0

我不知道如何调试这个,现在已经有一段时间了,任何指针都将不胜感激。

我正在尝试在 Android 应用程序和 Nodejs 服务器之间进行 ssl/tls 身份验证。运行 android 应用程序时遇到此错误消息:

10-31 23:33:58.260: D/ExampleActivity(26199): Response code: 401
10-31 23:34:05.901: W/DefaultRequestDirector(26199): Authentication error: Unable to respond to any of these challenges: {}

请注意,我已经注释掉了客户端身份验证部分,只是试图让基本的 SSL 身份验证正常工作。即使这样也给了我同样的警告/错误。

NodeJs-Server.js

var https = require('https'),
    fs = require('fs');

var options = {
    key: fs.readFileSync('certs/server_key.pem'),
    cert: fs.readFileSync('certs/server.pem'),
   // ca: [fs.readFileSync('certs/client.pem')],
    passphrase: '33333',
   // requestCert: true,
   // rejectUnauthorized: false
};

https.createServer(options, function (req, res) {
    if (req.client.authorized) {
        res.writeHead(200, {"Content-Type": "application/json"});
        res.end('{"status":"approved"}');
    } else {
        res.writeHead(401, {"Content-Type": "application/json"});
        res.end('{"status":"denied"}');
    }
}).listen(8000);

安卓

public class SecureHttpClient extends DefaultHttpClient {
    private String ks = "11111";
    private String ts = "22222";
    private Context context;

    public SecureHttpClient(final Context context) {
        super();
        this.context = context;
    }

    @Override
    protected ClientConnectionManager createClientConnectionManager() {
        SchemeRegistry registry = new SchemeRegistry();
        SSLSocketFactory factory = newSslSocketFactory();
        factory.setHostnameVerifier((X509HostnameVerifier) SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        registry.register(new Scheme("https", factory, 443));
        HttpParams httpParams = new BasicHttpParams();
        return new SingleClientConnManager(httpParams, registry);
    }

    private SSLSocketFactory newSslSocketFactory() {
        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            KeyStore trustStore = KeyStore.getInstance("BKS");
            InputStream inKey= context.getResources().openRawResource(R.raw.client);
            InputStream inTrust = context.getResources().openRawResource(R.raw.clienttruststore);
            try {
                keyStore.load(inKey, ks.toCharArray());
                trustStore.load(inTrust, ts.toCharArray());
            } finally {
                inKey.close();
                inTrust.close();
            }
            return new SSLSocketFactory(trustStore);
        } catch (Exception e) {
            throw new AssertionError(e);
        }
    }
}

// 主要活动

public class MainActivity extends Activity {

    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        setStrictMode();

        final HttpClient client = new SecureHttpClient(this);

        // Provide ip or address to where your test server is runnning
        final HttpGet request = new HttpGet("https://192.168.0.105:8000/");

        HttpResponse response = null;
        try {
            response = client.execute(request);
        } catch (ClientProtocolException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        Log.d("ExampleActivity", "Response code: " + response.getStatusLine().getStatusCode());
    }

    @TargetApi(9) 
    private void setStrictMode() {
        StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder().permitAll().build();

        StrictMode.setThreadPolicy(policy); 
    }

    @Override
    public boolean onCreateOptionsMenu(Menu menu) {
        getMenuInflater().inflate(R.menu.activity_main, menu);
        return true;
    }
}
4

2 回答 2

1

好吧,您的服务器似乎在端口 8000 上运行,而您的 Android 应用程序仅注册了SSLSocketFactory443 端口,因此它实际上是在尝试与 HTTPS 服务器进行 HTTP 通信。要么为服务器使用 443 端口,要么在SchemeRegistry.

于 2012-11-01T05:37:03.423 回答
0

用 pkcs12 替换客户端密钥+证书 bks 文件似乎可以解决问题。我不知道为什么。

于 2012-11-01T13:10:14.837 回答