我知道这是一个偶然的问题,但让我解释一下我的情况...
我最近要求在我的应用程序的Google Play控制台上进行验证,但由于以下原因而被拒绝
Your app(s) are using an unsafe implementation of the HostnameVerifier interface
在查找了不同的SO帖子之后,我使用以下代码更正了我的实现:
public static HttpsURLConnection setUpHttpsConnection(String urlString, Context ct)
{
try
{
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(final String hostname, final SSLSession session) {
if (hostname.equalsIgnoreCase("12.15.56.23") || hostname.equalsIgnoreCase("api.mypayment.com") || hostname.equalsIgnoreCase("api.sandbox.mypayment.com") || hostname.equalsIgnoreCase("api.otherprovider.com"))
return true;
else
return false;
}
});
SSLContext c = SSLContext.getInstance("TLS");
c.init(null, new X509TrustManager[]{new NullX509TrustManager()}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(c.getSocketFactory());
// Load CAs from an InputStream
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(ct.getAssets().open("myapp.pem"));
Certificate ca = cf.generateCertificate(caInput);
....
我认为此实现是正确的,但仍被拒绝... 请注意,我对应用程序执行的每个POST和GET请求都使用了自签名证书(myapp.pem)。
我不明白为什么这被拒绝了?