嗯,我对这个网络领域并不是很了解,但我尽力寻找类似的问题而没有成功。
我使用客户端证书构建了受保护的Web服务,并通过创建自定义信任管理器使我的Android应用程序通过AsyncHTTPClient
成功连接到它们:
private SSLContext getSSLContext(){
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream in = context.getResources().openRawResource(R.raw.i);
try {
keyStore.load(in,p);
} finally {
in.close();
}
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream instream = context.getResources().openRawResource(R.raw.cert);
byte[] der =loadPemCertificate(instream);
ByteArrayInputStream derInputStream = new ByteArrayInputStream(der);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(derInputStream);
String alias = cert.getSubjectX500Principal().getName();
trustStore.load(null);
trustStore.setCertificateEntry(alias, cert);
instream.close();
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, pw);
KeyManager[] keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(keyManagers, new TrustManager[]{mtm}, null);
return sslContext;
}catch (Exception e){
}
return null;
}
但是,某些请求有时会失败。我试图在失败的请求中找到任何特别的东西,但没有。 我只是注意到失败的请求始终是通过分块传输编码获得响应的请求。然而,这些要求有时会取得成功,有时却会失败。
以下是Android错误:
10-15 15:09:15.319 6279-6569/com..tba W/System.err: javax.net.ssl.SSLProtocolException: Read error: ssl=0xbe44bb40: Failure in SSL library, usually a protocol error
10-15 15:09:15.320 6279-6569/com..tba W/System.err: error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:641 0xc775cfe0:0x00000001)
10-15 15:09:15.320 6279-6569/com..tba W/System.err: error:100000d7:SSL routines:OPENSSL_internal:SSL_HANDSHAKE_FAILURE (external/boringssl/src/ssl/s3_pkt.c:428 0xdd84cb7b:0x00000000)
10-15 15:09:15.320 6279-6569/com..tba W/System.err: at com.android.org.conscrypt.NativeCrypto.SSL_read(Native Method)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl$SSLInputStream.read(OpenSSLSocketImpl.java:789)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:160)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:84)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.AbstractSessionInputBuffer.readLine(AbstractSessionInputBuffer.java:273)
10-15 15:09:15.321 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:140)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:57)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:260)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.AbstractHttpClientConnection.receiveResponseHeader(AbstractHttpClientConnection.java:283)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.DefaultClientConnection.receiveResponseHeader(DefaultClientConnection.java:251)
10-15 15:09:15.322 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.conn.AbstractClientConnAdapter.receiveResponseHeader(AbstractClientConnAdapter.java:223)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:271)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:685)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:487)
10-15 15:09:15.323 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:860)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at cz.msebera.android.httpclient.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at com.loopj.android.http.AsyncHttpRequest.makeRequest(AsyncHttpRequest.java:146)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at com.loopj.android.http.AsyncHttpRequest.makeRequestWithRetries(AsyncHttpRequest.java:177)
10-15 15:09:15.324 6279-6569/com..tba W/System.err: at com.loopj.android.http.AsyncHttpRequest.run(AsyncHttpRequest.java:106)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:428)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:237)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
10-15 15:09:15.325 6279-6569/com..tba W/System.err: at java.lang.Thread.run(Thread.java:762)
以下是Apache错误:
AH02261: Re-negotiation handshake failed: Not accepted by client!?
最后,下面是我的自定义信任管理员:
public class MyTrustManager implements X509TrustManager {
protected ArrayList<X509TrustManager> x509TrustManagers = new ArrayList<X509TrustManager>();
protected MyTrustManager(KeyStore... additionalkeyStores) {
final ArrayList<TrustManagerFactory> factories = new ArrayList<TrustManagerFactory>();
try {
// The default Trustmanager with default keystore
final TrustManagerFactory original = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
original.init((KeyStore) null);
factories.add(original);
for( KeyStore keyStore : additionalkeyStores ) {
final TrustManagerFactory additionalCerts = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
additionalCerts.init(keyStore);
factories.add(additionalCerts);
}
} catch (Exception e) {
throw new RuntimeException(e);
}
for (TrustManagerFactory tmf : factories)
for( TrustManager tm : tmf.getTrustManagers() )
if (tm instanceof X509TrustManager)
x509TrustManagers.add( (X509TrustManager)tm );
if( x509TrustManagers.size()==0 )
throw new RuntimeException("Couldn't find any X509TrustManagers");
}
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
final X509TrustManager defaultX509TrustManager = x509TrustManagers.get(0);
defaultX509TrustManager.checkClientTrusted(chain, authType);
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
for( X509TrustManager tm : x509TrustManagers ) {
try {
tm.checkServerTrusted(chain,authType);
return;
} catch( CertificateException e ) {
// ignore
}
}
throw new CertificateException();
}
public X509Certificate[] getAcceptedIssuers() {
final ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
for( X509TrustManager tm : x509TrustManagers )
list.addAll(Arrays.asList(tm.getAcceptedIssuers()));
return list.toArray(new X509Certificate[list.size()]);
}
}
非常感谢任何见解。