2

我在 android 上使用 httpclient 的 ssl 遇到了一些麻烦我正在尝试详细访问自签名证书我希望我的应用程序信任所有证书(我将仅使用 ssl 进行数据加密)。首先,我尝试在桌面上使用本指南http://hc.apache.org/httpclient-3.x/sslguide.html工作正常,但在 android 上我仍然得到 javax.net.ssl.SSLException: Not trust server certificate。在谷歌搜索后,我发现了一些其他示例如何启用 ssl。

http://groups.google.com/group/android-developers/browse_thread/thread/62d856cdcfa9f16e - 当我使用 URLConnection 但使用 HttpClient 时工作仍然有异常。

http://www.discursive.com/books/cjcook/reference/http-webdav-sect-self-signed.html - 在桌面上使用来自 apache 的 jar 正在工作,但在 android 中使用包含在 SDK 类中的不能使其工作.

http://mail-archives.apache.org/mod_mbox/hc-httpclient-users/200808.mbox/%3C1218824624.6561.14.camel@ubuntu%3E - 也得到同样的例外

所以任何想法我如何使用 HttpClient 信任 android 上的所有证书

4

3 回答 3

9

如果你碰巧看了一下 DefaultHttpClient 的代码,它看起来是这样的:

   @Override
    protected ClientConnectionManager createClientConnectionManager() {
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(
                new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        registry.register(
                new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));

        ClientConnectionManager connManager = null;     
        HttpParams params = getParams();
        ...
    }

注意 https 方案到 org.apache.http.conn.ssl.SSLSocketFactory.getSocketFactory() 的映射。

org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory您可以为接口(http://hc.apache.org/httpclient-3.x/apidocs/org/apache/commons/httpclient/protocol/SecureProtocolSocketFactory.html )创建自定义实现,其中,您可以java.net.SSLSocket使用自定义TrustManager创建接受所有证书。

您可能希望在http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html上查看 JSSE 以了解更多详细信息

于 2010-05-19T10:10:01.560 回答
3

关键思想是使用定制的 SSLSocketFactory 实现 LayeredSocketFactory。自定义套接字不需要 HostNameVerifier。

private static final class TrustAllSSLSocketFactory implements
    LayeredSocketFactory {

    private static final TrustAllSSLSocketFactory DEFAULT_FACTORY = new TrustAllSSLSocketFactory();

    public static TrustAllSSLSocketFactory getSocketFactory() {
        return DEFAULT_FACTORY;
    }

    private SSLContext sslcontext;
    private javax.net.ssl.SSLSocketFactory socketfactory;

    private TrustAllSSLSocketFactory() {
        super();
        TrustManager[] tm = new TrustManager[] { new X509TrustManager() {

            @Override
            public void checkClientTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
                // do nothing
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {
                // do nothing
            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

        } };
        try {
            this.sslcontext = SSLContext.getInstance(SSLSocketFactory.TLS);
            this.sslcontext.init(null, tm, new SecureRandom());
            this.socketfactory = this.sslcontext.getSocketFactory();
        } catch ( NoSuchAlgorithmException e ) {
            Log.e(LOG_TAG,
                "Failed to instantiate TrustAllSSLSocketFactory!", e);
        } catch ( KeyManagementException e ) {
            Log.e(LOG_TAG,
                "Failed to instantiate TrustAllSSLSocketFactory!", e);
        }
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,
        boolean autoClose) throws IOException, UnknownHostException {
        SSLSocket sslSocket = (SSLSocket) this.socketfactory.createSocket(
            socket, host, port, autoClose);
        return sslSocket;
    }

    @Override
    public Socket connectSocket(Socket sock, String host, int port,
        InetAddress localAddress, int localPort, HttpParams params)
        throws IOException, UnknownHostException, ConnectTimeoutException {
        if ( host == null ) {
            throw new IllegalArgumentException(
                "Target host may not be null.");
        }
        if ( params == null ) {
            throw new IllegalArgumentException(
                "Parameters may not be null.");
        }

        SSLSocket sslsock = (SSLSocket) ( ( sock != null ) ? sock
            : createSocket() );

        if ( ( localAddress != null ) || ( localPort > 0 ) ) {

            // we need to bind explicitly
            if ( localPort < 0 ) {
                localPort = 0; // indicates "any"
            }

            InetSocketAddress isa = new InetSocketAddress(localAddress,
                localPort);
            sslsock.bind(isa);
        }

        int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
        int soTimeout = HttpConnectionParams.getSoTimeout(params);

        InetSocketAddress remoteAddress;
        remoteAddress = new InetSocketAddress(host, port);

        sslsock.connect(remoteAddress, connTimeout);

        sslsock.setSoTimeout(soTimeout);

        return sslsock;
    }

    @Override
    public Socket createSocket() throws IOException {
        // the cast makes sure that the factory is working as expected
        return (SSLSocket) this.socketfactory.createSocket();
    }

    @Override
    public boolean isSecure(Socket sock) throws IllegalArgumentException {
        return true;
    }

}

然后,您可以继续在支持的方案注册表中使用自定义的 SSLSocketFactory。

private static final BasicHttpParams sHttpParams = new BasicHttpParams();
private static final SchemeRegistry sSupportedSchemes = new SchemeRegistry();
static {
    sHttpParams.setParameter("http.socket.timeout", READ_TIMEOUT);
    sHttpParams.setParameter("http.connection.timeout", CONNECT_TIMEOUT);
    sSupportedSchemes.register(new Scheme("http",
        PlainSocketFactory.getSocketFactory(), 80));
    sSupportedSchemes.register(new Scheme("https",
        TrustAllSSLSocketFactory.getSocketFactory(), 443));
}
于 2011-04-26T17:08:33.973 回答
2

我推荐这个解决方案,而不是接受所有证书:Trusting all Certificates using HttpClient over HTTPS

于 2011-06-16T21:40:00.873 回答