由于HostnameVerifier问题,Google拒绝了应用

时间:2018-01-24 10:45:18

标签: android ssl-certificate android-volley hostname android-security

更新了我的应用程序以信任所有sdk 17及以下的排球证书,因为volley工作正常,没有主机名验证程序更高的sdk。它工作正常,但谷歌拒绝我的应用程序更新说

  

您的应用正在使用HostnameVerifier接口的不安全实现。

我正在使用以下代码

TrustManager[] trustAllCertsc = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }
        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } };
    SSLContext scc = null;
    try {
        scc = SSLContext.getInstance("SSL");
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
    try {
        scc.init(null, trustAllCertsc, new java.security.SecureRandom());
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }
    HttpsURLConnection.setDefaultSSLSocketFactory(scc.getSocketFactory());
    // Create all-trusting host name verifier
    HostnameVerifier allHostsValidc = new HostnameVerifier() {
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    };
    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValidc);

2 个答案:

答案 0 :(得分:1)

删除所有代码。您将无法通过多个Play商店检查(<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <div id="spaceTrainingImages"></div>和全部接受HostnameVerifier)。此外,Play商店拒绝您的应用的原因是,通过此代码,您正在削弱应用安全性

答案 1 :(得分:0)

我不建议您使用不安全的HTTP请求继续开发应用

但是,如果您根本不关心安全性,则可以使用以下代码来处理Volley并获得PlayStore的批准:

private static void disableSSLCertificateChecking() {
    TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            // Not implemented
        }

        @Override
        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            // Not implemented
        }
    }};

    try {
        SSLContext sc = SSLContext.getInstance("TLS");

        sc.init(null, trustAllCerts, new java.security.SecureRandom());

        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (KeyManagementException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
}
相关问题
最新问题