信任所有证书? x509证书

时间:2011-09-26 20:49:42

标签: android https x509certificate

我有以下代码通过HTTPS连接,但我在连接尝试期间遇到以下错误。

  

WARN / System.err(9456):javax.net.ssl.SSLHandshakeException:   org.bouncycastle.jce.exception.ExtCertPathValidatorException:无法验证证书签名。

我如何解决这个问题? 信任所有证书?我怎么做? 这不是问题,因为我只连接到同一台服务器。 我已经在我的应用程序中将EasyX509TrustManager作为一个类实现了。

提前谢谢。

 try {
            HttpClient client = new DefaultHttpClient();
            // Setting up parameters 
            SchemeRegistry schemeRegistry = new SchemeRegistry(); 
            // http scheme 
            schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
            // https scheme 
            schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443)); 

            HttpParams params = new BasicHttpParams(); 
            params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30); 
            params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(30)); 
            params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false); 
            HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); 

            ClientConnectionManager cm = new ThreadSafeClientConnManager(params, schemeRegistry); 

            DefaultHttpClient httpClient = new DefaultHttpClient(cm, client.getParams()); 


            // Example send HttpsPost request 
            final String url = "https://www.xxxx.com/web/restricted/form/formelement"; 

            // Do the HTTPS Post
            HttpPost httpPost = new HttpPost(url); 

                ArrayList<NameValuePair> postParameters; 
            postParameters = new ArrayList<NameValuePair>(2); 
            postParameters.add(new BasicNameValuePair("usr_name", username)); 
            postParameters.add(new BasicNameValuePair("usr_password", password));

            System.out.println(postParameters); 

            HttpResponse response = httpClient.execute(httpPost);
            Log.w("Response ","Status line : "+ response.toString());

彼得,

谢谢你的答案,我按照你的建议,无法验证消息消失了。但是现在我收到以下消息:

09-26 23:47:20.381:WARN / ResponseProcessCookies(10704):Cookie被拒绝:“BasicClientCookie [version = 0,name = ObFormLoginCookie,domain = www.kpn.com,path = / web / restricted / form? formelement = 512663,期满=空]”。非法路径属性“/ web / restricted / form?formelement = 512663”。原产地:“/ web / restricted / form / formelement = 512663” 09-26 23:47:20.461:WARN / Response(10704):状态行:org.apache.http.message.BasicHttpResponse@407afb98

标题中似乎有些错误?

2 个答案:

答案 0 :(得分:1)

不要相信所有证书,这是一个非常非常糟糕的主意。使用服务器的证书创建密钥库,将其放入应用程序的原始资产,然后将其加载到HttpClient的SSLSocketFactory中。然后在SchemeRegistry

中注册此工厂以获取https

答案 1 :(得分:0)

您需要提供自己的TrustManager信任所有证书。

请参阅此答案:HTTPS and self-signed certificate issue