最近发布了一个关于HttpClient过度Https 的问题(在这里找到).我已经取得了一些进展,但我遇到了新的问题.和我的上一个问题一样,我似乎无法找到适合我的任何地方的例子.基本上,我希望我的客户端接受任何证书(因为我只指向一个服务器),但我一直在接受javax.net.ssl.SSLException: Not trusted server certificate exception.
所以这就是我所拥有的:
public void connect() throws A_WHOLE_BUNCH_OF_EXCEPTIONS {
HttpPost post = new HttpPost(new URI(PROD_URL));
post.setEntity(new StringEntity(BODY));
KeyStore trusted = KeyStore.getInstance("BKS");
trusted.load(null, "".toCharArray());
SSLSocketFactory sslf = new SSLSocketFactory(trusted);
sslf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme ("https", sslf, 443));
SingleClientConnManager cm = new SingleClientConnManager(post.getParams(),
schemeRegistry);
HttpClient client = new DefaultHttpClient(cm, post.getParams());
HttpResponse result = client.execute(post);
}
这是我得到的错误:
W/System.err( 901): javax.net.ssl.SSLException: Not trusted server certificate
W/System.err( 901): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:360)
W/System.err( 901): …我正在尝试获取远程服务器的证书,然后我可以使用它来添加到我的密钥库并在我的java应用程序中使用.
一位资深开发者(节假日:())告诉我,我可以运行这个:
openssl s_client -connect host.host:9999
要获取原始证书,我可以将其复制并导出.我收到以下输出:
depth=1 /C=NZ/ST=Test State or Province/O=Organization Name/OU=Organizational Unit Name/CN=Test CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
23177:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1086:SSL alert number 40
23177:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
我也试过这个选项
-showcerts
而这一个(在debian上运行你的头脑)
-CApath /etc/ssl/certs/
但得到同样的错误.
这个消息来源说我可以使用那个CApath标志,但它似乎没有帮助.我尝试了多条路径无济于事.
请让我知道我哪里出错了.
我正在尝试使用HttpClientlib 进行HTTPS连接,但问题在于,由于证书未由Verisign,GlobalSIgn等公认的证书颁发机构(CA)签署,并列在Android受信任证书集上,我一直在javax.net.ssl.SSLException: Not trusted server certificate.
我已经看到了你只接受所有证书的解决方案,但如果我想询问用户该怎么办?
我想得到一个类似于浏览器的对话框,让用户决定是否继续.我最好使用与浏览器相同的证书库.有任何想法吗?
出于测试目的,我正在尝试将套接字工厂添加到我的okHttp客户端,该客户端在设置代理时信任所有内容.这已经完成了很多次,但是我对一个信任套接字工厂的实现似乎缺少了一些东西:
class TrustEveryoneManager implements X509TrustManager {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { }
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { }
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
OkHttpClient client = new OkHttpClient();
final InetAddress ipAddress = InetAddress.getByName("XX.XXX.XXX.XXX"); // some IP
client.setProxy(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(ipAddress, 8888)));
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = new TrustManager[]{new TrustEveryoneManager()};
sslContext.init(null, trustManagers, null);
client.setSslSocketFactory(sslContext.getSocketFactory);
没有请求从我的应用程序发出,并且没有异常被记录,因此它似乎在okHttp中无声地失败.经过进一步调查,似乎Connection.upgradeToTls()在强制握手时,okHttp中有一个异常被吞没.我得到的例外是:javax.net.ssl.SSLException: SSL handshake terminated: ssl=0x74b522b0: SSL_ERROR_ZERO_RETURN occurred. You …
我正在为拥有自签名SSL证书的服务器的客户工作.
我使用包装的OkHttp客户端使用Retrofit + CustomClient:
RestAdapter restAdapter = new RestAdapter.Builder().setEndpoint(Config.BASE_URL + Config.API_VERSION)
.setClient(new CustomClient(new OkClient(), context))
.build();
OkHttp默认支持调用自签名SSL证书服务器吗?
顺便说说.哪个客户端默认使用Retrofit?我认为这是OkHttp,但当我研究了一点时,我意识到我需要导入OkHttp依赖项
我正在使用Glide加载图像,我面临的问题是,当我在慢速互联网连接上运行应用程序时,我得到了SocketTimeOutException.所以要解决这个问题,我想使用自定义,OkHttpClient以便我可以更改HttpClient的超时,这是我的代码.
public class MyGlideModule implements GlideModule {
@Override
public void applyOptions(Context context, GlideBuilder builder) {
}
@Override
public void registerComponents(Context context, Glide glide) {
OkHttpClient client = new OkHttpClient();
client.setConnectTimeout(15, TimeUnit.SECONDS);
client.setReadTimeout(15,TimeUnit.SECONDS);
OkHttpUrlLoader.Factory factory = new OkHttpUrlLoader.Factory(client);
glide.register(GlideUrl.class, InputStream.class, factory);
}
}
但OkHttpUrlLoaderGlide API中已经没有了.所以我想知道如何设置OkHttpClient for Glide
我从这边使用SSL Socket和Trustmanager 自签名SSL
但我不断收到以下错误:
09-28 19:52:41.942:WARN/System.err(10101):javax.net.ssl.SSLHandshakeException:org.bouncycastle.jce.exception.ExtCertPathValidatorException:无法验证证书签名.
