我正在更新Android应用程序的Web服务URL,我们正在使用https协议。我看到我当前的https网址正在运行,但现在我们正在迁移到新域,然后就会产生问题。
我在stackoverflow上检查了许多线程,如javax.net.ssl.SSLException: hostname in certificate didn't match android,但没有找到任何好的答案,主要是回答绕过此安全或允许所有。
javax.net.ssl.SSLException:证书中的主机名不匹配:
//HttpGet getMethod = new HttpGet(String.format(httpURL));
HttpGet getMethod = new HttpGet(httpURL);
DefaultHttpClient client = new DefaultHttpClient();
ResponseHandler<String> responseHandler = new BasicResponseHandler();
HttpParams params = client.getParams();
params.setParameter(CoreConnectionPNames.CONNECTION_TIMEOUT, 60000);
params.setParameter(CoreConnectionPNames.SO_TIMEOUT, 60000);
client.setParams(params);
responseBody = client.execute(getMethod, responseHandler);
responseBody = responseBody.trim();
提前致谢。
答案 0 :(得分:5)
似乎最好的解决方法是使用HttpsUrlConnection而不是HttpGet。
URL url = new Url(httpURL);
HttpURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setReadTimeout(60000);
urlConnection.setConnectTimeout(60000);
urlConnection.setRequestMethod("GET");
urlConnection.setDoInput(true);
urlConnection.connect();
然后使用InputStream获取响应主体。
InputStream inputStream = urlConnection.getInputStream();
答案 1 :(得分:3)
如果它在浏览器中有效但在应用程序中没有,则可能是缺少SNI支持的问题,请参阅Why does android get the wrong ssl certificate? (two domains, one server)。
答案 2 :(得分:1)
感谢Make HTTPS / HTTP Request in Android
添加Java类 CustomSSLSocketFactory.java
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ssl.SSLSocketFactory;
public class CustomSSLSocketFactory extends SSLSocketFactory{
SSLContext sslContext = SSLContext.getInstance("TLS");
/**
* Generate Certificate for ssl connection
* @param truststore
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws KeyStoreException
* @throws UnrecoverableKeyException
*/
public CustomSSLSocketFactory(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager(){
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] {tm}, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port,
autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
在您的代码中
String cloud_url="https://www.google.com";
HttpClient client = new DefaultHttpClient();
if(cloud_url.toLowerCase().contains("https://")){
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new CustomSSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
client= new DefaultHttpClient(ccm, params);
}
HttpGet request= new HttpGet( );
request.setURI(new URI( cloud_url));
HttpResponse response = client.execute(request);