3

我正在尝试使用自签名证书测试安全的 http 连接......仅用于开发目的。但是我无法解决 peer not authenticated 异常,当然我已经查看了有关此异常的类似帖子,以下是我正在使用的当前实现:

public class SelfCertificatesSocketFactory extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
    super(trustStore);

      TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };




}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}



@Override
public Socket createSocket(Socket socket, String host, int port,
        boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}



}

以及用法:

private DefaultHttpClient createHttpsClient(){
    try {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);

        SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
        //sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        return new DefaultHttpClient(ccm);
    } catch (Exception e) {
        return new DefaultHttpClient();
    }

}

但是它不起作用...我仍然遇到异常。我做错了什么?PD:我正在实现一个 Java Web 应用程序,这不是一个 Android 客户端。非常感谢。

4

3 回答 3

2

感谢它,通过使用以下代码解决:

HttpClient client = null;
    TrustStrategy easyStrategy = new TrustStrategy() {

        @Override
        public boolean isTrusted(X509Certificate[] certificate, String authType)
                throws CertificateException {
            return true;
        }
    };
    try {

        SSLSocketFactory sf = new SSLSocketFactory(easyStrategy,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 8443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        client = new DefaultHttpClient(ccm);

    } catch (KeyManagementException e1) {
        e1.printStackTrace();
    } catch (UnrecoverableKeyException e1) {
        e1.printStackTrace();
    } catch (NoSuchAlgorithmException e1) {
        e1.printStackTrace();
    } catch (KeyStoreException e1) {
        e1.printStackTrace();
    }
于 2012-02-02T14:29:05.547 回答
2

您的代码创建的信任管理器实例似乎没有在任何地方使用,并且 KeyStore 实例似乎不包含任何信任材料。

而不是做所有你应该简单地利用SSLSocketFactory.

TrustStrategy easyStrategy = new TrustStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // eh, why not?
        return true;
    }
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);
于 2012-02-02T12:09:26.337 回答
1

在我的特殊情况下,我设备上的系统时间是过去设置的。

感谢此页面指出看似显而易见的... :)

于 2013-02-04T10:32:11.643 回答