5.13

一、HTTPS 配置与证书管理
在 Spring Boot 中配置 HTTPS：
java
// application.properties
server.port=8443
server.ssl.key-store=classpath:keystore.p12
server.ssl.key-store-password=your-password
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=tomcat
生成自签名证书：
bash
keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -storetype PKCS12 -keystore keystore.p12 -validity 3650
二、Android 端 HTTPS 通信
配置 Retrofit 信任自签名证书：
java
public class RetrofitClient {
public static Retrofit getRetrofit() {
try {
// 加载证书
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getContext().getResources().openRawResource(R.raw.server);
Certificate ca = cf.generateCertificate(caInput);

        // 创建TrustManager
        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);
        
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);
        
        // 创建SSLSocketFactory
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);
        
        // 创建OkHttpClient
        OkHttpClient client = new OkHttpClient.Builder()
                .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager)tmf.getTrustManagers()[0])
                .hostnameVerifier((hostname, session) -> hostname.equals("your-server.com"))
                .build();
        
        return new Retrofit.Builder()
                .baseUrl("https://your-server.com")
                .client(client)
                .addConverterFactory(GsonConverterFactory.create())
                .build();
    } catch (Exception e) {
        throw new RuntimeException(e);
    }
}

}
三、数据加密方案
在 Android 端实现 AES 加密：
java
public class EncryptionUtil {
private static final String ALGORITHM = "AES";
private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";

public static String encrypt(String data, String key) throws Exception {
    SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), ALGORITHM);
    Cipher cipher = Cipher.getInstance(TRANSFORMATION);
    cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(new byte[16]));
    byte[] encryptedBytes = cipher.doFinal(data.getBytes());
    return Base64.encodeToString(encryptedBytes, Base64.DEFAULT);
}

public static String decrypt(String encryptedData, String key) throws Exception {
    SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), ALGORITHM);
    Cipher cipher = Cipher.getInstance(TRANSFORMATION);
    cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(new byte[16]));
    byte[] decryptedBytes = cipher.doFinal(Base64.decode(encryptedData, Base64.DEFAULT));
    return new String(decryptedBytes);
}

}