怎么了?我已经在stackoverflow上检查了不同的帖子,但我似乎无法让它工作.
我的代码:
SchemeRegistry schemeRegistry = new SchemeRegistry();
// http scheme
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// https scheme
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
params = new BasicHttpParams();
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 1);
params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE, new ConnPerRouteBean(1));
params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, "utf8");
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(new AuthScope("www.example.com", AuthScope.ANY_PORT),
new UsernamePasswordCredentials("user", "password"));
clientConnectionManager = new ThreadSafeClientConnManager(params, schemeRegistry);
context = new BasicHttpContext();
context.setAttribute("http.auth.credentials-provider", credentialsProvider);
DefaultHttpClient client = new DefaultHttpClient(clientConnectionManager, params);
HttpGet get = new HttpGet("https://www.example.com/web/restricted/form/formelement=512663");
HttpResponse response = client.execute(get, …在提出问题之前,我找到了一些链接,我逐一检查了这些链接,但没有一个链接给我一个解决方案:
我到目前为止唯一找到的链接是这一个,它提供了两种方法:使用Android Volley发出HTTPS请求
我也找到了这个博客,其中有很多解释,但最后,我意识到这些例子都使用了来自"apache.org"的弃用库,而博客本身也没有Android Volley的内容.
https://nelenkov.blogspot.mx/2011/12/using-custom-certificate-trust-store-on.html
还有来自Android的链接和"未知证书颁发机构"部分的代码,它给出了解决方案的一个好主意,但代码本身在其结构中缺少一些东西(Android Studio抱怨...):https:// developer.android.com/training/articles/security-ssl.html
但是这个链接的引用似乎是解决问题的核心概念.
"TrustManager是系统用于验证来自服务器的证书的方法,并且通过从具有一个或多个CA的KeyStore创建一个证书 - 那些将是该TrustManager信任的唯一CA.给定新的TrustManager,该示例初始化一个新的SSLContext它提供了一个SSLSocketFactory,您可以使用它来覆盖HttpsURLConnection的默认SSLSocketFactory.这样连接将使用您的CA进行证书验证."
现在,这是我的问题:我有一个使用自签名证书的网络服务器,我根据其证书创建了一个"BKS信任库".我已将de BKS信任库导入我的Android APP,现在,我的应用程序上有以下代码(我刚刚在这里发布了MainActivity,这是迄今为止唯一与此主题相关的类,我想):
package com.domain.myapp;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.support.v7.app.AppCompatActivity;
import android.util.Log;
import android.view.View;
import android.widget.EditText;
import android.widget.Toast;
import com.android.volley.Request;
import com.android.volley.RequestQueue;
import com.android.volley.Response;
import com.android.volley.VolleyError;
import com.android.volley.toolbox.HurlStack;
import com.android.volley.toolbox.StringRequest;
import com.android.volley.toolbox.Volley;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.SSLContext; …我正在开发一个简单的应用程序,它使用https协议从服务器发布和获取数据.我在互联网上搜索但是资源很少,我尝试了大部分资源但是无法成功完成.
我尝试使用HttpClient它是成功的,但我想用HttpsURLconnection来做
我是否需要从设备中获取公共RSA密钥,如果是这样,我该怎么做呢.
有人能告诉我如何才能实现这一目标httpsURLconnection.
protected String doInBackground(String... arg0) {
try {
ByteArrayInputStream derInputStream = new ByteArrayInputStream(app.certificateString.getBytes());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509","BC");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(derInputStream);
String alias = "alias";//cert.getSubjectX500Principal().getName();
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null);
trustStore.setCertificateEntry(alias, cert);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(trustStore, null);
KeyManager[] keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
TrustManager[] trustManagers = tmf.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
URL url = new URL("MY HTTPS URL");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); …我有一个.p12证书文件,我使用SSL转换器将其转换为.pem证书文件.然后我在我的android代码中使用那个pem证书文件,如下所示:
OkHttpClient okHttpClient = new OkHttpClient();
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream instream = context.getResources().openRawResource(R.raw.pem_certificate);
Certificate ca;
ca = cf.generateCertificate(instream);
KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
kStore.load(null, null);
kStore.setCertificateEntry("ca", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(kStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
} catch (CertificateException
| KeyStoreException
| NoSuchAlgorithmException
| IOException
| KeyManagementException e) {
e.printStackTrace();
}
baseURL = endpoint;
RestAdapter restAdapter = new RestAdapter.Builder()
.setEndpoint(baseURL)
.setClient(new OkClient(okHttpClient))
.build();
service = restAdapter.create(DishService.class);
但是这段代码不起作用.它在"ca = cf.generateCertificate(instream);"行中失败了.使用CertificateException消息.
android ×7
https ×5
ssl ×5
okhttp ×3
certificate ×2
java ×2
retrofit ×2
ca ×1
httpclient ×1
linux ×1
openssl ×1
security ×1
sockets ×1
trustmanager ×1