fine, it shows the connection on the server side, however the line inputStream = sslSocket.getInputStream() is completely locking/not returning. I'm not sure if I did any of the bouncy castle set up properly, or if the server is properly set up. Please help, I'm at my wits' end....

Edit: I modified the server so that it sends data upon connection and still nothing, and I changed the order of where I get my input and output streams, and then it locked where I was getting the output stream:

So still no luck, no timeout, no exception, it just waits there...

最满意答案

我认为你的问题与此类似。 SSL套接字连接的工作流程相同：

但是，基础知识与此计划中的基本内容大致相同：

打开一个插座。

打开输入流并将输出流输出到套接字。

根据服务器的协议读取和写入流，在完成消息后在流上调用flush（）。

关闭溪流。

关闭插座。

所以你应该

首先通过从客户端写入服务器的OutputStream向您的服务器发送请求，在完成后flush 。然后，服务器将通过其InputStream接收消息，并可以返回写入其OutputStream，完成后再次刷新。使用InputStream从客户端读取响应，从1开始，直到完成为止。

最后，你应该关闭所有流。

在尝试在客户端读取响应之前先刷新并发送请求应该停止“挂起行为”。

编辑：您确定在服务器上使用SSLServerSocketFactory吗？看起来您正在尝试将SSLSocketFactory用于客户端和服务器。那不行。我用Google搜索了这个教程，它基本上类似于你的代码应该是什么样子。

I think your problem is similar to this. The same workflow holds for SSL socket connections:

However, the basics are much the same as they are in this program:

Open a socket.

Open an input stream and output stream to the socket.

Read from and write to the stream according to the server's protocol, call flush() on the stream when you are done with a message.

Close the streams.

Close the socket.

So you should

Send a request to your server first by writing to the server's OutputStream from the client side, flush when you're done. The server will then receive the message through its InputStream and can in return write to its OutputStream, again flushing when done. Read the response from the client side using the InputStream, start from 1. until you are done.

Finally, you should close all streams.

Flushing and sending a request first before trying to read a response on the client side should stop the "hanging behaviour".

Edit: Are you sure that you use SSLServerSocketFactory on the server? It looks like you are trying to use SSLSocketFactory both for client and server. That's not going to work. I googled this tutorial, that's basically similar to what your code should look like.

更多推荐