Warning: file_get_contents(/data/phpspider/zhask/data//catemap/3/android/234.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
无CA认证的Java ssl加密_Java_Android_Ssl_Handshake_Apache Mina - Fatal编程技术网
Fatal编程技术网
  • java/
  • 无CA认证的Java ssl加密

无CA认证的Java ssl加密

java android ssl

无CA认证的Java ssl加密,java,android,ssl,handshake,apache-mina,Java,Android,Ssl,Handshake,Apache Mina,我已经使用ApacheMina编写了android客户端。现在,我正在尝试将TLS支持添加到此客户端。但在客户端,我不想做服务器身份验证。我使用它只是为了加密。我应该如何做到这一点 我试过这样做 SSLContext sc = null; SslFilter sslFilter; private void startTLS() { try { sc = SSLContext.getInstance("TLSv1"); sc.init(null, null,

我已经使用ApacheMina编写了android客户端。现在,我正在尝试将TLS支持添加到此客户端。但在客户端,我不想做服务器身份验证。我使用它只是为了加密。我应该如何做到这一点

我试过这样做

SSLContext sc = null;
SslFilter sslFilter;
private void startTLS() {
    try {
        sc = SSLContext.getInstance("TLSv1");
        sc.init(null, null, null);
        sslFilter = new SslFilter(sc);
        sslFilter.setUseClientMode(true);
        session.getFilterChain().addFirst("mySSL", sslFilter);
    } catch(Exception e) {
        e.printStackTrace();
    }    
}
但当我点击这个方法时,连接就关闭了。有人知道这件事吗

另外
sslFilter.getEnabledProtocols()&sslFilter.getenablediphersuites()
给出
null

服务器处于扭曲状态。为了更清楚,您可以查看下面提到服务器机制的链接。

同样在MinaAPI中,有一个方法
sslFilter.setNeedClientAuth(boolean)
,但我不确定它的应用(我认为它在服务器端很有用)

新代码:

@Override
public void messageReceived(IoSession session, Object msg) {

    jsonParser(msg) //communication is in json
    if (condition) {
        startTLS();
    }

}


SslFilter sslFilter;
public void startTLS(JSONObject msg) throws GeneralSecurityException{

    TrustManager[] trustAllCerts = new TrustManager[] { 
          new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                    }

                public void checkClientTrusted(X509Certificate[] certs, String authType) {  }

                public void checkServerTrusted(X509Certificate[] certs, String authType) {  }

        }};     

    try {               

        SSLContext sslContext = SSLContext.getInstance("TLSv1");
        sslContext.init(null, trustAllCerts, null);

        IoFilterChain chain = session.getFilterChain();
        sslFilter = new SslFilter(sslContext);
        sslFilter.setUseClientMode(true);               
        chain.addFirst("sslFilter", sslFilter);

    } catch(Exception e){
        e.printStackTrace();
    }
}
追溯: 协商消息为:SESSION\u UNSECURED 跟踪跟踪如下:

02-05 12:50:20.365: W/System.err(994): Unexpected character (S) at position 0.
02-05 12:50:20.374: W/System.err(994):     at org.json.simple.parser.Yylex.yylex(Yylex.java:610)
02-05 12:50:20.394: W/System.err(994):     at org.json.simple.parser.JSONParser.nextToken(JSONParser.java:269)
02-05 12:50:20.394: W/System.err(994):     at org.json.simple.parser.JSONParser.parse(JSONParser.java:118)
02-05 12:50:20.404: W/System.err(994):     at org.json.simple.parser.JSONParser.parse(JSONParser.java:81)
02-05 12:50:20.444: W/System.err(994):     at org.json.simple.parser.JSONParser.parse(JSONParser.java:75)
02-05 12:50:20.444: W/System.err(994):     at network.com.parse(com.java:146)
02-05 12:50:20.444: W/System.err(994):     at network.com.messageReceived(com.java:106)
02-05 12:50:20.474: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
02-05 12:50:20.474: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.474: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
02-05 12:50:20.474: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
02-05 12:50:20.487: W/System.err(994):     at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:214)
02-05 12:50:20.494: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.494: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
02-05 12:50:20.514: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
02-05 12:50:20.514: W/System.err(994):     at org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:322)
02-05 12:50:20.524: W/System.err(994):     at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:497)
02-05 12:50:20.524: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.524: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
02-05 12:50:20.524: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
02-05 12:50:20.556: W/System.err(994):     at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
02-05 12:50:20.564: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
02-05 12:50:20.564: W/System.err(994):     at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:410)
02-05 12:50:20.574: W/System.err(994):     at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:710)
02-05 12:50:20.574: W/System.err(994):     at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:664)
02-05 12:50:20.604: W/System.err(994):     at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:653)
02-05 12:50:20.604: W/System.err(994):     at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:67)
02-05 12:50:20.604: W/System.err(994):     at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1124)
02-05 12:50:20.614: W/System.err(994):     at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
02-05 12:50:20.614: W/System.err(994):     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
02-05 12:50:20.614: W/System.err(994):     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
02-05 12:50:20.625: W/System.err(994):     at java.lang.Thread.run(Thread.java:841)
“不工作”不是可接受的问题描述。但是,如果没有至少一个对等方的身份验证,SSL是不安全的。见RFC 2246。如果你不知道你在以安全的方式与谁交谈,加密没有多大意义。当我看到一个问题说“它不起作用”,但没有解释它以何种方式不起作用时,我会投票关闭,因为9次中有9次“缺乏足够的信息来诊断问题”。“它不起作用”并没有给任何人一个检查问题的起点。解释您得到的结果以及它们与预期结果的差异,并包括您收到的任何错误消息。(很有诱惑力的回答是,“告诉它去dice.com看看招聘广告吧”。)这家伙要求的要么是:(1)没有服务器身份验证(即定制的
X509TrustManager
),要么(2)如何在密码套件中使用
aNULL
。有人本可以问这个问题,而不是投他的反对票,然后结束这个问题。(如果你不知道我在说什么,那么你可能一开始就不应该参与进来)。如果要添加
aNULL
密码套件,请参阅。您必须提前选择密码套件,并确保它们包含
aNULL
。如果您想放弃服务器身份验证(即常规的X509检查),则添加自定义的
X509TrustManager
,覆盖
checkServerTrusted
,并始终接受调用期间获得的内容。在OWASP上查看Android示例,不要执行
checkServerTrusted
中所示的操作。