以编程方式将服务器证书信息添加到Trust Manager Android

时间:2015-05-12 07:10:29

标签: android x509certificate

我是这个SSLX509Certificate概念的新手。我需要的是,有没有办法从给定的Url

获取证书信息

例如:如果用户键入了https://www.google.com,那么我需要以编程方式获取证书信息。

修改

最后,我从服务器获得了证书信息。

现在,我的问题是:

1。我如何检查证书是否可信?

2. 如何将证书添加到信任管理器?

3. 即使是不受信任的证书,如果用户想要继续使用,那么我需要将证书添加到信任管理器。我怎样才能实现这个目标?

4。是否,为了检查证书是否可信,我们是否真的需要另外一个证书进行比较?

我非常了解这些X.509 Certificate.

任何帮助都会得到真正的赞赏。

修改

这就是我所尝试的。但是,他们都没有帮助我。我需要获得证书是否可信。

X509TrustManager trustManager = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain,
                        String authType) throws CertificateException {
                    for (TrustManager tm : managers) {
                        if (tm instanceof X509TrustManager) {
                            ((X509TrustManager) tm).checkClientTrusted(
                                    chain, authType);
                        }
                    }
                }

                @Override
                public void checkServerTrusted(X509Certificate[] chain,
                        String authType) {

                    for (X509Certificate cert : chain) {

                        final String mCertificatinoType = cert.getType();
                        Date afterDate = cert.getNotAfter();
                        Date beforeDate = cert.getNotBefore();
                        Date currentDate = new Date();

                        try {
                            cert.checkValidity(new Date());
                        } catch (CertificateExpiredException e) {
                            LoginActivity.isExpired = true;
                            e.printStackTrace();
                        } catch (CertificateNotYetValidException e) {
                            LoginActivity.isInValid = true;
                            e.printStackTrace();
                        }

                        try {
                            cert.verify(trustedRoot.getPublicKey());
                        } catch (InvalidKeyException e) {
                            e.printStackTrace();
                        } catch (CertificateException e) {
                            e.printStackTrace();
                        } catch (NoSuchAlgorithmException e) {
                            e.printStackTrace();
                        } catch (NoSuchProviderException e) {
                            e.printStackTrace();
                        } catch (SignatureException e) {
                            e.printStackTrace();
                        }

                        try {
                            if (cert.getIssuerX500Principal().equals(
                                    trustedRoot.getIssuerX500Principal())) {

                            }
                            cert.verify(trustedHost.getPublicKey());
                        } catch (InvalidKeyException e) {
                            e.printStackTrace();
                        } catch (CertificateException e) {
                            e.printStackTrace();
                        } catch (NoSuchAlgorithmException e) {
                            e.printStackTrace();
                        } catch (NoSuchProviderException e) {
                            e.printStackTrace();
                        } catch (SignatureException e) {
                            e.printStackTrace();
                        }

                        if (afterDate.compareTo(currentDate)
                                * currentDate.compareTo(beforeDate) > 0) {
                        } else {

                        }

                        if (cert.getIssuerX500Principal().equals(
                                trustedRoot.getIssuerX500Principal())) {
                            return;
                        }
                    }

                    // for (X509Certificate cert : chain) {
                    // URL url;
                    // String host = "";
                    // if (baseHostString.equalsIgnoreCase("")) {
                    // final Settings settings = mApplication
                    // .getSettings();
                    // try {
                    // url = new URL(
                    // settings.serverAddress.toString());
                    // host = url.getAuthority();
                    // } catch (MalformedURLException e) {
                    // e.printStackTrace();
                    // }
                    // } else {
                    //
                    // }
                    //
                    // String dn = cert.getSubjectDN().getName();
                    // String CN = getValByAttributeTypeFromIssuerDN(dn,
                    // "CN=");
                    // if (CN.equalsIgnoreCase(host)) {
                    // if (cert.getIssuerX500Principal().equals(
                    // trustedRoot.getIssuerX500Principal())) {
                    // return;
                    // } else {
                    // }
                    // } else {
                    // }
                    // }
                    for (TrustManager tm : managers) {
                        if (tm instanceof X509TrustManager) {
                            try {
                                ((X509TrustManager) tm).checkServerTrusted(
                                        chain, authType);
                            } catch (CertificateException e) {
                                e.printStackTrace();
                            }
                        }
                    }

                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    ArrayList<X509Certificate> issuers = new ArrayList<>();
                    for (TrustManager tm : managers) {
                        if (tm instanceof X509TrustManager) {
                            issuers.addAll(Arrays
                                    .asList(((X509TrustManager) tm)
                                            .getAcceptedIssuers()));
                        }
                    }
                    return issuers.toArray(new X509Certificate[issuers
                            .size()]);
                }

            };

1 个答案:

答案 0 :(得分:4)

最后,破解了!

