我设置了一个本地 HTTP 代理,用于调试来自我的 Android 应用程序的 .json 请求和响应数据。我使用命令行选项将它部署到运行 Android 4.2.2 的 Nexus One 模拟器映像-http-proxy http://localhost:8888。我正在使用库存 ADT Build:v21.1.0-569685。我可以使用我使用 groovy 运行的以下代码片段来验证 HTTP 代理是否可以处理 HTTPS 连接:
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
FileInputStream fis =
new FileInputStream( "./.mitmproxy/mitmproxy-ca-cert.pem" );
BufferedInputStream bis = new BufferedInputStream( fis );
CertificateFactory cf = CertificateFactory.getInstance( "X.509" );
KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
ks.load( null,"".toCharArray() );
while ( bis.available() > 0 )
{
Certificate cert = cf.generateCertificate( bis );
ks.setCertificateEntry( "mitmproxy", cert );
System.out.println( cert.toString() );
}
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm() );
tmf.init( ks );
SSLContext ctx = SSLContext.getInstance( "TLS" );
ctx.init( null, tmf.getTrustManagers(), null );
SSLSocketFactory sslFactory = ctx.getSocketFactory();
try
{
String url = "https://www.openssl.org/";
Proxy proxy =
new Proxy(
Proxy.Type.HTTP,
new InetSocketAddress( "127.0.0.1", 8888 ) );
HttpsURLConnection conn =
( HttpsURLConnection ) new URL( url ).openConnection( proxy );
conn.setSSLSocketFactory( sslFactory );
String s =
new Scanner(
conn.getInputStream(),
"UTF-8" ).useDelimiter( "\\A" ).next();
System.out.println( s );
}
catch ( Exception e )
{
e.printStackTrace();
}
这个片段很好地获取了 HTTPS 资源,记录了未加密的请求和响应,并且运行良好。从配置为将其用作代理的浏览器访问 HTTPS 资源时,该代理也可以工作,因此我很确定问题不在于代理。根据证书,您可以知道我正在使用 mitmproxy,但此代码也适用于 OWASP ZAP 代理。但是对于任一代理,在 Android 映像上安装适当的 CA 根证书后,来自映像的 HTTPS 请求将失败,并在 mitmproxy 事件日志中记录以下事件:
127.0.0.1:56210: connect
127.0.0.1:56210: 400: SSL handshake error: (-1, 'Unexpected EOF')
127.0.0.1:56210: disconnect
-> handled 0 requests
在 Android 端,抛出以下异常:
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): Network error
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x2a180890: Failure in SSL library, usually a protocol error
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x45dc2ba8:0x00000000)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:420)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:219)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:480)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:444)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:294)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:244)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:286)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:181)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.integralblue.httpresponsecache.compat.libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:273)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.network.HttpUrlConnectionClient.send(HttpUrlConnectionClient.java:178)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.network.AppClient.send(AppClient.java:212)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.network.MsiClient.send(MsiClient.java:87)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.services.SimpleService.runService(SimpleService.java:134)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.task.InitTask.doInBackground(InitTask.java:84)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at com.ehi.national.mobile.task.InitTask.doInBackground(InitTask.java:1)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at android.os.AsyncTask$2.call(AsyncTask.java:287)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.util.concurrent.FutureTask.run(FutureTask.java:234)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:230)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1080)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:573)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at java.lang.Thread.run(Thread.java:856)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x2a180890: Failure in SSL library, usually a protocol error
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol (external/openssl/ssl/s23_clnt.c:766 0x45dc2ba8:0x00000000)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:378)
05-23 16:13:30.109: E/HttpUrlConnectionClient(827): ... 20 more
其他 HTTP 请求按预期记录和记录。为了成功完成与 HTTP 代理的 SSL 握手,我在 Android 映像的 SSL 设置中缺少什么?