Java 未使用goDaddy证书验证Https主机名
我正在尝试使用我的端点下列出的两个goDaddy证书访问我的服务器。堆栈中的三个证书是My cert>Go Daddy安全证书颁发机构-G2>Go Daddy根证书颁发机构-G2。我从Go Daddy存储库下载了安全证书和根证书,现在已将它们添加到我的android应用程序原始资源文件夹中。即使两者都在那里,它仍然给我这个错误Java 未使用goDaddy证书验证Https主机名,java,android,ssl-certificate,bouncycastle,httpsurlconnection,Java,Android,Ssl Certificate,Bouncycastle,Httpsurlconnection,我正在尝试使用我的端点下列出的两个goDaddy证书访问我的服务器。堆栈中的三个证书是My cert>Go Daddy安全证书颁发机构-G2>Go Daddy根证书颁发机构-G2。我从Go Daddy存储库下载了安全证书和根证书,现在已将它们添加到我的android应用程序原始资源文件夹中。即使两者都在那里,它仍然给我这个错误 javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified: 我不知道下一步该怎么办。我尝试了很多
javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:
我不知道下一步该怎么办。我尝试了很多组合,所以我想我需要一种不同的方式来做这件事
这是我到目前为止所拥有的;
我的HttpsClient代码
public class MyHttpsGet extends AsyncTask<String, Void, String> {
Context context;
int cert;
int interCert;
boolean allowHost;
private String username;
private String password;
//this is used if you need a password and username
//mainly for logins to a webserver
public MyHttpsGet(String username, String password, Context context, int cert, int intermedCert)
{
this.context = context;
this.cert = cert;
this.interCert = intermedCert;
this.username = username;
this.password = password;
}
//used for image downloading
public MyHttpsGet(){}
@Override
protected String doInBackground(String... params) {
String url = params[0];
return httpsDownloadData(url, context, cert, interCert);
}
public String httpsDownloadData (String urlString, Context context, int certRawResId, int certIntermedResId)
{
String respone = null;
try {
// build key store with ca certificate
KeyStore keyStore = buildKeyStore(context, certRawResId, certIntermedResId);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
// Create a connection from url
URL url = new URL(urlString);
if (username != null) {
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password.toCharArray());
}
});
}
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
int statusCode = urlConnection.getResponseCode();
Log.d("Status code: ", Integer.toString(statusCode));
InputStream inputStream = urlConnection.getInputStream();
if (inputStream != null) {
respone = streamToString(inputStream);
inputStream.close();
}
}catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
Log.d("MyHttps Respones: ", respone);
return respone;
}
private static KeyStore buildKeyStore(Context context, int certRawResId, int interCert){
// init a default key store
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
// read and add certificate authority
Certificate cert2 = readCert(context, interCert);
Certificate cert = readCert(context, certRawResId);
keyStore.setCertificateEntry("ca" , cert2);
keyStore.setCertificateEntry("ca", cert);
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyStore;
}
private static Certificate readCert(Context context, int certResourceId) throws IOException {
// read certificate resource
InputStream caInput = context.getResources().openRawResource(certResourceId);
Certificate ca = null;
try {
// generate a certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ca = cf.generateCertificate(caInput);
} catch (CertificateException e) {
e.printStackTrace();
} finally {
caInput.close();
}
return ca;
}
//this is used for downloading strings from an http or https connection
private String streamToString(InputStream is) throws IOException {
StringBuilder sb = new StringBuilder();
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = rd.readLine()) != null) {
sb.append(line);
}
return sb.toString();
}
}
谢谢你在这方面的帮助
这是我的证书链的图片
错误消息显示
apivaticrm.elasticbeanstalk.com
,但随后您将证书中的通配符名称涂掉。为什么?
好吧,不管它是什么,它看起来像是以一个a
开头的,所以它肯定不是*.elasticbeanstalk.com
通配符证书
这意味着错误消息是正确的。证书不属于给定的域名
即使它是一个
*.apivaticrm.elasticbeanstalk.com
通配符(但黑屏似乎不够宽),它仍然不会匹配apivaticrm.elasticbeanstalk.com
,因为它只匹配子域。您使用的是什么web服务器?您是否已在服务器端绑定了所有根证书?
MyHttpsGet task = new MyHttpsGet(username, password,myContext, R.raw.gdroot_g2, R.raw.gdintermed);
try {
myJson = task.execute(myUrl).get();
Log.d("Json: " , myJson);
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
new runningMan().execute();