3

我需要一些帮助来验证我的 Android 应用程序中的通配符 SSL。现在我使用的代码是在不检查任何东西的情况下进行验证:

public void UseHttpsConnection(String url, String charset, String query) {

    try {
        final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted( final X509Certificate[] chain, final String authType ) {
            }
            @Override
            public void checkServerTrusted( final X509Certificate[] chain, final String authType ) {
            }
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        } };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance( "TLS" );
        sslContext.init( null, trustAllCerts, new java.security.SecureRandom() );
        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();



        System.setProperty("http.keepAlive", "false");
        HttpsURLConnection connection = (HttpsURLConnection) new URL(url)
                .openConnection();
        connection.setSSLSocketFactory( sslSocketFactory );
        connection.setDoOutput(true);
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Charset", charset);
        connection.setRequestProperty("Content-Type",
                "application/x-www-form-urlencoded;charset=" + charset);
        OutputStream output = null;
        try {
            output = connection.getOutputStream();
            output.write(query.getBytes(charset));
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            if (output != null)
                try {
                    output.close();
                } catch (IOException logOrIgnore) {
                    logOrIgnore.printStackTrace();
                }
        }

        int status = ((HttpsURLConnection) connection).getResponseCode();
        Log.i("", "Status : " + status);

        for (Entry<String, List<String>> header : connection
                .getHeaderFields().entrySet()) {
            Log.i("Headers",
                    "Headers : " + header.getKey() + "="
                            + header.getValue());
        }

        InputStream response = new BufferedInputStream(
                connection.getInputStream());

        int bytesRead = -1;
        byte[] buffer = new byte[30 * 1024];
        while ((bytesRead = response.read(buffer)) > 0) {
            byte[] buffer2 = new byte[bytesRead];
            System.arraycopy(buffer, 0, buffer2, 0, bytesRead);
            handleDataFromSync(buffer2);
        }
        connection.disconnect();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

当我通过互联网阅读时,我发现 Android 中存在一个验证WildCard(示例*.mydomain.com:)证书的错误,我没有找到任何示例或建议如何做到这一点。我想要实现的是:通过名称验证证书并检查它是否过期。欢迎任何好的建议/示例,因为这是我第一次尝试使用 SSL,我对它并不熟悉。

提前致谢!

4

2 回答 2

1

这段代码有帮助吗? https://github.com/mixare/mixare/blob/master/src/org/mixare/MixContext.java

我正在添加更多上下文,我真的相信这段代码部分地完成了你想要实现的目标:

        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }});
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, new X509TrustManager[]{new X509TrustManager(){
        public void checkClientTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {}
        public void checkServerTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {}
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }}}, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(
            context.getSocketFactory());

此代码在 mixare 中用于接受自签名证书。

于 2011-11-10T13:07:52.330 回答
1

Foursquare文档建议遵循此 SO question 中提供的答案

于 2011-11-17T11:24:08.290 回答