我正在使用KSOAP2来管理Android中的SOAP,但它使用https作为SOAP URL,我收到此错误:javax.net.ssl.SSLException:不可信任的服务器证书
正常错误,因为证书不受信任,但是有人知道如何解决此错误?
我无法管理证书,因为来自其他公司,我无权更改它。
谢谢
答案 0 :(得分:16)
再次检查这个问题,我发现了一个更清洁的解决方案。无需修改KSOAP2文件。
在您的项目中,链接ksoap2-android-assembly-3.0.0-jar,不做任何修改。
接下来,使用以下代码创建名为SSLConnection.java的文件:
package com.example.mypackage;
import android.util.Log;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class SSLConection {
private static TrustManager[] trustManagers;
public static class _FakeX509TrustManager implements javax.net.ssl.X509TrustManager {
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return (_AcceptedIssuers);
}
}
public static void allowAllSSL() {
javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
javax.net.ssl.SSLContext context;
if (trustManagers == null) {
trustManagers = new TrustManager[]{new _FakeX509TrustManager()};
}
try {
context = javax.net.ssl.SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
} catch (NoSuchAlgorithmException e) {
Log.e("allowAllSSL", e.toString());
} catch (KeyManagementException e) {
Log.e("allowAllSSL", e.toString());
}
}
}
在通过KSOAP2调用服务器方法之前调用SSLConection.allowAllSSL();。这一切,对我有用。所有SSL证书都被接受,我可以使用KSOAP2和https协议。
答案 1 :(得分:10)
我无法发表评论,所以我在这里发表评论rallat答案。他的解决方案有效但需要进一步解释。用ssl运行ksoap2:
ksoap2-android-assembly-2.5.2-jar-with-dependencies.jar放入项目HttpTransportSE.java,ServiceConnectionSE.java(我还需要复制Transport.java,ServiceConnection.java和HeaderProperty.java)。从这些文件中删除导入并确保它们使用您的文件(而不是从ksoap2.jar导入)使用rallat答案(我复制粘贴):
ServiceConnectionSE.java为接受不受信任的证书添加此内容:
private TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
然后使用此构造函数 允许不受信任的证书而不是 已验证的主机名:
public ServiceConnectionSE(String url) throws IOException {
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.getMessage();
}
connection = (HttpsURLConnection) new URL(url).openConnection();
((HttpsURLConnection) connection).setHostnameVerifier(new AllowAllHostnameVerifier());
}
第二个构造函数
public ServiceConnectionSE(Proxy proxy, String url) throws IOException {
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.getMessage();
}
connection = (HttpsURLConnection) new URL(url).openConnection();
((HttpsURLConnection) connection).setHostnameVerifier(new AllowAllHostnameVerifier());
connection.setUseCaches(false);
connection.setDoOutput(true);
connection.setDoInput(true);
}
在您的代码中使用:
HttpTransportSE aht = new HttpTransportSE(URL);
aht.call(SOAP_ACTION, envelope);
教程中的其他内容
答案 2 :(得分:4)
我自己找到答案
添加此项以接受不受信任的证书:
private TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
然后在构造函数中添加此项以允许不受信任的证书和未验证的主机名:
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
e.getMessage();
}
connection = (HttpsURLConnection) new URL(url).openConnection();
((HttpsURLConnection) connection).setHostnameVerifier(new AllowAllHostnameVerifier());
答案 3 :(得分:4)
创建一个新类FakeX509TrustManager来处理证书问题,
FakeX509TrustManager.allowAllSSL();
HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
新创建的类如下:
public class FakeX509TrustManager implements X509TrustManager {
private static TrustManager[] trustManagers;
private static final X509Certificate[] _AcceptedIssuers = new
X509Certificate[] {};
@Override
public void checkClientTrusted(X509Certificate[] chain, String
authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String
authType) throws CertificateException {
}
public boolean isClientTrusted(X509Certificate[] chain) {
return true;
}
public boolean isServerTrusted(X509Certificate[] chain) {
return true;
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return _AcceptedIssuers;
}
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier()
{
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[] { new FakeX509TrustManager() };
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
}