Android:发出Https请求

Question

Android:发出Https请求

在发出Https请求时,如何避免"javax.net.ssl.SSLPeerUnverifiedException:peer not authenticated"异常和Android Apache lib间隙"构造函数SSLSocketFactory(SSLContext)未定义"？

Answer 1

rpo*_*sky 46

此方法接受HttpClient实例并返回ready-for-https HttpClient实例.

 private HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new MySSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}

Run Code Online (Sandbox Code Playgroud)

因为Android org.apache.http.conn.ssl.SSLSocketFactory没有SSLSocketFactory(SSLContext)构造函数,所以我按如下方式扩展了类.

 public class MySSLSocketFactory extends SSLSocketFactory {
     SSLContext sslContext = SSLContext.getInstance("TLS");

     public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         super(truststore);

         TrustManager tm = new X509TrustManager() {
             public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public X509Certificate[] getAcceptedIssuers() {
                 return null;
             }
         };

         sslContext.init(null, new TrustManager[] { tm }, null);
     }

     public MySSLSocketFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        super(null);
        sslContext = context;
     }

     @Override
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
         return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
     }

     @Override
     public Socket createSocket() throws IOException {
         return sslContext.getSocketFactory().createSocket();
     }
}

Run Code Online (Sandbox Code Playgroud)

这里有优秀的文章:http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html

这里有一些帮助:通过HTTPS使用HttpClient信任所有证书

请记住,从安全角度来看,使用no-op`TrustManager`和`ALLOW_ALL_HOSTNAME_VERIFIER`是非常值得怀疑的.如果目标是连接到测试环境,那很好,但请不要将此代码投入生产. (19认同)
谢谢,如果没有你的帮助,我真的会失败!请注意其他人实现这个答案:请注意你已经包含了org.apache.http.conn.ssl.SSLSocketFactory,而不是javax.net.ssl.SSLSocketFactory.它们是不同的,不兼容. (2认同)

归档时间：	13 年，11 月前
查看次数：	19615 次
最近记录：	11 年，1 月前