Android中的证书固定 - 没有对等证书

时间:2014-08-09 23:26:37

标签: android ssl

我正在尝试使用Moxie Marlinspike的示例project在我的Android应用中固定CA证书。

我必须做更改,例如更改gradle版本,目标sdk版本。在他的build.gradle中,我有一个error。我注释掉uploadAcrhives块来解决它。

我在app中使用了以下内容:

public class CAPinning {

    public static DefaultHttpClient getHttpClient(Context context) {

        DefaultHttpClient httpClient = null;

        try {

            // I created my own CA using open SSL - I converted the ca.crt file to .pem
            // using cat ca.crt > ca.pem, and then used the python script provided by
            // the author to generate the hash, which is used as a pin here

            String[] pins = new String[]{"14cafa386cb573635ec05c3d93f9117968ac5d71"};
            SchemeRegistry schemeRegistry = new SchemeRegistry();
            schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
            schemeRegistry.register(new Scheme("https", new PinningSSLSocketFactory(context, pins, 0), 443));

            HttpParams httpParams = new BasicHttpParams();
            ClientConnectionManager connectionManager = new ThreadSafeClientConnManager(httpParams, schemeRegistry);
            httpClient = new DefaultHttpClient(connectionManager, httpParams); 
        }
        catch(Exception e) {
            Log.d("EXP", e.getLocalizedMessage());
            return null;
        }

        return httpClient;
    }
}

我使用httpClient向我的服务器发送请求:

 HttpClient httpClient = CAPinning.getHttpClient(getApplicationContext());
 httpClient.execute(new HttpGet("https://www.example.com"));

我收到以下异常:

W/System.err﹕ javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
W/System.err﹕ at com.android.org.conscrypt.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:146)
W/System.err﹕ at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
W/System.err﹕ at org.thoughtcrime.ssl.pinning.PinningSSLSocketFactory.createSocket(PinningSSLSocketFactory.java:147)
W/System.err﹕ at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
W/System.err﹕ at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err﹕ at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err﹕ at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
W/System.err﹕ at com.android.sslsampleapp.MainActivity$LoginTask.doInBackground(MainActivity.java:173)
W/System.err﹕ at com.android.sslsampleapp.MainActivity$LoginTask.doInBackground(MainActivity.java:131)
W/System.err﹕ at android.os.AsyncTask$2.call(AsyncTask.java:288)
W/System.err﹕ at java.util.concurrent.FutureTask.run(FutureTask.java:237)
W/System.err﹕ at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
W/System.err﹕ at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
W/System.err﹕ at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)

任何人都可以提出解决方法吗?

我确定我使用的是正确的pem文件,并且该网站的证书已与该CA签名。

Certificate chain
  0 s:/C=US/ST=**/L=****/O=***/OU=***/CN=www.example.com/emailAddress=*****
    i:/C=US/ST=**/L=****/O=myCA/OU=myCA/CN=myCA/emailAddress=*****

0 个答案:

没有答案