Android:发出Https请求

时间:2011-10-01 18:05:22

标签: android apache https

在发出Https请求时,如何避免“javax.net.ssl.SSLPeerUnverifiedException:peer not authenticated”异常和Android Apache lib间隙“构造函数SSLSocketFactory(SSLContext)未定义”?

2 个答案:

答案 0 :(得分:46)

此方法接受HttpClient实例并返回ready-for-https HttpClient实例。

 private HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new MySSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}

因为Android org.apache.http.conn.ssl.SSLSocketFactory没有SSLSocketFactory(SSLContext)构造函数,所以我按如下方式扩展了类。

 public class MySSLSocketFactory extends SSLSocketFactory {
     SSLContext sslContext = SSLContext.getInstance("TLS");

     public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         super(truststore);

         TrustManager tm = new X509TrustManager() {
             public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public X509Certificate[] getAcceptedIssuers() {
                 return null;
             }
         };

         sslContext.init(null, new TrustManager[] { tm }, null);
     }

     public MySSLSocketFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        super(null);
        sslContext = context;
     }

     @Override
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
         return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
     }

     @Override
     public Socket createSocket() throws IOException {
         return sslContext.getSocketFactory().createSocket();
     }
}

优秀文章:http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html

这里有一些帮助:Trusting all certificates using HttpClient over HTTPS

答案 1 :(得分:1)

我有类似的问题,更像是question,但根本原因与两个问题中提到的完全不同。

我使用DefaultHttpClient作为httpclient来请求类似链接的https://maps.googleapis.com。我正在尝试全部提出解决方案,但没有一个对我有用。找到解决问题的时间过了几个小时后找到了根本原因:我的设备连接到了一个访客WIFI,它可能有一些特定的过滤规则阻止了相关的网络部分。切换到不同的网络解决了我的问题。

相关问题
最新问题