Android SSLSocket#getInputstream()在早期版本的Android 6.0上抛出HandshakeException

时间:2016-11-22 20:45:09

标签: android openssl ssl-certificate ssl-security ssl-client-authentication

在我的应用程序中,我需要处理SSLSocket。 我有这个代码适用于Android6.0及更高版本,当我在Android版本5上运行相同的代码时+我正在获取HandshakeException 

private void openSSLSocket(String mHost, int mPort){
    try {
        SocketFactory sf = SSLSocketFactory.getDefault();
        mSocket = (SSLSocket) sf.createSocket(mHost, mPort);
        mSocket.setEnabledProtocols(new String[]{"TLSv1"});
        mInputStream = mSocket.getInputStream();
        mOutputStream = mSocket.getOutputStream();

        mSocket.setSoTimeout(0);

    }catch (Exception e){
        e.printStackTrace();
    }
}

我在android开发者网站上阅读了this文章并实现了以下代码我获得了服务器管理员的.crt文件

private void openSSLSocketWithCA(String mHost, int mPort) {
    try{

        // Load CAs from an InputStream
        // (could be from a resource or ByteArrayInputStream or ...)
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        // From https://www.washington.edu/itconnect/security/ca/load-der.crt

        InputStream caInput = am.open("star_******_chained.crt");

        Certificate ca;
        try {
            ca = cf.generateCertificate(caInput);
            System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
        } finally {
            caInput.close();
        }

        // Create a KeyStore containing our trusted CAs
        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);

        // Create a TrustManager that trusts the CAs in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);

        SSLSocketFactory sf = context.getSocketFactory();
        mSocket = (SSLSocket) sf.createSocket(mHost, mPort);
        mSocket.setEnabledProtocols(new String[]{"TLSv1"});
        mInputStream = mSocket.getInputStream();
        mOutputStream = mSocket.getOutputStream();

        mSocket.setSoTimeout(0);
    }catch (Exception e){
        e.printStackTrace();
    }
}

即使这样,我在调用mSocket.getInputStream()时也会收到HandshakeException;方法

这是日志

W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374)
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:598)
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:560)
W/System.err:     at *******.***.*******.common.CometSocketApi.openSSLSocketWithCA(CometSocketApi.java:464)

1 个答案:

答案 0 :(得分:0)

经过大量的网络搜索。我已登陆此页Updating security provider 最后,这个解决方案对我有用

我在我主要活动的onCreate中调用了这段代码

create

这解决了我的问题

相关问题
最新问题