我是这个SSL
和X509Certificate
概念的新手。我需要的是,有没有办法从给定的Url
例如:如果用户键入了https://www.google.com,那么我需要以编程方式获取证书信息。
修改
最后,我从服务器获得了证书信息。
现在,我的问题是:
1。我如何检查证书是否可信?
2. 如何将证书添加到信任管理器?
3. 即使是不受信任的证书,如果用户想要继续使用,那么我需要将证书添加到信任管理器。我怎样才能实现这个目标?
4。是否,为了检查证书是否可信,我们是否真的需要另外一个证书进行比较?
我非常了解这些X.509 Certificate.
任何帮助都会得到真正的赞赏。
修改
这就是我所尝试的。但是,他们都没有帮助我。我需要获得证书是否可信。
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
LoginActivity.isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
LoginActivity.isInValid = true;
e.printStackTrace();
}
try {
cert.verify(trustedRoot.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
try {
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
}
cert.verify(trustedHost.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
} else {
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
// for (X509Certificate cert : chain) {
// URL url;
// String host = "";
// if (baseHostString.equalsIgnoreCase("")) {
// final Settings settings = mApplication
// .getSettings();
// try {
// url = new URL(
// settings.serverAddress.toString());
// host = url.getAuthority();
// } catch (MalformedURLException e) {
// e.printStackTrace();
// }
// } else {
//
// }
//
// String dn = cert.getSubjectDN().getName();
// String CN = getValByAttributeTypeFromIssuerDN(dn,
// "CN=");
// if (CN.equalsIgnoreCase(host)) {
// if (cert.getIssuerX500Principal().equals(
// trustedRoot.getIssuerX500Principal())) {
// return;
// } else {
// }
// } else {
// }
// }
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm).checkServerTrusted(
chain, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
答案 0 :(得分:4)
最后,破解了!
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(
final X509Certificate[] chain, String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
isInValid = true;
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
isExpired = false;
} else {
isExpired = true;
}
String dn = cert.getSubjectDN().getName();
String CN = getValByAttributeTypeFromIssuerDN(dn,
"CN=");
String host = "";
if (TextUtils.isEmpty(query)) {
if (baseHostString.equalsIgnoreCase("")) {
final Settings settings = mApplication
.getSettings();
try {
URL url = new URL(
settings.serverAddress
.toString());
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
} else {
try {
URL url = new URL(baseHostString);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
} else {
try {
URL url = new URL(query);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced, "");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
if (CN.equalsIgnoreCase(host)) {
isHostMisMatch = false;
} else {
isHostMisMatch = true;
}
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm)
.checkServerTrusted(chain,
authType);
} catch (CertificateException e) {
if (e.getMessage() != null
&& e.getMessage()
.contains(
"Trust anchor for certification path not found.")) {
isNotTrusted = true;
mApplication
.setCurrentCertificate(chain);
}
e.printStackTrace();
}
}
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
谢谢大家。