从Android应用程序连接到受SSL保护的服务器

时间:2017-06-28 05:06:14

标签: android ssl okhttp

我是初级Android开发人员并创建了应用程序,所有工作都很好,但是当我们添加SSL保护时,启动了网站问题。我将key.pem添加到assets文件夹并尝试使用此example 但它没有用完。请帮忙,我该如何解决这个问题?

 @Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_gogo);

    OkHttpClient client = new OkHttpClient();
    SSLContext sslContext = SslUtils.getSslContextForCertificateFile("cert.pem");
    client.setSslSocketFactory(sslContext.getSocketFactory());

    HttpUrl.Builder urlBuilder = HttpUrl.parse("https://mysite/API/login.php").newBuilder();
    urlBuilder.addQueryParameter("username", "xxxxxx");
    urlBuilder.addQueryParameter("appkey", "xxxxxxx");
    String url = urlBuilder.build().toString();

    Request request = new Request.Builder()
            .url(String.valueOf(urlBuilder))
            .build();


    client.newCall(request).enqueue(new Callback() {
        @Override
        public void onFailure(Request request, IOException e) {
            e.printStackTrace();
        }

        @Override
        public void onResponse(Response response) throws IOException {
            if (!response.isSuccessful()){
                throw new IOException("Unexpected code"+ response);
            }
        }
    });




}

这是我的堆栈

W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:333) W/System.err: at com.squareup.okhttp.Connection.connectTls(Connection.java:235) W/System.err: at com.squareup.okhttp.Connection.connectSocket(Connection.java:199) W/System.err: at com.squareup.okhttp.Connection.connect(Connection.java:172) W/System.err: at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367) W/System.err: at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128) W/System.err: at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328) W/System.err: at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245) W/System.err: at com.squareup.okhttp.Call.getResponse(Call.java:267) W/System.err: at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:224) W/System.err: at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:195) W/System.err: at com.squareup.okhttp.Call.access$100(Call.java:34) W/System.err: at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:162) W/System.err: at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33) W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113) W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588) W/System.err: at java.lang.Thread.run(Thread.java:818) W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. W/System.err: at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:324) W/System.err: at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:225) W/System.err: at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115) W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:571) W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:329) W/System.err: ... 16 more W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

2 个答案:

答案 0 :(得分:0)

检查此方法以获取httpClient: 

public static OkHttpClient getHttpClientForFile() {
        ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
                .tlsVersions(TlsVersion.TLS_1_0)
                .cipherSuites(
                        CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
                        CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
                        CipherSuite.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
                        CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
                        CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA,
                        CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA)
                .build();
        return new OkHttpClient.Builder()
                .connectTimeout(2, TimeUnit.MINUTES)
                .writeTimeout(2, TimeUnit.MINUTES)
                .readTimeout(3, TimeUnit.MINUTES)
                .connectionSpecs(Collections.singletonList(spec))
                .protocols(Arrays.asList(Protocol.HTTP_1_1))
                .build();
    }

更多访问here

答案 1 :(得分:0)

您可以使用改造和okhttp而不是这个。你可以将http网址改为https,这就是全部。不需要pem文件

相关问题
最新问题