전자정부 모바일 하이브리드(DeviceAPI) 프레임워크에서 HTTPS(SSL)사용하기
* 공인인증된 인증서를 사용하는 WAS서버에서는 다음과정이 필요하지 않을수 있으니 참고하세요.
전자정부 모바일 3.5.1 에서 안드로이드로 테스트 해보았습니다. ^^
1. kr.go.egovframework.hyb.deviceinfoapp 패키지에 SSLConnect 클래스 파일을 생성한다.
package kr.go.egovframework.hyb.deviceinfoapp; import java.io.IOException; import java.net.MalformedURLException; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class SSLConnect { // always verify the host - dont check for certificate final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } };
final NullHostNameVerifier nullHostnameVerifier = new NullHostNameVerifier();
/** * Trust every server - don't check for any certificate */ private void trustAllHosts() { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } }};
// Install the all-trusting trust manager try { SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { e.printStackTrace(); } }
public HttpsURLConnection postHttps(String url, int connTimeout, int readTimeout) { trustAllHosts();
HttpsURLConnection https = null; try { https = (HttpsURLConnection) new URL(url).openConnection(); //https.setHostnameVerifier(DO_NOT_VERIFY); HttpsURLConnection.setDefaultHostnameVerifier(nullHostnameVerifier); https.setConnectTimeout(connTimeout); https.setReadTimeout(readTimeout); } catch (MalformedURLException e) { e.printStackTrace(); return null; } catch (IOException e) { e.printStackTrace(); return null; } return https; } } |
2. 호스트네임에 대한 밸리데이션을 하지 않도록 NullHostNameVerifier클래스를 추가한다.
package kr.go.egovframework.hyb.deviceinfoapp; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSession; import android.util.Log; public class NullHostNameVerifier implements HostnameVerifier { @Override public boolean verify(String hostname, SSLSession session) { Log.i("RestUtilImpl", "Approving certificate for " + hostname); return true; } } |
3. MainActivity.java 파일의 onCreate() 메소드에 다음을 추가한다.
|
public class MainActivity extends CordovaActivity
{ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); super.init();
// Set by <content src="index.html" /> in config.xml loadUrl(launchUrl); SSLConnect ssl = new SSLConnect(); ssl.postHttps("https://192.168.0.10:8443/",1000,1000); ...... |
3. MainActivity.java 파일의 onCreate() 메소드에 다음을 추가한다.
<?xml version="1.0" encoding="utf-8"?> <resources> <string name="SERVER_URL">https://192.168.0.10:8443/deviceWeb</string> </resources> |
서버에서 목록 잘 가져오네요. ^^
