6

我正在尝试覆盖 Android 中的信任管理器。我想让底层信任管理器检查证书,但我需要确定证书是否过期。如果证书过期,我需要忽略它并接受证书。如果取出电池,某些移动设备会将日期重置为旧日期,从而导致证书看起来好像过期了。即使发生这种情况,我的应用程序也必须继续运行。

我遇到的问题是这行代码抛出了 NullPointerException:

origTrustmanager.checkServerTrusted(certs, authType);

根据文档,checkServerTrusted 永远不应该抛出 NullPointerExeption。certs 里面有两个项目。authType 设置为“RSA”。如果我不实现自定义信任管理器,则会引发异常,清楚地表明证书已过期,因此我知道底层信任管理器正在执行其工作。即使我将设备上的日期和时间设置在证书的有效期内,上面的 checkServerTrusted 行也会产生异常。为什么?显然我做错了什么。这是我的自定义信任管理器的代码以及我如何访问 URL:

class SSLTrustManager
{
  private X509TrustManager origTrustmanager;

  public SSLTrustManager()
  {
    try
    {
      TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
      tmf.init((KeyStore) null);
      TrustManager[] trustManagers = tmf.getTrustManagers();
      this.origTrustmanager = (X509TrustManager) trustManagers[0];
    }
    catch (Exception ex)
    {
    }
  }

  public javax.net.ssl.SSLSocketFactory GetSocketFactory()
  {
    try
    {
      TrustManager[] wrappedTrustManagers = new TrustManager[] {
          new X509TrustManager()
          {
            public java.security.cert.X509Certificate[] getAcceptedIssuers()
            {
              return origTrustmanager.getAcceptedIssuers();
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType)
            {
              try
              {
                origTrustmanager.checkClientTrusted(certs, authType);
              }
              catch (CertificateException e)
              {
              }
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException
            {
              try
              {
                origTrustmanager.checkServerTrusted(certs, authType);
              }
              catch(Exception ex)
              {
              }
            }
          }
       };

      SSLContext sslContext = SSLContext.getInstance("SSL");
      sslContext.init(null, wrappedTrustManagers, new java.security.SecureRandom());
      javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
      return sslSocketFactory;
    }
    catch (Exception ex)
    {
      return null;
    }
  }
}

访问url的代码:

SSLTrustManager sslTrustManager = new SSLTrustManager();
HttpsURLConnection.setDefaultSSLSocketFactory(sslTrustManager.GetSocketFactory());

URL siteUrl = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) siteUrl.openConnection();
conn.setRequestMethod("POST");
conn.setDoOutput(true);
conn.setDoInput(true);

DataOutputStream out = new DataOutputStream(conn.getOutputStream());
4

2 回答 2

4

如果您从未初始化origTrustmanager实例变量,它将具有默认值null,这确实会在您尝试使用它时导致 NPE。

我刚刚对此进行了编辑,以显示 TrustManager 初始化示例。(我没有在 Android 上尝试过,但它在纯 Java 中运行良好。)

小心不要抓太多。在这里,您正在捕获CertificateExceptionException在您的信任管理器中:这与什么都没有一样好,因为这些方法旨在抛出这些异常。CertificateExpiredException确保仅在您想忽略到期日期时才捕获。

请注意,这只是一个依赖于这样一个事实的技巧,即在实践中,证书验证是在一般信任验证之后完成的(至少在 OpenJDK 实现中)。据我所知,规范中没有任何内容说证书过期是. 它是在对信任元素进行其他验证之前完成的,并且您忽略了该异常,您可以让更多的证书通过而不是您想要的。

于 2012-12-06T11:04:39.673 回答
-1

使用此代码这对我有用

TrustManager tm = new X509TrustManager() {
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }
};

// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
        public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {}
    }
};
SSLContext sslContext = null;

try {
    sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, new TrustManager[] { tm }, null);
} catch (Exception e1) {
    e1.printStackTrace();
    return;
}

AsyncSSLSocketMiddleware sslMiddleWare = Ion.getDefault(context).getHttpClient().getSSLSocketMiddleware();
sslMiddleWare.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
sslMiddleWare.setSSLContext(sslContext);

Ion.getDefault(context).getHttpClient().getSSLSocketMiddleware().setTrustManagers(trustAllCerts);
Ion.getDefault(context).getHttpClient().getSSLSocketMiddleware().setSSLContext(sslContext);

Ion.with(context).load("POST", serverUrl)
    .setHeader("Content-Type", "application/json")
    .setHeader("Accept", "application/json")
    .setLogging("ION_LOGGING", Log.VERBOSE).setJsonObjectBody(json)
于 2015-01-08T14:10:04.043 回答