2

像这里的许多人一样,我正在尝试与具有自签名证书的站点进行通信。有许多类和代码片段展示了如何做到这一点,例如HTTPS GET (SSL) with Android and self-signed server certificate,但我找不到任何展示如何实际使用这些类的东西。我已经做了很多实验,但我确定我只是错过了一些简单的东西。

具体来说,我正在尝试使用“Moss”提供的类;得票最多的答案。我仍然总是收到“不受信任的证书”消息。该主题的其他人也要求提供实施提示,但尚未得到答复。谢谢你的帮助。

如果我可以将此问题附加到该主题,我会更高兴,但我想像我这样的新手只能发布新问题(尽管我已经成为 SO 的粉丝一年多了)。

4

2 回答 2

2

我们在一些项目中使用了类似SocketFactory的实现。X509TrustManager为了将这些类绑定到您的实现,您基本上需要做的就是将它们连接到HttpClient用于客户端-服务器通信的(假设这是您正在使用的)。

我们通常有一种方法来HttpClient使用提到的工厂和信任管理器创建一个。它看起来有点像这样,并且大致基于内联注释中显示的链接。

protected HttpClient constructClient() {
    HttpParams params = new BasicHttpParams();
    params.setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1);

    // use the debug proxy to view internet traffic on the host computer
    if (ABCApplication.isDebuggingProxy()) params.setParameter(ConnRoutePNames.DEFAULT_PROXY, new HttpHost(ABCConstants.DEBUG_PROXY_HOST, ABCConstants.DEBUG_PROXY_PORT, "http"));

    // ignore ssl certification (due to signed authority not appearing on android list of permitted authorities)
    // see: http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", new PlainSocketFactory(), 80));
    registry.register(new Scheme("https", new FakeSocketFactory(), 443)); 
    ClientConnectionManager cm = new SingleClientConnManager(params, registry);

    return new DefaultHttpClient(cm, params);
}

希望对您的实施有所帮助。

于 2012-04-28T00:45:45.267 回答
2

我们也可以使用

HttpURLConnection http = null;
            URL url;
            try {
                url = new URL("https:your domian");

                if (url.getProtocol().toLowerCase().equals("https")) {
                    trustAllHosts();
                    HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
                    https.setHostnameVerifier(DO_NOT_VERIFY);
                    http = https;
                    System.out.println("TEST:::"+convertStreamToString(http.getInputStream())); 
                } else {
                    http = (HttpURLConnection) url.openConnection();
                    System.out.println("TEST:::"+convertStreamToString(http.getInputStream())); 
                }
            } catch (MalformedURLException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            } catch (IOException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }


/*******
 * Trust every server - don't check for any certificate
 */
private static void trustAllHosts() {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return new java.security.cert.X509Certificate[] {};
        }

        public void checkClientTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
        }
    } };

    // Install the all-trusting trust manager
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection
                .setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        e.printStackTrace();
    }
}



final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
};
于 2015-04-21T08:13:00.750 回答