Https主机名未使用goDaddy证书进行验证

时间:2016-08-02 03:18:54

标签: java android ssl-certificate bouncycastle httpsurlconnection

我正在尝试使用我的端点下列出的两个goDaddy证书来访问我的服务器。堆栈中的三个证书是我的证书>去爸爸安全证书颁发机构-G2>去爸爸根证书颁发机构 - G2。我从Go Daddy Repository下载了安全和根证书,现在已经添加到我的android app原始资源文件夹中。即使两者都存在,它仍然给我这个错误

javax.net.ssl.SSLPeerUnverifiedException: Hostname  not verified:

我不知道接下来该做什么。我尝试了很多组合,所以我认为我需要一种不同的方式来做到这一点。

这是我到目前为止所拥有的; 我的HttpsClient代码; 

public class MyHttpsGet extends AsyncTask<String, Void, String> {

Context context;

int cert;
int interCert;
boolean allowHost;
private String username;
private String password;

//this is used if you need a password and username
//mainly for logins to a webserver
public MyHttpsGet(String username, String password, Context context, int cert, int intermedCert)
{
    this.context = context;
    this.cert = cert;
    this.interCert = intermedCert;
    this.username = username;
    this.password = password;

}

//used for image downloading
public MyHttpsGet(){}

@Override
protected String doInBackground(String... params) {
    String url = params[0];
    return httpsDownloadData(url, context, cert, interCert);
}

public String httpsDownloadData (String urlString, Context context, int certRawResId, int certIntermedResId)
{
    String respone = null;

    try {
        // build key store with ca certificate
        KeyStore keyStore = buildKeyStore(context, certRawResId, certIntermedResId);


        // Create a TrustManager that trusts the CAs in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);

        // Create a connection from url
        URL url = new URL(urlString);
        if (username != null) {
            Authenticator.setDefault(new Authenticator() {
                @Override
                protected PasswordAuthentication getPasswordAuthentication() {
                    return new PasswordAuthentication(username, password.toCharArray());
                }
            });
        }
        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
        urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());


        int statusCode = urlConnection.getResponseCode();
        Log.d("Status code: ", Integer.toString(statusCode));


        InputStream inputStream = urlConnection.getInputStream();
        if (inputStream != null) {
            respone = streamToString(inputStream);
            inputStream.close();
        }

    }catch (IOException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }

    Log.d("MyHttps Respones: ", respone);
    return respone;
}


private static KeyStore buildKeyStore(Context context, int certRawResId, int interCert){
    // init a default key store
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = null;
    try {
        keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);

        // read and add certificate authority
        Certificate cert2 = readCert(context, interCert);
        Certificate cert = readCert(context, certRawResId);
        keyStore.setCertificateEntry("ca" , cert2);
        keyStore.setCertificateEntry("ca", cert);



    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return keyStore;

}

private static Certificate readCert(Context context, int certResourceId) throws IOException {

    // read certificate resource
    InputStream caInput = context.getResources().openRawResource(certResourceId);

    Certificate ca = null;
    try {
        // generate a certificate
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ca = cf.generateCertificate(caInput);
    } catch (CertificateException e) {
        e.printStackTrace();
    } finally {
        caInput.close();
    }

    return ca;
}

//this is used for downloading strings from an http or https connection
private String streamToString(InputStream is) throws IOException {

    StringBuilder sb = new StringBuilder();
    BufferedReader rd = new BufferedReader(new InputStreamReader(is));
    String line;
    while ((line = rd.readLine()) != null) {
        sb.append(line);
    }

    return sb.toString();
}


 }

以下是我如何称呼/使用它:

 MyHttpsGet task = new MyHttpsGet(username, password,myContext, R.raw.gdroot_g2, R.raw.gdintermed);
        try {
            myJson = task.execute(myUrl).get();
            Log.d("Json: " , myJson);
        } catch (InterruptedException e) {
            e.printStackTrace();
        } catch (ExecutionException e) {
            e.printStackTrace();
        }
        new runningMan().execute();

感谢您对此提供任何帮助。

这是我的Cert Chain的图片 enter image description here

1 个答案:

答案 0 :(得分:1)

错误消息显示apivitacrm.elasticbeanstalk.com,但您随后将证书中的通配符名称变黑。为什么呢?

好吧,无论它是什么,它看起来都以a开头,所以它绝对不是*.elasticbeanstalk.com通配符证书。

这意味着错误消息是正确的。证书不属于给定的域名。

即使它是*.apivitacrm.elasticbeanstalk.com通配符(虽然停电看起来不够宽),它仍然不匹配apivitacrm.elasticbeanstalk.com,因为它只匹配子域。

相关问题
最新问题