Android应用程序SSL证书
我有一个Android应用程序,需要连接到具有SSL证书的服务器 我是新来的。你能告诉我信任该证书的步骤吗Android应用程序SSL证书,android,ssl,retrofit,Android,Ssl,Retrofit,我有一个Android应用程序,需要连接到具有SSL证书的服务器 我是新来的。你能告诉我信任该证书的步骤吗 我正在为我的Rest客户端使用翻新库如果要使用自签名证书,请使用以下代码(它将创建一个不验证证书链的信任管理器): } 要使用SSL证书,请使用以下方法代替getUnsafeOkHttpClient: public static OkHttpClient trustcert(Context context){ OkHttpClient okHttpClient = new
我正在为我的Rest客户端使用翻新库如果要使用自签名证书,请使用以下代码(它将创建一个不验证证书链的信任管理器): } 要使用SSL证书,请使用以下方法代替getUnsafeOkHttpClient:
public static OkHttpClient trustcert(Context context){
OkHttpClient okHttpClient = new OkHttpClient();
try {
KeyStore ksTrust = KeyStore.getInstance("BKS");
InputStream instream = context.getResources().openRawResource(R.raw.mykeystore);
ksTrust.load(instream, "secret".toCharArray());
// TrustManager decides which certificate authorities to use.
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksTrust);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | KeyManagementException e) {
e.printStackTrace();
}
return okHttpClient;
}
您可以在上找到更多详细信息,这里是使用适当的信任存储的:
public class RestModule {
private RestAdapter mRestAdapter;
private RaasService mRaasService;
private String mAccessToken;
public RestModule(final Context context, final String endPoint)
{
init(context, endPoint);
}
public RestModule(final Context context, final String endPoint, final String accessToken) {
mAccessToken = accessToken;
init(context, endPoint);
}
public void init(final Context context, final String endPoint) {
final MyPreferences preference = MyPreferences.getInstance();
final RestAdapter.Builder builder = new RestAdapter.Builder().setLogLevel(RestAdapter.LogLevel.FULL)
.setRequestInterceptor(new RequestInterceptor() {
@Override
public void intercept(RequestFacade requestFacade) {
if (mAccessToken == null) {
mAccessToken = preference.getCurrentAccountAccessToken();
}
requestFacade.addHeader("secretToken", mAccessToken);
requestFacade.addHeader("Content-Type", "application/json;charset=UTF-8");
}
})
.setEndpoint(endPoint);
builder.setClient(new OkClient(getPinnedOkHttpClient(context)));
mRestAdapter = builder.build();
}
private static OkHttpClient getPinnedOkHttpClient(Context context) {
try {
final SSLContext sslContext = getSslContext(context);
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setSslSocketFactory(sslSocketFactory);
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
okHttpClient.setConnectTimeout(30, TimeUnit.SECONDS);
okHttpClient.setReadTimeout(30, TimeUnit.SECONDS);
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private SSLContext getSslContext(Context context) throws Exception {
KeyStore trustStore = loadTrustStore(context);
String algotithmName = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(algotithmName);
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
return sslContext;
}
private KeyStore loadTrustStore(Context context) throws Exception {
KeyStore trustStore = KeyStore.getInstance("BKS");
InputStream trustStoreStream = context.getResources().getAssets().open("trust.bks");
trustStore.load(trustStoreStream, "password".toCharArray());
return trustStore;
}
public RaasService getService() {
if (mRaasService == null) {
mRaasService = mRestAdapter.create(RaasService.class);
}
return mRaasService;
}
}
您必须将服务器证书放入BKS密钥库,并将密码作为信任存储的密码,放入资产
文件夹中名为trust.BKS
的文件中。在这种情况下,代码中有一个(公开的)已知密码是没有问题的,因为信任存储中没有存储一个单独的保密字节,只保存一个公开的服务器证书
告诉您如何从您的服务器证书创建BKS密钥库。我不知道如何进行改装,但通常您可以像对这样的ip地址进行重新调用https://www.myapp.com/api/resource
我认为OP指的是自签名证书。神奇的词语是“公钥锁定”。但是请知道您在做什么,OP.trustAllCerts
的功能(甚至名称)清楚地表明,这不是一个好主意。不要用它。即使在测试环境中也不行。您无法确定它是否会进入生产代码。使用公钥固定,如@Jan Greve
public class RestModule {
private RestAdapter mRestAdapter;
private RaasService mRaasService;
private String mAccessToken;
public RestModule(final Context context, final String endPoint)
{
init(context, endPoint);
}
public RestModule(final Context context, final String endPoint, final String accessToken) {
mAccessToken = accessToken;
init(context, endPoint);
}
public void init(final Context context, final String endPoint) {
final MyPreferences preference = MyPreferences.getInstance();
final RestAdapter.Builder builder = new RestAdapter.Builder().setLogLevel(RestAdapter.LogLevel.FULL)
.setRequestInterceptor(new RequestInterceptor() {
@Override
public void intercept(RequestFacade requestFacade) {
if (mAccessToken == null) {
mAccessToken = preference.getCurrentAccountAccessToken();
}
requestFacade.addHeader("secretToken", mAccessToken);
requestFacade.addHeader("Content-Type", "application/json;charset=UTF-8");
}
})
.setEndpoint(endPoint);
builder.setClient(new OkClient(getPinnedOkHttpClient(context)));
mRestAdapter = builder.build();
}
private static OkHttpClient getPinnedOkHttpClient(Context context) {
try {
final SSLContext sslContext = getSslContext(context);
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setSslSocketFactory(sslSocketFactory);
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
okHttpClient.setConnectTimeout(30, TimeUnit.SECONDS);
okHttpClient.setReadTimeout(30, TimeUnit.SECONDS);
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private SSLContext getSslContext(Context context) throws Exception {
KeyStore trustStore = loadTrustStore(context);
String algotithmName = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(algotithmName);
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
return sslContext;
}
private KeyStore loadTrustStore(Context context) throws Exception {
KeyStore trustStore = KeyStore.getInstance("BKS");
InputStream trustStoreStream = context.getResources().getAssets().open("trust.bks");
trustStore.load(trustStoreStream, "password".toCharArray());
return trustStore;
}
public RaasService getService() {
if (mRaasService == null) {
mRaasService = mRestAdapter.create(RaasService.class);
}
return mRaasService;
}
}