我使用apache Mina编写了android客户端。现在我正在尝试为此客户端添加TLS支持。但在客户端我不想做服务器身份验证。我只是为了加密而使用它。我该怎么做到这一点?
我试过这样的事。
SSLContext sc = null;
SslFilter sslFilter;
private void startTLS() {
try {
sc = SSLContext.getInstance("TLSv1");
sc.init(null, null, null);
sslFilter = new SslFilter(sc);
sslFilter.setUseClientMode(true);
session.getFilterChain().addFirst("mySSL", sslFilter);
} catch(Exception e) {
e.printStackTrace();
}
}
但是当我点击这个方法时,连接就会被关闭。任何人都可以对此有所了解吗?
同时sslFilter.getEnabledProtocols() & sslFilter.getEnabledCipherSuites()提供null值。
服务器处于扭曲状态。为了更清楚,您可以查看提到服务器机制的以下链接。 https://twistedmatrix.com/documents/13.1.0/core/howto/ssl.html
同样在Mina API中,有一种方法sslFilter.setNeedClientAuth(boolean),但我不确定它的应用程序。(我认为它在服务器端很有用)。
新代码:
@Override
public void messageReceived(IoSession session, Object msg) {
jsonParser(msg) //communication is in json
if (condition) {
startTLS();
}
}
SslFilter sslFilter;
public void startTLS(JSONObject msg) throws GeneralSecurityException{
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}};
try {
SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, null);
IoFilterChain chain = session.getFilterChain();
sslFilter = new SslFilter(sslContext);
sslFilter.setUseClientMode(true);
chain.addFirst("sslFilter", sslFilter);
} catch(Exception e){
e.printStackTrace();
}
}
追溯: 谈判消息是:SESSION_UNSECURED 跟踪跟踪如下:
02-05 12:50:20.365: W/System.err(994): Unexpected character (S) at position 0.
02-05 12:50:20.374: W/System.err(994): at org.json.simple.parser.Yylex.yylex(Yylex.java:610)
02-05 12:50:20.394: W/System.err(994): at org.json.simple.parser.JSONParser.nextToken(JSONParser.java:269)
02-05 12:50:20.394: W/System.err(994): at org.json.simple.parser.JSONParser.parse(JSONParser.java:118)
02-05 12:50:20.404: W/System.err(994): at org.json.simple.parser.JSONParser.parse(JSONParser.java:81)
02-05 12:50:20.444: W/System.err(994): at org.json.simple.parser.JSONParser.parse(JSONParser.java:75)
02-05 12:50:20.444: W/System.err(994): at network.com.parse(com.java:146)
02-05 12:50:20.444: W/System.err(994): at network.com.messageReceived(com.java:106)
02-05 12:50:20.474: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
02-05 12:50:20.474: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.474: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
02-05 12:50:20.474: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
02-05 12:50:20.487: W/System.err(994): at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:214)
02-05 12:50:20.494: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.494: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
02-05 12:50:20.514: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
02-05 12:50:20.514: W/System.err(994): at org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:322)
02-05 12:50:20.524: W/System.err(994): at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:497)
02-05 12:50:20.524: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.524: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
02-05 12:50:20.524: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
02-05 12:50:20.556: W/System.err(994): at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
02-05 12:50:20.564: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.564: W/System.err(994): at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410)
02-05 12:50:20.574: W/System.err(994): at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710)
02-05 12:50:20.574: W/System.err(994): at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:664)
02-05 12:50:20.604: W/System.err(994): at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:653)
02-05 12:50:20.604: W/System.err(994): at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67)
02-05 12:50:20.604: W/System.err(994): at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1124)
02-05 12:50:20.614: W/System.err(994): at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
02-05 12:50:20.614: W/System.err(994): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
02-05 12:50:20.614: W/System.err(994): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
02-05 12:50:20.625: W/System.err(994): at java.lang.Thread.run(Thread.java:841)