具有自定义证书的Android https连接
我想使用位于p12包中的自定义证书建立https连接。我已经在iPhone上做过了(所以我可以验证,证书、服务器等一切正常),但是Android有一些问题 我遵循了answear,但结果我得到了以下例外: 12-13 12:32:44.545:带系统错误(4407): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidator异常:的信任锚 找不到证书路径。12-13 12:32:44.545:带系统错误(4407): 在 org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374) 12-13 12:32:44.545:带系统错误(4407):在 libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209) 12-13 12:32:44.545:带系统错误(4407):在 libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478) 12-13 12:32:44.545:带系统错误(4407):在 libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:433) 12-13 12:32:44.545:带系统错误(4407):在 libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:289) 12-13 12:32:44.550:带系统错误(4407):在 libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:239)12-13 12:32:44.550:W/系统错误(4407):在 libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:80) 12-13 12:32:44.550:带系统错误(4407):在 libcore.net.http.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165) 12-13 12:32:44.550:带系统错误(4407):在 com.geckolab.httptestandroid.MainActivity.downloadUrlHttps(MainActivity.java:172) 12-13 12:32:44.550:带系统错误(4407):在 com.geckolab.httptestandroid.MainActivity.access$0(MainActivity.java:151) 12-13 12:32:44.550:带系统错误(4407):在 com.geckolab.httptestandroid.MainActivity$DownloadWebPageTextHttps.doInBackground(MainActivity.java:99) 12-13 12:32:44.550:带系统错误(4407):在 com.geckolab.httptestandroid.MainActivity$DownloadWebPageTextHttps.doInBackground(MainActivity.java:1) 12-13 12:32:44.550:带系统错误(4407):在 android.os.AsyncTask$2.call(AsyncTask.java:287)12-13 12:32:44.550: 带系统错误(4407):在 java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 12-13 12:32:44.555:W/系统错误(4407):在 java.util.concurrent.FutureTask.run(FutureTask.java:137)12-13 12:32:44.555:W/系统错误(4407):在 android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)12-13 12:32:44.555:W/系统错误(4407):在 java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076) 12-13 12:32:44.555:W/系统错误(4407):在 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569) 12-13 12:32:44.555:W/系统错误(4407):在 java.lang.Thread.run(Thread.java:856)12-13 12:32:44.555: W/系统错误(4407):由以下原因引起: java.security.cert.CertificateException: java.security.cert.CertPathValidator异常:的信任锚 找不到证书路径。12-13 12:32:44.560:带系统错误(4407): 在 org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:192) 12-13 12:32:44.560:带系统错误(4407):在 org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:163) 12-13 12:32:44.560:带系统错误(4407):在 org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:573) 12-13 12:32:44.560:带系统错误(4407):在 org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_握手(本机 方法)12-13 12:32:44.560:W/System.err(4407):在 org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371) 12-13 12:32:44.560:W/系统错误(4407):。。。18更多12-13 12:32:44.560:W/系统错误(4407):由以下原因引起: java.security.cert.CertPathValidator异常:的信任锚 找不到证书路径。12-13 12:32:44.560:带系统错误(4407): ... 23多 我的连接代码如下所示:具有自定义证书的Android https连接,android,ssl,https,connection,httpsurlconnection,Android,Ssl,Https,Connection,Httpsurlconnection,我想使用位于p12包中的自定义证书建立https连接。我已经在iPhone上做过了(所以我可以验证,证书、服务器等一切正常),但是Android有一些问题 我遵循了answear,但结果我得到了以下例外: 12-13 12:32:44.545:带系统错误(4407): javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidator异常:的信任锚 找不到证书路径。12-13 12:32:44.545:带系统错误(4
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(context.getResources().openRawResource(R.raw.gecko_cert_1), "gecko_cert_1".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(ks, "gecko_cert_1".toCharArray());
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), null, null);
//request
URL serverURL = new URL(myurl);
HttpsURLConnection conn = (HttpsURLConnection)serverURL.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
//conn.setHostnameVerifier(DO_NOT_VERIFY);
conn.setReadTimeout(10000 /* milliseconds */);
conn.setConnectTimeout(15000 /* milliseconds */);
conn.setRequestMethod("GET");
conn.setDoInput(true);
// Starts the query
conn.connect();
干杯,
Marcin现在对我有用了
我在连接方法的顶部添加了以下代码段:
X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
} };
然后交换行:
sc.init(kmf.getKeyManagers(), null, null);
致:
我还取消了这一行的注释:
conn.setHostnameVerifier(DO_NOT_VERIFY);
干杯,
马辛这很糟糕,糟糕,糟糕。它将允许并信任任何证书,向中间人攻击打开你的应用程序。获取服务器证书,将其添加到信任库并初始化与它的连接。这里有一些详细信息和代码:在您的文章中提到您在iOS中使用了证书身份验证。您能否提供用于在iOS上进行证书身份验证的代码?
conn.setHostnameVerifier(DO_NOT_VERIFY);