Https.request错误javax.net.ssl.SSLPeerUnverifiedException

时间:2018-08-14 08:11:54

标签: java ssl https certificate nativescript

我的代码有一个大问题,在https.androif.js中,我有:

"use strict";
var peer = {
    enabled: false,
    allowInvalidCertificates: false,
    validatesDomainName: true,
};
function enableSSLPinning(options) {
     if (!peer.host && !peer.certificate
    ) {
        var certificate = void 0;
        var InputSteram = void 0;

        try {
             var file = new java.io.file((options.certificate));
             inputstream = new java.io.fileinputstream(file);
             var x509certificate = java.security.cert.certificatefactory.getinstance('x509').generatecertificate(inputstream);
             peer.x509certificate = x509certificate;
             certificate = okhttp3.certificatepinner.pin(x509certificate);
             inputstream.close();
        }
        catch (error) {
            try {
                if (inputStream) {
                    console.log('inputStream', inputStream)
                    inputStream.close();
                }
            }
            catch (e) { }
            console.error('nativescript-https > enableSSLPinning error', error);
            return;
        }
        peer.host = options.host;
        peer.certificate = certificate;
        if (options.allowInvalidCertificates == true) {
            peer.allowInvalidCertificates = true;
        }
        if (options.validatesDomainName == false) {
            peer.validatesDomainName = false;
        }
    }
    peer.enabled = true;
    getClient(true);
    console.log('nativescript-https > Enabled SSL pinning');
}


exports.enableSSLPinning = enableSSLPinning;

function disableSSLPinning() {
    peer.enabled = false;
    getClient(true);
    console.log('nativescript-https > Disabled SSL pinning');
}

exports.disableSSLPinning = disableSSLPinning;
console.info('nativescript-https > Disabled SSL pinning by default');
var Client;
function getClient(reload) {
    console.log(reload)
    if (reload === void 0) { reload = false; }
    if (Client && reload == false) {
        return Client;
    }
    var client = new okhttp3.OkHttpClient.Builder();
    if (peer.enabled == true) {
        if (peer.host || peer.certificate) {
            var spec = okhttp3.ConnectionSpec.MODERN_TLS;
            client.connectionSpecs(java.util.Collections.singletonList(spec));
            var pinner = new okhttp3.CertificatePinner.Builder();
            pinner.add(peer.host, [peer.certificate]);
            client.certificatePinner(pinner.build());
            if (peer.allowInvalidCertificates == true) {
                try {
                    var x509Certificate = peer.x509Certificate;
                    var keyStore = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    keyStore.setCertificateEntry('CA', x509Certificate);
                    var keyManagerFactory = javax.net.ssl.KeyManagerFactory.getInstance('X509');
                    keyManagerFactory.init(keyStore, null);
                    var keyManagers = keyManagerFactory.getKeyManagers();
                    var trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance(javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    var sslContext = javax.net.ssl.SSLContext.getInstance('TLS');
                    sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new java.security.SecureRandom());
                    client.sslSocketFactory(sslContext.getSocketFactory());
                }
                catch (error) {
                    console.error('nativescript-https > client.allowInvalidCertificates error', error);
                }
            }
            if (peer.validatesDomainName == false) {
                try {
                    client.hostnameVerifier(new javax.net.ssl.HostnameVerifier({
                        verify: function (hostname, session) {
                            var pp = session.getPeerPrincipal().getName();
                            var hv = javax.net.ssl.HttpsURLConnection.getDefaultHostnameVerifier();
                            return (hv.verify(peer.host, session) &&
                                peer.host == hostname &&
                                peer.host == session.getPeerHost() &&
                                pp.indexOf(peer.host) != -1);
                        },
                    }));
                }
                catch (error) {
                    console.error('nativescript-https > client.validatesDomainName error', error);
                }
            }
        }
        else {
            console.warn('nativescript-https > Undefined host or certificate. SSL pinning NOT working!!!');
        }
    }
    Client = client.build();
    console.log('Client', Client)
    return Client;
}
function request(opts) {
    return new Promise(function (resolve, reject) {
        try {
            var client = getClient();
            var request_1 = new okhttp3.Request.Builder();
            request_1.url(opts.url);
            var reqheads_1 = opts.headers;
            Object.keys(reqheads_1).forEach(function (key) {
                request_1.addHeader(key, reqheads_1[key]);
            });
            if (opts.method == 'GET') {
                request_1.get();
            }
            else if (opts.method == 'POST') {
                var type = okhttp3.MediaType.parse('application/json');
                var body = okhttp3.RequestBody.create(type, opts.content);
                request_1.post(body);
            }
            client.newCall(request_1.build()).enqueue(new okhttp3.Callback({
                onResponse: function (task, response) {
                    var content;
                    try {
                        content = JSON.parse(response.body().string());
                    }
                    catch (error) {
                        return reject(error);
                    }
                    var statusCode = response.code();
                    var headers = {};
                    var heads = response.headers();
                    var i, len = heads.size();
                    for (i = 0; i < len; i++) {
                        var key = heads.name(i);
                        var value = heads.value(i);
                        headers[key] = value;
                    }
                    resolve({ content: content, statusCode: statusCode, headers: headers });
                },
                onFailure: function (task, error) {
                    reject(error);
                },
            }));
        }
        catch (error) {
            reject(error);
        }
    });
}
exports.request = request;

在component.ts中,我使用了以下代码:

let dir = knownFolders.currentApp().getFolder('certificate')
     let certificate = dir.getFile('certificate.pem').path
  Https.enableSSLPinning({ host: 'XX.XXX.XX.XX', certificate, allowInvalidCertificates: true, validatesDomainName: false })
    Https.request({
        url: 'https://XX.XXX.XX.XX:3333/login',
        method: 'GET',
        headers: {
            "Content-type": "application/x-www-form-urlencoded",
        },
    }).then(function (response) {
        console.log('Https.request response', response);
    }).catch(function (error) {
        console.error('Https.request error', error);
    })

我使用了从服务器生成的自签名证书。我想

allowInvalidCertificates: true, 
validatesDomainName: false 

从此代码中我得到错误:

JS: Https.request error javax.net.ssl.SSLPeerUnverifiedException: Hostname XX.XXX.XX.XX not verified:
JS: certificate: sha256/hfR9N2GN2WS1NQuHAAnOUc1gVQCf4f4HrhdlfXXP+Ko=
JS: DN: 1.2.840.113549.1.9.1=#16111315727473401578616d706c652e636f6d,CN=localhost,OU=techops,O=Example > Co,L=Boston,ST=MA,C=US
JS: subjectAltNames: []

我认为这部分代码存在问题:

...  onFailure: function (task, error) {
                console.log('test1', error)
                reject(error);
            },....

您能否问我任何想法,如何解决此错误?怎么了?

这是我使用的插件:https-nativescript

很多撒谎

0 个答案:

没有答案