Android:忽略自签名证书错误;实际执行?

时间:2012-04-27 23:27:50

标签: android ssl ssl-certificate

像这里的许多人一样,我正在尝试与拥有自签名证书的网站进行通信。有许多类和代码片段显示了如何执行此操作,例如HTTPS GET (SSL) with Android and self-signed server certificate,但我找不到任何显示如何实际使用这些类的内容。我已经尝试了很多,我确信我只是遗漏了一些简单的东西。

具体来说,我正在尝试使用“Moss”提供的类;得票最多的答案。我仍然总是收到“不信任的证书”消息。该主题中的另一个人也要求提供实施提示,但尚未得到答复。谢谢你的帮助。

如果我可以将这个问题附加到这个主题上,我会更高兴,但我想像我这样的新手只能发表新的问题(虽然我已经成为SO的粉丝超过一年了。)

2 个答案:

答案 0 :(得分:2)

我们在一些项目中使用了类似的SocketFactoryX509TrustManager实现。为了将这些类绑定到您的实现,您基本上应该做的就是将它们连接到用于客户端 - 服务器通信的HttpClient(假设您使用的是)。

我们通常有一种方法可以使用上面提到的工厂和信任管理器创建HttpClient。它看起来有点像这样,并且松散地基于内联注释中显示的链接。

protected HttpClient constructClient() {
    HttpParams params = new BasicHttpParams();
    params.setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1);

    // use the debug proxy to view internet traffic on the host computer
    if (ABCApplication.isDebuggingProxy()) params.setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(ABCConstants.DEBUG_PROXY_HOST, ABCConstants.DEBUG_PROXY_PORT, "http"));

    // ignore ssl certification (due to signed authority not appearing on android list of permitted authorities)
    // see: http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", new PlainSocketFactory(), 80));
    registry.register(new Scheme("https", new FakeSocketFactory(), 443)); 
    ClientConnectionManager cm = new SingleClientConnManager(params, registry);

    return new DefaultHttpClient(cm, params);
}

希望这有助于您的实施。

答案 1 :(得分:2)

我们也可以使用 

HttpURLConnection http = null;
            URL url;
            try {
                url = new URL("https:your domian");

                if (url.getProtocol().toLowerCase().equals("https")) {
                    trustAllHosts();
                    HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
                    https.setHostnameVerifier(DO_NOT_VERIFY);
                    http = https;
                    System.out.println("TEST:::"+convertStreamToString(http.getInputStream())); 
                } else {
                    http = (HttpURLConnection) url.openConnection();
                    System.out.println("TEST:::"+convertStreamToString(http.getInputStream())); 
                }
            } catch (MalformedURLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }


/*******
 * Trust every server - don't check for any certificate
 */
private static void trustAllHosts() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[] {};
        }

        public void checkClientTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
        }
    } };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection
                .setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        e.printStackTrace();
    }
}



final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
};
相关问题
最新问题