我目前正在为我的组织网站开发我的第一个Android应用程序和第一个api。我正在尝试使用安全连接从Android应用程序连接到api。我们的网站在8090上有一个测试端口,我试图用它来测试api,但我遇到的问题是我在网站上有一个自签名证书,我从网上看过,android apps don'喜欢。为了确保api没有问题,我使用了http而不是https连接,它运行良好。我尝试了一些我在网上找到的解决方案,包括来自这个网站的一对,但似乎都没有。再一次,我没有太多开发Android的经验,所以我的尝试只是从我在网上找到的解决方案中复制和粘贴。以下是我尝试过的一些链接:
http://yekmer.posterous.com/how-to-accept-self-signed-certificates-in-and
还有其他页面我找不到现在的链接,但下面是我目前用来连接的代码:
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://website.edu:8090/api.php?");
try {
// Add your data
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("method", "login"));
nameValuePairs.add(new BasicNameValuePair("user", username.getText().toString()));
nameValuePairs.add(new BasicNameValuePair("pass", md5(password.getText().toString())));
nameValuePairs.add(new BasicNameValuePair("submitLogin", "1"));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs, HTTP.UTF_8));
HttpParams params = httppost.getParams();
HttpConnectionParams.setConnectionTimeout(params, 45000);
HttpConnectionParams.setSoTimeout(params, 45000);
// Execute HTTP Post Request
HttpResponse response = httpclient.execute(httppost);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
我还想补充一点,购买证书不是一种选择,因为我们没有预算可以使用,所以任何可以解决自签名证书问题的东西都会很棒。提前致谢!
答案 0 :(得分:1)
可能会暂时忽略服务,直到签名?
试试这个:
public static javax.net.ssl.TrustManager getTrustManager()
{
javax.net.ssl.TrustManager tm = new javax.net.ssl.X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain, String authType)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain, String authType)
throws java.security.cert.CertificateException {
}
};
return tm;
}
public static DefaultHttpClient getThreadSafeClient() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {
DefaultHttpClient client = new DefaultHttpClient();
ClientConnectionManager mgr = client.getConnectionManager();
HttpParams cleintParams = client.getParams();
cleintParams.setBooleanParameter("http.protocol.expect-continue", true);
cleintParams.setBooleanParameter("http.protocol.warn-extra-input", true);
// params.setIntParameter("http.socket.receivebuffer", 999999);
//---->> SSL
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
// HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
//<<------
client = new DefaultHttpClient(new ThreadSafeClientConnManager(params, registry), cleintParams);
return client;
}