像这里的许多人一样,我正在尝试与具有自签名证书的站点进行通信。有很多类和代码 sn-ps 展示了如何做到这一点,例如HTTPS GET (SSL) with Android and self-signed server certificate,但我找不到任何显示如何实际使用这些类的东西。我已经做了很多实验,但我确定我只是错过了一些简单的东西。
具体来说,我正在尝试使用“Moss”提供的类;得票最多的答案。我仍然总是收到“不受信任的证书”消息。该主题的其他人也要求提供实施提示,但尚未得到答复。感谢您的帮助。
如果我可以将此问题附加到该主题,我会更高兴,但我想像我这样的新手只能发布新问题(尽管我已经成为 SO 的粉丝一年多了)。
【问题讨论】:
标签: android ssl ssl-certificate
我们在一些项目中使用了类似的SocketFactory 和X509TrustManager 实现。为了将这些类绑定到您的实现,您基本上要做的就是将它们连接到用于客户端-服务器通信的HttpClient(假设这是您正在使用的)。
我们通常有一种方法可以使用提到的工厂和信任管理器创建HttpClient。它看起来有点像这样,并且大致基于内联 cmets 中显示的链接。
protected HttpClient constructClient() {
HttpParams params = new BasicHttpParams();
params.setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1);
// use the debug proxy to view internet traffic on the host computer
if (ABCApplication.isDebuggingProxy()) params.setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(ABCConstants.DEBUG_PROXY_HOST, ABCConstants.DEBUG_PROXY_PORT, "http"));
// ignore ssl certification (due to signed authority not appearing on android list of permitted authorities)
// see: http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", new PlainSocketFactory(), 80));
registry.register(new Scheme("https", new FakeSocketFactory(), 443));
ClientConnectionManager cm = new SingleClientConnManager(params, registry);
return new DefaultHttpClient(cm, params);
}
希望对您的实施有所帮助。
【讨论】:
我们也可以使用
HttpURLConnection http = null;
URL url;
try {
url = new URL("https:your domian");
if (url.getProtocol().toLowerCase().equals("https")) {
trustAllHosts();
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
https.setHostnameVerifier(DO_NOT_VERIFY);
http = https;
System.out.println("TEST:::"+convertStreamToString(http.getInputStream()));
} else {
http = (HttpURLConnection) url.openConnection();
System.out.println("TEST:::"+convertStreamToString(http.getInputStream()));
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
/*******
* Trust every server - don't check for any certificate
*/
private static void trustAllHosts() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[] {};
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
} };
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.printStackTrace();
}
}
final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
【讨论】: