我遵循的详细分步说明实现了这一目标

从http://repo2.maven.org/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.46/bcprov-ext-jdk15on-1.46.jar下载bouncycastle JAR 或从“ doc”文件夹中获取。

使用以下方法之一为PC配置BouncyCastle。

静态添加BC提供程序(推荐)

将bcprov-ext-jdk15on-1.46.jar复制到每个

D：\ tools \ jdk1.5.0_09 \ jre \ lib \ ext(JDK(捆绑的JRE)

D：\ tools \ jre1.5.0_09 \ lib \ ext(JRE)

C：\(在env变量中使用的位置)

修改下的java.security文件

D：\ tools \ jdk1.5.0_09 \ jre \ lib \ security

D：\ tools \ jre1.5.0_09 \ lib \ security

并添加以下条目

security.provider.7 = org.bouncycastle.jce.provider.BouncyCastleProvider

在“用户变量”部分中添加以下环境变量

CLASSPATH =％CLASSPATH％; c：\ bcprov-ext-jdk15on-1.46.jar

将bcprov-ext-jdk15on-1.46.jar添加到项目的CLASSPATH中，并在代码中添加以下行

Security.addProvider(new BouncyCastleProvider());

使用Bouncy Castle生成密钥库

运行以下命令

keytool -genkey -alias myproject -keystore C：/myproject.keystore -storepass myproject -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

这将生成文件C：\ myproject.keystore

运行以下命令以检查其是否正确生成

keytool-列表-keystore C：\ myproject.keystore -storetype BKS

为TOMCAT配置BouncyCastle

打开D：\ tools \ apache-tomcat-6.0.35 \ conf \ server.xml并添加以下条目

这些更改后，请重新启动服务器。

为Android客户端配置BouncyCastle

无需进行配置，因为Android在提供的“ android.jar”中内部支持Bouncy Castle版本1.46。

只需实现您的HTTP客户端版本(可在下面找到MyHttpClient.java)并在代码中设置以下内容

SSLSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

如果您不这样做，则会出现如下异常

javax.net.ssl.SSLException：证书中的主机名不匹配：<192.168.104.66>！=

在生产模式下，将上面的代码更改为

SSLSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);

MyHttpClient.java

package com.arisglobal.aglite.network;

import java.io.InputStream;

import java.security.KeyStore;

import org.apache.http.conn.ClientConnectionManager;

import org.apache.http.conn.scheme.PlainSocketFactory;

import org.apache.http.conn.scheme.Scheme;

import org.apache.http.conn.scheme.SchemeRegistry;

import org.apache.http.conn.ssl.SSLSocketFactory;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.impl.conn.SingleClientConnManager;

import com.arisglobal.aglite.activity.R;

import android.content.Context;

public class MyHttpClient extends DefaultHttpClient {

final Context context;

public MyHttpClient(Context context) {

this.context = context;

}

@Override

protected ClientConnectionManager createClientConnectionManager() {

SchemeRegistry registry = new SchemeRegistry();

registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));

// Register for port 443 our SSLSocketFactory with our keystore to the ConnectionManager

registry.register(new Scheme("https", newSslSocketFactory(), 443));

return new SingleClientConnManager(getParams(), registry);

}

private SSLSocketFactory newSslSocketFactory() {

try {

// Get an instance of the Bouncy Castle KeyStore format

KeyStore trusted = KeyStore.getInstance("BKS");

// Get the raw resource, which contains the keystore with your trusted certificates (root and any intermediate certs)

InputStream in = context.getResources().openRawResource(R.raw.aglite);

try {

// Initialize the keystore with the provided trusted certificates.

// Also provide the password of the keystore

trusted.load(in, "aglite".toCharArray());

} finally {

in.close();

}

// Pass the keystore to the SSLSocketFactory. The factory is responsible for the verification of the server certificate.

SSLSocketFactory sf = new SSLSocketFactory(trusted);

// Hostname verification from certificate

// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506

sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

return sf;

} catch (Exception e) {

throw new AssertionError(e);

}

}

}

如何在Activity类中调用以上代码：

DefaultHttpClient client = new MyHttpClient(getApplicationContext());

HttpResponse response = client.execute(...);