使用自签名证书

时间:2018-04-26 08:37:23

标签: java android ssl-certificate

我正在尝试向apache2发送https请求,然后由Django接收。代码在ssl之前使用http工作正常,但现在它给出了一个例外。我只需要通过apache2向django发送https请求。我的apache2服务器正在AWS服务器上运行。

这是在我的MainActivity.java文件中。

这是我的投掷代码

 hurlStack = new HurlStack() {

        @Override
        protected HttpsURLConnection createConnection(URL url) throws IOException {
            Log.w("testing","in hurlstack exception ");

            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) super.createConnection(url);
            Log.w("testing","after url ");

            try {
                Log.w("testing","in hurlstack try ");
                httpsURLConnection.setSSLSocketFactory(getSSLSocketFactory());
                httpsURLConnection.setHostnameVerifier(getHostnameVerifier());
            } catch (Exception e) {
                e.printStackTrace();
                Log.w("testing","In hurlstack exception"+e.toString());
            }
            Log.w("testing","end of  hurlstack" + httpsURLConnection);
            return httpsURLConnection;
        }
    };

  private HostnameVerifier getHostnameVerifier() {
    Log.w("testing","In hostname verifier");
    return new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
            //return true; // verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames
            HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
            return hv.verify(hostname, session);
        }
    };
}

private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
    Log.w("testing","In trust manager");
    final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
    return new TrustManager[]{
            new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    return originalTrustManager.getAcceptedIssuers();
                }

                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                    try {
                        if (certs != null && certs.length > 0){
                            certs[0].checkValidity();
                        } else {
                            originalTrustManager.checkClientTrusted(certs, authType);
                        }
                    } catch (CertificateException e) {
                        Log.w("testing", "certificate error "+e.toString());
                    }
                }

                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    try {
                        if (certs != null && certs.length > 0){
                            certs[0].checkValidity();
                        } else {
                            originalTrustManager.checkServerTrusted(certs, authType);
                        }
                    } catch (CertificateException e) {
                        Log.w("testing", "certificate server error "+e.toString());
                    }
                }
            }
    };
}

private SSLSocketFactory getSSLSocketFactory()
        throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
    Log.w("testing", " in ssl socket factory");
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    InputStream caInput = getResources().openRawResource(R.raw.apache_selfsigned); // this is the file with .crt extension stored in \app\src\main\res\raw folder path
    Log.w("testing", "ssl socket");
    Certificate ca = cf.generateCertificate(caInput);
    caInput.close();

    KeyStore keyStore = KeyStore.getInstance("BKS");
    keyStore.load(null, null);
    keyStore.setCertificateEntry("ca", ca);

    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    tmf.init(keyStore);

    TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, wrappedTrustManagers, null);

    return sslContext.getSocketFactory();
}

我有一个MySingleton.java文件

private MySingleton(Context context) {
    mCtx = context;
    mRequestQueue = getRequestQueue();

}

public static synchronized MySingleton getInstance(Context context) {
    if (mInstance == null) {
        mInstance = new MySingleton(context);
    }
    return mInstance;
}

public RequestQueue getRequestQueue() {
    if (mRequestQueue == null) {
        // getApplicationContext() is key, it keeps you from leaking the
        // Activity or BroadcastReceiver if someone passes one in.
        mRequestQueue = Volley.newRequestQueue(mCtx.getApplicationContext(),new HurlStack());
    }
    return mRequestQueue;
}

public <T> void addToRequestQueue(Request<T> req) {

//        getRequestQueue().getCache().clear();
      req.setRetryPolicy(new DefaultRetryPolicy(60000, 0, DefaultRetryPolicy.DEFAULT_BACKOFF_MULT));
    getRequestQueue().add(req);
}

我用来创建自签名证书的命令是

sudo openssl req -new -x509 -nodes -out apache-selfsigned.crt -keyout apache-selfsigned.key

1 个答案:

答案 0 :(得分:1)

您需要获取上面生成的证书请求文件并对其进行自签名以生成证书文件。

openssl x509 -trustout -signkey apache-selfsigned.key -days 365 -req -in apache-selfsigned.crt -out apache-selfsigned.cer

相关问题
最新问题