我创建了一个自定义 httpclient,用于接收我的自定义信任存储,并将其用于它尝试访问的所有 ssl 站点。这是代码:
public class MyHttpClient extends DefaultHttpClient {
private Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
KeyStore trusted = KeyStore.getInstance("BKS");
InputStream in = context.getResources().openRawResource(
R.raw.cacerts);
try {
trusted.load(in, "changeit".toCharArray());
}
catch (CertificateException c) {
System.out
.println("There was a certificate exception in myhttpclient!");
}
finally {
in.close();
}
return new SSLSocketFactory(trusted);
}
catch (Exception e) {
throw new AssertionError(e);
}
}
}
这是它给我的堆栈跟踪:
W/System.err(4194): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
W/System.err(4194): at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:258)
W/System.err(4194): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
W/System.err(4194): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
W/System.err(4194): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
W/System.err(4194): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err(4194): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err(4194): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:428)
W/System.err(4194): at org.apache.http.impl.client.AbstractHttpClient$1.executeRequestSending(AbstractHttpClient.java:608)
W/System.err(4194): at org.apache.http.impl.client.naf.redirect.NafRequestExecutorWrapperRedirectionHandler.executeRequestSendingUsual(NafRequestExecutorWrapperRedirectionHandler.java:96)
W/System.err(4194): at org.apache.http.impl.client.naf.redirect.NafRequestExecutorWrapperRedirectionHandler.executeRequestSending(NafRequestExecutorWrapperRedirectionHandler.java:73)
W/System.err(4194): at org.apache.http.impl.client.naf.auth.NafHttpAuthStrategyDefault.sendFirstRequest(NafHttpAuthStrategyDefault.java:487)
W/System.err(4194): at org.apache.http.impl.client.naf.auth.NafHttpAuthStrategyDefault.performAuthExecutionUnsafe(NafHttpAuthStrategyDefault.java:388)
W/System.err(4194): at org.apache.http.impl.client.naf.auth.NafHttpAuthStrategyDefault.performAuthExecution(NafHttpAuthStrategyDefault.java:200)
W/System.err(4194): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:556)
W/System.err(4194): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:505)
W/System.err(4194): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:483)
W/System.err(4194): at com.wmmccreedy.vce.AgConnection.submitInfo(AgConnection.java:111)
W/System.err(4194): at com.wmmccreedy.vce.LoginSubmitActvity$DownloadWebPageTask.doInBackground(LoginSubmitActvity.java:199)
W/System.err(4194): at com.wmmccreedy.vce.LoginSubmitActvity$DownloadWebPageTask.doInBackground(LoginSubmitActvity.java:1)
W/System.err(4194): at android.os.AsyncTask$2.call(AsyncTask.java:185)
W/System.err(4194): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:306)
W/System.err(4194): at java.util.concurrent.FutureTask.run(FutureTask.java:138)
W/System.err(4194): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1088)
W/System.err(4194): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:581)
W/System.err(4194): at java.lang.Thread.run(Thread.java:1019)
现在,这可以正常工作……大约 50% 的时间。我通过创建一个while循环来“解决”这个问题。它继续重新创建 httpclient 客户端并尝试一遍又一遍地访问服务器,直到它工作,通常只尝试 1 到 2 次(我见过的最多是 4 次)。显然,这是非常低效的。
我已经将问题缩小到我上面发布的类,因为如果我只创建一次 httpclient 并尝试使用同一个类多次访问该站点,它要么总是失败,要么总是成功,这取决于是否我有一个“好”的 httpclient,或者一个“坏”的 httpclient。但是,如果我每次尝试访问网页时都创建 httpclient,它有时会起作用,有时会不起作用。
那么为什么要这样做,我该如何解决呢?为什么它只是间歇性地工作,在客户端的创建之间会发生什么变化?
编辑:解决了!
看来我在我的信任库中留下了一些旧版本的别名,它会随机选择它首先找到的任何一个,但最终并不总是正确的。每个别名都有相同的证书,但每个别名的所有证书的顺序不同。我测试了直到找到正确的商店,删除了其余的,现在一切都很完美。