android上的httpclient ssl证书
我在android上使用httpclient时遇到了一些问题我正在尝试访问自签名证书的详细信息我希望我的应用程序信任所有证书(我将仅使用ssl进行数据加密)。首先,我尝试在桌面上使用该指南,但在android上,我仍然获得了javax.net.ssl.SSLException:Not trusted server certificate。在谷歌搜索之后,我发现了一些其他的例子,比如如何启用ssl -在使用URLConnection但使用HttpClient时仍会出现异常 -在桌面上使用apache的JAR是可行的,但在android中使用SDK类中包含的JAR无法使其工作 -也会得到相同的异常android上的httpclient ssl证书,android,ssl,certificate,httpclient,Android,Ssl,Certificate,Httpclient,我在android上使用httpclient时遇到了一些问题我正在尝试访问自签名证书的详细信息我希望我的应用程序信任所有证书(我将仅使用ssl进行数据加密)。首先,我尝试在桌面上使用该指南,但在android上,我仍然获得了javax.net.ssl.SSLException:Not trusted server certificate。在谷歌搜索之后,我发现了一些其他的例子,比如如何启用ssl -在使用URLConnection但使用HttpClient时仍会出现异常 -在桌面上使用apach
那么,我如何信任android上使用HttpClient的所有证书呢
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(
new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
ClientConnectionManager connManager = null;
HttpParams params = getParams();
...
}
请注意https方案到org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory()的映射
您可以为
org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
接口()创建自定义实现,其中,您可以使用接受所有证书的自定义TrustManager
创建java.net.SSLSocket
您可能想在上查看JSSE以了解更多详细信息,关键思想是使用定制的SSLSocketFactory实现LayeredSocketFactory。自定义套接字不需要HostNameVerifier
private static final class TrustAllSSLSocketFactory implements
LayeredSocketFactory {
private static final TrustAllSSLSocketFactory DEFAULT_FACTORY = new TrustAllSSLSocketFactory();
public static TrustAllSSLSocketFactory getSocketFactory() {
return DEFAULT_FACTORY;
}
private SSLContext sslcontext;
private javax.net.ssl.SSLSocketFactory socketfactory;
private TrustAllSSLSocketFactory() {
super();
TrustManager[] tm = new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// do nothing
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// do nothing
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
} };
try {
this.sslcontext = SSLContext.getInstance(SSLSocketFactory.TLS);
this.sslcontext.init(null, tm, new SecureRandom());
this.socketfactory = this.sslcontext.getSocketFactory();
} catch ( NoSuchAlgorithmException e ) {
Log.e(LOG_TAG,
"Failed to instantiate TrustAllSSLSocketFactory!", e);
} catch ( KeyManagementException e ) {
Log.e(LOG_TAG,
"Failed to instantiate TrustAllSSLSocketFactory!", e);
}
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket(
socket, host, port, autoClose);
return sslSocket;
}
@Override
public Socket connectSocket(Socket sock, String host, int port,
InetAddress localAddress, int localPort, HttpParams params)
throws IOException, UnknownHostException, ConnectTimeoutException {
if ( host == null ) {
throw new IllegalArgumentException(
"Target host may not be null.");
}
if ( params == null ) {
throw new IllegalArgumentException(
"Parameters may not be null.");
}
SSLSocket sslsock = (SSLSocket) ( ( sock != null ) ? sock
: createSocket() );
if ( ( localAddress != null ) || ( localPort > 0 ) ) {
// we need to bind explicitly
if ( localPort < 0 ) {
localPort = 0; // indicates "any"
}
InetSocketAddress isa = new InetSocketAddress(localAddress,
localPort);
sslsock.bind(isa);
}
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
int soTimeout = HttpConnectionParams.getSoTimeout(params);
InetSocketAddress remoteAddress;
remoteAddress = new InetSocketAddress(host, port);
sslsock.connect(remoteAddress, connTimeout);
sslsock.setSoTimeout(soTimeout);
return sslsock;
}
@Override
public Socket createSocket() throws IOException {
// the cast makes sure that the factory is working as expected
return (SSLSocket) this.socketfactory.createSocket();
}
@Override
public boolean isSecure(Socket sock) throws IllegalArgumentException {
return true;
}
}
与其接受所有证书,我建议使用以下解决方案:org.apache.commons.httpclient.contrib.ssl。EasySSLProtocolSocketFactory是SecureProtocolSocketFactory的实现,它必须信任所有证书。在apache中,指南的设置与此协议类似;正如我提到的,我试过这个,但仍然不起作用。这是您的意思还是其他意思?与“MySSLSocketFactory”关联的TrustManager是什么?公共类NaiveTrustManager实现X509TrustManager{private static final X509Certificate[]\u AcceptedIssuers=new X509Certificate[]{};public void checkClientTrusted(X509Certificate[]链,字符串authType)抛出CertificateException{}public void checkServerTrusted(X509Certificate[]链,字符串authType)抛出CertificateException{}public X509Certificate[]GetAcceptedAssuers(){return_AcceptedAssuers;}}}hmm。。。实现看起来不错。尝试登录并查看输出-“-Djava.net.debug=all”“我希望我的应用程序信任所有证书…”-这是个糟糕的主意。这完全是危险的。
private static final BasicHttpParams sHttpParams = new BasicHttpParams();
private static final SchemeRegistry sSupportedSchemes = new SchemeRegistry();
static {
sHttpParams.setParameter("http.socket.timeout", READ_TIMEOUT);
sHttpParams.setParameter("http.connection.timeout", CONNECT_TIMEOUT);
sSupportedSchemes.register(new Scheme("http",
PlainSocketFactory.getSocketFactory(), 80));
sSupportedSchemes.register(new Scheme("https",
TrustAllSSLSocketFactory.getSocketFactory(), 443));
}