Question

我正在尝试使用自签名证书测试安全的http连接...仅用于开发目的。但是我无法解决对等体未经过身份验证的异常，当然我已经查看了有关此异常的类似帖子，以下是我正在使用的当前实现：

public class SelfCertificatesSocketFactory extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
    super(trustStore);

      TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };




}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}



@Override
public Socket createSocket(Socket socket, String host, int port,
        boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}



}

用法：

private DefaultHttpClient createHttpsClient(){
    try {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);

        SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
        //sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        return new DefaultHttpClient(ccm);
    } catch (Exception e) {
        return new DefaultHttpClient();
    }

}

然而它不起作用......我仍然得到例外。我做错了什么？ PD：我正在实现一个Java Web应用程序，这不是一个Android客户端。非常感谢。

Answer 1

您的代码创建的信任管理器实例似乎没有在任何地方使用，并且KeyStore实例似乎不包含任何信任材料。

您应该只使用SSLSocketFactory的功能，而不是完成所有操作。

TrustStrategy easyStrategy = new TrustStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // eh, why not?
        return true;
    }
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);

Answer 2

感谢您的支持，使用以下代码解决：

HttpClient client = null;
    TrustStrategy easyStrategy = new TrustStrategy() {

        @Override
        public boolean isTrusted(X509Certificate[] certificate, String authType)
                throws CertificateException {
            return true;
        }
    };
    try {

        SSLSocketFactory sf = new SSLSocketFactory(easyStrategy,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 8443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        client = new DefaultHttpClient(ccm);

    } catch (KeyManagementException e1) {
        e1.printStackTrace();
    } catch (UnrecoverableKeyException e1) {
        e1.printStackTrace();
    } catch (NoSuchAlgorithmException e1) {
        e1.printStackTrace();
    } catch (KeyStoreException e1) {
        e1.printStackTrace();
    }

Answer 3

在我的特定情况下，我的设备上的系统时间是在过去设置的。

感谢this page指出看似明显的......：）

带有httpClient的SSLPeerUnverifiedException

3 个答案: