我正在尝试使用带有客户端证书的ssl建立Android设备和Web服务之间的连接(服务器检查为需要客户端证书),服务器上的证书由CA签署(go-daddy)我也有一个客户端证书(* .pfx),我休this tutorial 附加客户端证书文件, 我使用ksoap2调用Web服务,我一直收到错误403, 但从设备(或PC)网络浏览器,其工作正常(安装证书后)... 我不太了解客户端证书,但在我看来,连接并没有以正确的方式使用我的证书。
当我使用自签名证书进行测试时,一切正常。
任何想法我做错了什么? 我的ksoap2代码:
public void GetUser(String user_name, String password, boolean isSchedule,
boolean writeTostatistic) throws Exception {
Log.d(GlobalUtil.TAG_LOG, "Calling GetUser() web service");
String METHOD_NAME = "GetUser";
globalUtil.user = new User();
User us = new User();
HttpsTransportSE httpTransport = new KeepAliveHttpsTransportSE(host,
port, file, timeout);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(
SoapEnvelope.VER12);
SoapObject Request = new SoapObject(NAMESPACE, METHOD_NAME);
httpTransport.debug = true;
envelope.dotNet = true;
envelope.headerOut = new Element[1];
envelope.headerOut[0] = elementHeaders;
Request.addProperty("user_name", user_name);
Request.addProperty("password", password);
Request.addProperty("isSchedule", isSchedule);
Request.addProperty("writeTostatistic", writeTostatistic);
envelope.implicitTypes = true;
envelope.setOutputSoapObject(Request); // prepare request
envelope.addMapping(NAMESPACE, "User", new User().getClass());
if (useCertificate) {
try {
((HttpsServiceConnectionSE) httpTransport
.getServiceConnection())
.setSSLSocketFactory(sSLContext);
} catch (IOException e) {
e.printStackTrace();
}
} else
allowAllSSL();
List<HeaderProperty> httpHeaders = null;
try {
httpHeaders = httpTransport.call(SOAP_ACTION + METHOD_NAME,
envelope, null);
SoapObject response = (SoapObject) envelope.getResponse();
if (response == null)
return;
us.Id = Integer.parseInt(response.getProperty("Id").toString());
if (!response.getProperty("User_Name").toString()
.equals("anyType{}"))
us.User_Name = response.getProperty("User_Name").toString();
if (!response.getProperty("Password").toString()
.equals("anyType{}"))
us.Password = response.getProperty("Password").toString();
if (!response.getProperty("USER_HEBREW_FIRSTNAME").toString()
.equals("anyType{}"))
us.USER_HEBREW_FIRSTNAME = response.getProperty(
"USER_HEBREW_FIRSTNAME").toString();
if (!response.getProperty("USER_HEBREW_LASTNAME").toString()
.equals("anyType{}"))
us.USER_HEBREW_LASTNAME = response.getProperty(
"USER_HEBREW_LASTNAME").toString();
us.Merhav = Integer.parseInt(response.getProperty("Merhav")
.toString());
us.Yaam = Integer.parseInt(response.getProperty("Yaam").toString());
us.Tat_Mifal = Integer.parseInt(response.getProperty("Tat_Mifal")
.toString());
us.Ezor = Integer.parseInt(response.getProperty("Ezor").toString());
us.EzorLahatz = Integer.parseInt(response.getProperty("EzorLahatz")
.toString());
/*
* us.PasswordExpirationDate=(Date)
* response.getProperty("PasswordExpirationDate");
*/
us.PasswordExpirationDate = User
.ParsePasswordExpirationDate((response
.getProperty("PasswordExpirationDate").toString()));
us.Password = password;
globalUtil.user = us;
SetSessionCookie(httpHeaders);
Log.d(GlobalUtil.TAG_LOG, "Finish calling GetUser() web service");
} catch (IOException | XmlPullParserException e1) {
if(e1!=null)
{
Log.e(GlobalUtil.TAG_LOG, e1.getMessage());
throw e1;
}
Log.e(GlobalUtil.TAG_LOG, "Error in Login web service.");
Log.e(GlobalUtil.TAG_LOG, "requestDump: "
+ httpTransport.requestDump);
Log.e(GlobalUtil.TAG_LOG, "responseDump: "
+ httpTransport.responseDump);
}
答案 0 :(得分:1)
对你来说可能为时已晚,但我处于类似情况......
早期版本的Android(以及1.7之前的Java)在SSL中存在(缺少)SNI的问题。据说这已经修复了2.3,但我相信我已经设法模仿我的5.0 Android模拟器中的这个错误。 (可能通过使用自定义套接字上下文工厂。)在浏览器中,我可以使用相同的密钥库/信任库访问URL,从Android获得403。
是什么让我相信确实缺乏服务器名称指示......
openssl s_client -tls1_2 -connect myhost.domain.com:443 -state -cert client.crt -key client.key -pass pass:******** -CAfile server.cer -servername myhost.domain.com
...在最后省略-servername param导致403,这正是我的Android代码实现的。 :d