                X509TrustManager trustManager = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain,
                        String authType) throws CertificateException {
                    for (TrustManager tm : managers) {
                        if (tm instanceof X509TrustManager) {
                            ((X509TrustManager) tm).checkClientTrusted(
                                    chain, authType);
                        }
                    }
                }

                @Override
                public void checkServerTrusted(
                        final X509Certificate[] chain, String authType) {

                    for (X509Certificate cert : chain) {

                        final String mCertificatinoType = cert.getType();
                        Date afterDate = cert.getNotAfter();
                        Date beforeDate = cert.getNotBefore();
                        Date currentDate = new Date();

                        try {
                            cert.checkValidity(new Date());
                        } catch (CertificateExpiredException e) {
                            isExpired = true;
                            e.printStackTrace();
                        } catch (CertificateNotYetValidException e) {
                            isInValid = true;
                            e.printStackTrace();
                        }

                        if (afterDate.compareTo(currentDate)
                                * currentDate.compareTo(beforeDate) > 0) {
                            isExpired = false;
                        } else {
                            isExpired = true;
                        }

                        String dn = cert.getSubjectDN().getName();
                        String CN = getValByAttributeTypeFromIssuerDN(dn,
                                "CN=");

                        String host = "";
                        if (TextUtils.isEmpty(query)) {
                            if (baseHostString.equalsIgnoreCase("")) {
                                final Settings settings = mApplication
                                        .getSettings();
                                try {
                                    URL url = new URL(
                                            settings.serverAddress
                                                    .toString());
                                    host = url.getAuthority();
                                    if (host.contains(String.valueOf(url
                                            .getPort()))) {
                                        String toBeReplaced = ":"
                                                + url.getPort();
                                        host = host.replace(toBeReplaced,
                                                "");
                                    }
                                } catch (MalformedURLException e) {
                                    e.printStackTrace();
                                }
                            } else {
                                try {
                                    URL url = new URL(baseHostString);
                                    host = url.getAuthority();
                                    if (host.contains(String.valueOf(url
                                            .getPort()))) {
                                        String toBeReplaced = ":"
                                                + url.getPort();
                                        host = host.replace(toBeReplaced,
                                                "");
                                    }
                                } catch (MalformedURLException e) {
                                    e.printStackTrace();
                                }
                            }
                        } else {
                            try {
                                URL url = new URL(query);
                                host = url.getAuthority();
                                if (host.contains(String.valueOf(url
                                        .getPort()))) {
                                    String toBeReplaced = ":"
                                            + url.getPort();
                                    host = host.replace(toBeReplaced, "");
                                }
                            } catch (MalformedURLException e) {
                                e.printStackTrace();
                            }
                        }

                        if (CN.equalsIgnoreCase(host)) {
                            isHostMisMatch = false;
                        } else {
                            isHostMisMatch = true;
                        }

                        for (TrustManager tm : managers) {
                            if (tm instanceof X509TrustManager) {
                                try {
                                    ((X509TrustManager) tm)
                                            .checkServerTrusted(chain,
                                                    authType);
                                } catch (CertificateException e) {
                                    if (e.getMessage() != null
                                            && e.getMessage()
                                                    .contains(
                                                            "Trust anchor for certification path not found.")) {
                                        isNotTrusted = true;
                                        mApplication
                                                .setCurrentCertificate(chain);
                                    }
                                    e.printStackTrace();
                                }
                            }
                        }

                        if (cert.getIssuerX500Principal().equals(
                                trustedRoot.getIssuerX500Principal())) {
                            return;
                        }
                    }

                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    ArrayList<X509Certificate> issuers = new ArrayList<>();
                    for (TrustManager tm : managers) {
                        if (tm instanceof X509TrustManager) {
                            issuers.addAll(Arrays
                                    .asList(((X509TrustManager) tm)
                                            .getAcceptedIssuers()));
                        }
                    }
                    return issuers.toArray(new X509Certificate[issuers
                            .size()]);
                }

            };

谢谢大家。