我不知道如何调试这个,现在已经有一段时间了,任何指针都会受到赞赏。
我正在尝试在Android应用和Nodejs服务器之间进行ssl / tls身份验证。我在运行Android应用程序时遇到此错误消息:
10-31 23:33:58.260: D/ExampleActivity(26199): Response code: 401
10-31 23:34:05.901: W/DefaultRequestDirector(26199): Authentication error: Unable to respond to any of these challenges: {}
注意我已经注释掉了客户端身份验证部分,并且只是试图让基本的SSL身份验证工作。即便如此,也会给我同样的警告/错误。
var https = require('https'),
fs = require('fs');
var options = {
key: fs.readFileSync('certs/server_key.pem'),
cert: fs.readFileSync('certs/server.pem'),
// ca: [fs.readFileSync('certs/client.pem')],
passphrase: '33333',
// requestCert: true,
// rejectUnauthorized: false
};
https.createServer(options, function (req, res) {
if (req.client.authorized) {
res.writeHead(200, {"Content-Type": "application/json"});
res.end('{"status":"approved"}');
} else {
res.writeHead(401, {"Content-Type": "application/json"});
res.end('{"status":"denied"}');
}
}).listen(8000);
public class SecureHttpClient extends DefaultHttpClient {
private String ks = "11111";
private String ts = "22222";
private Context context;
public SecureHttpClient(final Context context) {
super();
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory factory = newSslSocketFactory();
factory.setHostnameVerifier((X509HostnameVerifier) SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
registry.register(new Scheme("https", factory, 443));
HttpParams httpParams = new BasicHttpParams();
return new SingleClientConnManager(httpParams, registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
KeyStore keyStore = KeyStore.getInstance("BKS");
KeyStore trustStore = KeyStore.getInstance("BKS");
InputStream inKey= context.getResources().openRawResource(R.raw.client);
InputStream inTrust = context.getResources().openRawResource(R.raw.clienttruststore);
try {
keyStore.load(inKey, ks.toCharArray());
trustStore.load(inTrust, ts.toCharArray());
} finally {
inKey.close();
inTrust.close();
}
return new SSLSocketFactory(trustStore);
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
// MainActivity
public class MainActivity extends Activity {
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
setStrictMode();
final HttpClient client = new SecureHttpClient(this);
// Provide ip or address to where your test server is runnning
final HttpGet request = new HttpGet("https://192.168.0.105:8000/");
HttpResponse response = null;
try {
response = client.execute(request);
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Log.d("ExampleActivity", "Response code: " + response.getStatusLine().getStatusCode());
}
@TargetApi(9)
private void setStrictMode() {
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();
StrictMode.setThreadPolicy(policy);
}
@Override
public boolean onCreateOptionsMenu(Menu menu) {
getMenuInflater().inflate(R.menu.activity_main, menu);
return true;
}
}
答案 0 :(得分:1)
好吧,您的服务器似乎在端口8000上运行,而您的Android应用程序仅为443注册SSLSocketFactory,因此它实际上是在尝试将HTTP说到HTTPS服务器。使用端口443作为服务器,或在SchemeRegistry中注册8000。
答案 1 :(得分:0)
用pkcs12替换客户端密钥+证书bks文件似乎解决了这个问题。我不明白为什么。