Java 未使用goDaddy证书验证Https主机名_Java_Android_Ssl Certificate_Bouncycastle_Httpsurlconnection

Java 未使用goDaddy证书验证Https主机名

java android

Java 未使用goDaddy证书验证Https主机名,java,android,ssl-certificate,bouncycastle,httpsurlconnection,Java,Android,Ssl Certificate,Bouncycastle,Httpsurlconnection,我正在尝试使用我的端点下列出的两个goDaddy证书访问我的服务器。堆栈中的三个证书是My cert>Go Daddy安全证书颁发机构-G2>Go Daddy根证书颁发机构-G2。我从Go Daddy存储库下载了安全证书和根证书，现在已将它们添加到我的android应用程序原始资源文件夹中。即使两者都在那里，它仍然给我这个错误 javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified: 我不知道下一步该怎么办。我尝试了很多

我正在尝试使用我的端点下列出的两个goDaddy证书访问我的服务器。堆栈中的三个证书是My cert>Go Daddy安全证书颁发机构-G2>Go Daddy根证书颁发机构-G2。我从Go Daddy存储库下载了安全证书和根证书，现在已将它们添加到我的android应用程序原始资源文件夹中。即使两者都在那里，它仍然给我这个错误

javax.net.ssl.SSLPeerUnverifiedException: Hostname  not verified:

我不知道下一步该怎么办。我尝试了很多组合，所以我想我需要一种不同的方式来做这件事

这是我到目前为止所拥有的；我的HttpsClient代码

public class MyHttpsGet extends AsyncTask<String, Void, String> {

Context context;

int cert;
int interCert;
boolean allowHost;
private String username;
private String password;

//this is used if you need a password and username
//mainly for logins to a webserver
public MyHttpsGet(String username, String password, Context context, int cert, int intermedCert)
{
    this.context = context;
    this.cert = cert;
    this.interCert = intermedCert;
    this.username = username;
    this.password = password;

}

//used for image downloading
public MyHttpsGet(){}

@Override
protected String doInBackground(String... params) {
    String url = params[0];
    return httpsDownloadData(url, context, cert, interCert);
}

public String httpsDownloadData (String urlString, Context context, int certRawResId, int certIntermedResId)
{
    String respone = null;

    try {
        // build key store with ca certificate
        KeyStore keyStore = buildKeyStore(context, certRawResId, certIntermedResId);


        // Create a TrustManager that trusts the CAs in our KeyStore
        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keyStore);

        // Create an SSLContext that uses our TrustManager
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, tmf.getTrustManagers(), null);

        // Create a connection from url
        URL url = new URL(urlString);
        if (username != null) {
            Authenticator.setDefault(new Authenticator() {
                @Override
                protected PasswordAuthentication getPasswordAuthentication() {
                    return new PasswordAuthentication(username, password.toCharArray());
                }
            });
        }
        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
        urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());


        int statusCode = urlConnection.getResponseCode();
        Log.d("Status code: ", Integer.toString(statusCode));


        InputStream inputStream = urlConnection.getInputStream();
        if (inputStream != null) {
            respone = streamToString(inputStream);
            inputStream.close();
        }

    }catch (IOException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (KeyManagementException e) {
        e.printStackTrace();
    }

    Log.d("MyHttps Respones: ", respone);
    return respone;
}


private static KeyStore buildKeyStore(Context context, int certRawResId, int interCert){
    // init a default key store
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = null;
    try {
        keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);

        // read and add certificate authority
        Certificate cert2 = readCert(context, interCert);
        Certificate cert = readCert(context, certRawResId);
        keyStore.setCertificateEntry("ca" , cert2);
        keyStore.setCertificateEntry("ca", cert);



    } catch (CertificateException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    } catch (KeyStoreException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }
    return keyStore;

}

private static Certificate readCert(Context context, int certResourceId) throws IOException {

    // read certificate resource
    InputStream caInput = context.getResources().openRawResource(certResourceId);

    Certificate ca = null;
    try {
        // generate a certificate
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        ca = cf.generateCertificate(caInput);
    } catch (CertificateException e) {
        e.printStackTrace();
    } finally {
        caInput.close();
    }

    return ca;
}

//this is used for downloading strings from an http or https connection
private String streamToString(InputStream is) throws IOException {

    StringBuilder sb = new StringBuilder();
    BufferedReader rd = new BufferedReader(new InputStreamReader(is));
    String line;
    while ((line = rd.readLine()) != null) {
        sb.append(line);
    }

    return sb.toString();
}


 }

谢谢你在这方面的帮助

这是我的证书链的图片

错误消息显示

apivaticrm.elasticbeanstalk.com

，但随后您将证书中的通配符名称涂掉。为什么?

好吧，不管它是什么，它看起来像是以一个

开头的，所以它肯定不是

*.elasticbeanstalk.com

通配符证书

这意味着错误消息是正确的。证书不属于给定的域名

即使它是一个

*.apivaticrm.elasticbeanstalk.com

通配符（但黑屏似乎不够宽），它仍然不会匹配

apivaticrm.elasticbeanstalk.com

，因为它只匹配子域。

您使用的是什么web服务器？您是否已在服务器端绑定了所有根证书？

 MyHttpsGet task = new MyHttpsGet(username, password,myContext, R.raw.gdroot_g2, R.raw.gdintermed);
        try {
            myJson = task.execute(myUrl).get();
            Log.d("Json: " , myJson);
        } catch (InterruptedException e) {
            e.printStackTrace();
        } catch (ExecutionException e) {
            e.printStackTrace();
        }
        new runningMan().execute();