我使用JSOUP连接许多 https网站。我使用方法Jsoup.connect(url),但它抛出异常:
javax.net.ssl.SSLHandshakeException: Certificate not valid or trusted.
所以我使用这段代码来信任所有的证书ssl:
public static void enableSSLSocket() throws KeyManagementException, NoSuchAlgorithmException {
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType ) { }
public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType ) { }
}
};
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance( "SSL" );
sc.init( null, trustAllCerts, new java.security.SecureRandom() );
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(
new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
});
}
catch ( Exception e ) {
//We can not recover from this exception.
e.printStackTrace();
}}
但我使用上面的代码,在Play商店有goole警告。
您的应用正在使用与Apache HTTP客户端的X509TrustManager接口的不安全实现,从而导致安全漏洞。有关详细信息,请参阅此Google帮助中心文章,其中包括修复漏洞的截止日期。
如果我添加此代码:
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
chain[0].checkValidity();
} catch (Exception e) {
throw new CertificateException("Certificate not valid or trusted.");
}
}
警告消失了,但JSOUP无法正常工作,但同样的例外。 那么有没有办法信任所有ssl并绕过谷歌警告?提前谢谢你。
答案 0 :(得分:0)
我找到解决方案,跳一些人需要它:
public static void trustSSLCertificate(final Activity mActivity, final DownloadPortalTask task){
try {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new X509TrustManager[]{new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
chain[0].checkValidity();
} catch (final Exception e) {
mActivity.runOnUiThread(new Runnable() {
@Override
public void run() {
AlertDialog.Builder builder = new AlertDialog.Builder(mActivity);
AlertDialog alertDialog = builder.create();
alertDialog.setCancelable(false);
String message = "There a problem with the security certificate for this web site.";
message += "\nDo you want to continue anyway?";
alertDialog.setTitle("SSL Certificate Error");
alertDialog.setMessage(message);
alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
acceptSSL = true;
return;
}
});
alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
acceptSSL = true;
task.onInterruptedDownload();
}
});
alertDialog.show();
}
});
while( !acceptSSL){
try{
Thread.sleep(1000);
} catch( InterruptedException er) { }
}
}
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
} catch (Exception e) { // should never happen
e.printStackTrace();
}
}
在调用Jsoup之前调用此方法。 Google Play上的SSL警告也消失了。