Https Connection Android

我正在做一个https帖子,我得到ssl异常的例外不可信服务器证书.如果我做正常的http它工作得很好.我必须以某种方式接受服务器证书吗？

1> Ulrich Schel..：

---

这就是我在做的事情.它根本不再检查证书.

// always verify the host - dont check for certificate
final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
};

/**
 * Trust every server - dont check for any certificate
 */
private static void trustAllHosts() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[] {};
        }

        public void checkClientTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
        }
    } };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection
                .setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        e.printStackTrace();
    }
}

和

    HttpURLConnection http = null;

    if (url.getProtocol().toLowerCase().equals("https")) {
        trustAllHosts();
        HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
        https.setHostnameVerifier(DO_NOT_VERIFY);
        http = https;
    } else {
        http = (HttpURLConnection) url.openConnection();
    }

---

虽然这在开发阶段很好,但您应该意识到这允许任何人通过伪造随机SSL证书来MITM您的安全连接,这使您的连接不再安全.看看[这个问题](http://www.codeproject.com/KB/android/SSLVerification_Android.aspx?display=Mobile)看看它是否正确,[这里](http://www.exampledepot) .com/egs/javax.net.ssl/GetCert.html)看看如何收到证书,最后[this](http://www.exampledepot.com/egs/java.security/AddCert.html)来了解如何将其添加到密钥库.

---

您不应该使用推荐或发布此代码.这是完全不安全的.你应该解决实际问题.

2> Nate..：

---

我正在猜测,但如果你想要实际握手,你必须让android知道你的证书.如果您想接受任何内容,那么使用此伪代码来获取Apache HTTP客户端所需的内容:

SchemeRegistry schemeRegistry = new SchemeRegistry ();

schemeRegistry.register (new Scheme ("http",
    PlainSocketFactory.getSocketFactory (), 80));
schemeRegistry.register (new Scheme ("https",
    new CustomSSLSocketFactory (), 443));

ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager (
    params, schemeRegistry);


return new DefaultHttpClient (cm, params);

CustomSSLSocketFactory:

public class CustomSSLSocketFactory extends org.apache.http.conn.ssl.SSLSocketFactory
{
private SSLSocketFactory FACTORY = HttpsURLConnection.getDefaultSSLSocketFactory ();

public CustomSSLSocketFactory ()
    {
    super(null);
    try
        {
        SSLContext context = SSLContext.getInstance ("TLS");
        TrustManager[] tm = new TrustManager[] { new FullX509TrustManager () };
        context.init (null, tm, new SecureRandom ());

        FACTORY = context.getSocketFactory ();
        }
    catch (Exception e)
        {
        e.printStackTrace();
        }
    }

public Socket createSocket() throws IOException
{
    return FACTORY.createSocket();
}

 // TODO: add other methods like createSocket() and getDefaultCipherSuites().
 // Hint: they all just make a call to member FACTORY 
}

FullX509TrustManager是一个实现javax.net.ssl.X509TrustManager的类,但没有一个方法实际执行任何工作,请在此处获取示例.

祝好运!

---

嗨Nate,这看起来像是对我的情况有帮助的东西.但是,我在制作CustomSSLSocketFactory时遇到了一些问题.它应该扩展到什么类？或者它应该实现什么接口？我一直在试验:javax.net.SocketFactory,javax.net.ssl.SSLSocketFactory,org.apache.http.conn.scheme.SocketFactory,所有这些都强制执行其他方法......所以,一般来说,什么是代码中使用的类的名称空间？谢谢.:)

---

对我不起作用,给我同样不可靠的服务器证书错误.

3> 小智..：

---

在尝试回答这个问题时,我发现了一个更好的教程.有了它,您不必妥协证书检查.

http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

*我没有写这个,但感谢Bob Lee的工作

---

这是完美的答案.我做了一个更新帖子,显示了如何处理未列出的CA,因为我收到了PeerCertificate错误.在此处查看:http://blog.donnfelker.com/2011/06/13/trusting-android-certificates-part-duex/

4> saxos..：

---

您还可以查看我的博客文章,非常类似于crazybobs.

此解决方案也不会影响证书检查,并说明如何在您自己的密钥库中添加可信证书.

http://blog.antoine.li/index.php/2010/10/android-trusting-ssl-certificates/