如何使用HttpsURLConnection连接到https URL

时间:2015-12-23 15:06:22

标签: java android https ssl-certificate httpsurlconnection

我正在尝试将某些数据发布到https网址,因此我使用了http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html中找到的代码:

text=text.replace(/\\n/g,"\\n");

问题是,我得到了这个例外:

                KeyStore keyStore = ...;
                String algorithm = TrustManagerFactory.getDefaultAlgorithm();
                TrustManagerFactory tmf =TrustManagerFactory.getInstance(algorithm);
                tmf.init(keyStore);

                SSLContext context = SSLContext.getInstance("TLS");
                context.init(null, tmf.getTrustManagers(), null);

                // Open a HTTP  connection to  the URL
                conn = (HttpsURLConnection) url.openConnection();
                conn.setSSLSocketFactory(context.getSocketFactory());

EXTRA INFO1: 我可以成功发布到https:地址,而无需从笔记本电脑的终端做任何额外的操作,这是连接的详细打印输出:

    Exception : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

EXTRA INFO2:当我执行“openssl s_client -connect cloud.myserver.com:80”时,这是我从控制台获得的打印输出:

CONNECTED(00000003) 77152:错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:618: Joshs-MacBook-Pro:~JoshDBS $ openssl s_client -connect cloud.myserver.com:8080 连接:拒绝连接 连接:错误号= 61 Joshs-MacBook-Pro:~JoshDBS $ openssl s_client -connect cloud.myserver.com:81 连接:拒绝连接 连接:错误号= 61 Joshs-MacBook-Pro:~JoshDBS $ openssl s_client -connect cloud.myserver.com:80 

== Info: Connected to cloud.someserver.com (127.0.0.1) port 443 (#0)
== Info: TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
== Info: Server certificate: cloud.someserver.com
== Info: Server certificate: StartCom Class 1 Primary Intermediate Server CA
== Info: Server certificate: StartCom Certification Authority

我需要分配给密钥库而不是那三个点(...)需要什么值?我从哪里获取它?

如何使用HttpsURLConnection发布数据? (我已经可以发布到简单的http:URL)

2 个答案:

答案 0 :(得分:2)

尝试以下方法:

String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);

另外,您要访问的是哪个URL?它可能不在Android的可信证书DataStore中,这意味着您必须自己做更多工作才能将证书添加到DataStore。

如果您仍处于困境,请告诉我们,我们会进一步调试您的问题。

答案 1 :(得分:0)

尝试停用SSL认证验证as explained here。 建议仅用于开发目的,而不是在生产环境中。在生产环境中,您必须安装方便的证书。

 TrustManager[] trustAllCerts = new TrustManager[] {
        new X509TrustManager() {
          public java.security.cert.X509Certificate[] getAcceptedIssuers() {
           return null;
          }
          @Override
          public void checkClientTrusted(X509Certificate[] arg0, String arg1)
           throws CertificateException {}

          @Override
          public void checkServerTrusted(X509Certificate[] arg0, String arg1)
            throws CertificateException {}

          }
     };

  SSLContext sc=null;
  try {
   sc = SSLContext.getInstance("SSL");
  } catch (NoSuchAlgorithmException e) {
   e.printStackTrace();
  }
  try {
   sc.init(null, trustAllCerts, new java.security.SecureRandom());
  } catch (KeyManagementException e) {
   e.printStackTrace();
  }
  HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

  // Create all-trusting host name verifier
  HostnameVerifier validHosts = new HostnameVerifier() {
  @Override
  public boolean verify(String arg0, SSLSession arg1) {
   return true;
  }
  };
  // All hosts will be valid
  HttpsURLConnection.setDefaultHostnameVerifier(validHosts);
相关问题
最新问题