我正在尝试覆盖Android中的信任管理器。我想让底层信任管理器检查证书,但我需要确定证书是否过期。如果证书已过期,我需要忽略它并接受证书。如果取出电池,某些移动设备会将日期重置为旧日期,从而导致证书显示为已过期。即使发生这种情况,我的应用也必须继续保持运行。
我遇到的问题是这行代码抛出NullPointerException:
origTrustmanager.checkServerTrusted(certs, authType);
根据文档,checkServerTrusted绝不应该抛出NullPointerExeption。证书有两个项目。 authType设置为“RSA”。如果我没有实现自定义信任管理器,将抛出一个异常,清楚地表明证书已过期,因此我知道基础信任管理器正在执行其工作。即使我将设备上的日期和时间设置为在证书的有效时间内,上面的checkServerTrusted行也会生成异常。为什么?显然,我做错了什么。以下是我的自定义信任管理器的代码以及我如何访问Url:
class SSLTrustManager
{
private X509TrustManager origTrustmanager;
public SSLTrustManager()
{
try
{
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
TrustManager[] trustManagers = tmf.getTrustManagers();
this.origTrustmanager = (X509TrustManager) trustManagers[0];
}
catch (Exception ex)
{
}
}
public javax.net.ssl.SSLSocketFactory GetSocketFactory()
{
try
{
TrustManager[] wrappedTrustManagers = new TrustManager[] {
new X509TrustManager()
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return origTrustmanager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType)
{
try
{
origTrustmanager.checkClientTrusted(certs, authType);
}
catch (CertificateException e)
{
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException
{
try
{
origTrustmanager.checkServerTrusted(certs, authType);
}
catch(Exception ex)
{
}
}
}
};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, wrappedTrustManagers, new java.security.SecureRandom());
javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
return sslSocketFactory;
}
catch (Exception ex)
{
return null;
}
}
}
访问网址的代码:
SSLTrustManager sslTrustManager = new SSLTrustManager();
HttpsURLConnection.setDefaultSSLSocketFactory(sslTrustManager.GetSocketFactory());
URL siteUrl = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) siteUrl.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);
DataOutputStream out = new DataOutputStream(conn.getOutputStream());
答案 0 :(得分:2)
如果您从未初始化origTrustmanager实例变量,则其默认值为null,这在您尝试使用它时确实会导致NPE。
我刚刚在此编辑my previous answer以显示TrustManager初始化的示例。 (我没有尝试使用Android,但它在普通Java中运行良好。)
小心不要抓得太多。在这里,您在信任管理器中捕获CertificateException和Exception:这与没有任何东西一样好,因为这些方法都是为了抛出这些异常。如果您想忽略过期日期,请确保只捕获CertificateExpiredException。
请注意,这只是一个技巧,它依赖于以下事实:在实践中,证书验证是在一般信任验证之后完成的(至少在OpenJDK实现中)。据我所知,规范中没有任何内容表明证书过期在之后验证。它是在对信任元素进行其他验证之前完成的,并且您忽略了该异常,您可以通过比您想要的更多的证书。
答案 1 :(得分:-1)
使用此代码 这对我有用
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
}
};
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { tm }, null);
} catch (Exception e1) {
e1.printStackTrace();
return;
}
AsyncSSLSocketMiddleware sslMiddleWare = Ion.getDefault(context).getHttpClient().getSSLSocketMiddleware();
sslMiddleWare.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sslMiddleWare.setSSLContext(sslContext);
Ion.getDefault(context).getHttpClient().getSSLSocketMiddleware().setTrustManagers(trustAllCerts);
Ion.getDefault(context).getHttpClient().getSSLSocketMiddleware().setSSLContext(sslContext);
Ion.with(context).load("POST", serverUrl)
.setHeader("Content-Type", "application/json")
.setHeader("Accept", "application/json")
.setLogging("ION_LOGGING", Log.VERBOSE).setJsonObjectBody(json)