使用自定义证书的Android https连接
我想使用位于p12包中的自定义证书进行https连接。我已经在iPhone上做过了(所以我可以验证,证书,服务器等一切正常),但是在Android上遇到了一些问题。使用自定义证书的Android https连接
我跟着How to request a URL that requires a client certificate for authentication answear,但作为一个结果,我得到以下异常:
12-13 12:32:44.545:W/System.err的(4407): javax.net.ssl中.SSLHandshakeException: java.security.cert.CertPathValidatorException:未找到 证书路径的信任锚点。 12-13 12:32:44.545:W/System.err(4407): at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:374) 12-13 12:32 :44.545:W/System.err(4407):at libcore.net.http.HttpConnection.setupSecureSocket(HttpConnection.java:209) 12-13 12:32:44.545:W/System.err(4407):at libcore.net.http.HttpsURLConnectionImpl $ HttpsEngine.makeSslConnection(HttpsURLConnectionImpl.java:478) 12-13 12:32:44.545:W/System.err的(4407):在 libcore.net.http.HttpsURLConnectionImpl $ HttpsEngine。连接(HttpsURLConnectionImpl.java:433) 12-13 12:32:44.545:W/System.err(4407):at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:289) 12-13 12:32:44.550:W/System.err(4407):at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:239)12-13 12:32:44.550:W/System .err(4407):at libcore.net.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:80) 12-13 12:32:44.550:W/System.err(4407):at libcore.net.http .HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:165) 12-13 12:32:44.550:W/System.err(4407):at com.geckolab.httptestandroid.MainActivity.downloadUrlHttps(MainActivity.java:172) 12 -13 12:32:44.550:W/System.err(4407):at com.geckolab.httptestandroid.MainActivity.access $ 0(MainActivity.java:151) 12-13 12:32:44.550:W/System。 err(4407):at com.geck olab.httptestandroid.MainActivity $ DownloadWebPageTextHttps.doInBackground(MainActivity.java:99) 12-13 12:32:44.550:W/System.err(4407):at com.geckolab.httptestandroid.MainActivity $ DownloadWebPageTextHttps.doInBackground(MainActivity .java:1) 12-13 12:32:44.550:W/System.err(4407):at android.os.AsyncTask $ 2.call(AsyncTask.java:287)12-13 12:32:44.550: W/System.err(4407):at java.util.concurrent.FutureTask $ Sync.innerRun(FutureTask.java:305) 12-13 12:32:44.555:W/System.err(4407):at java.util.concurrent.FutureTask.run(FutureTask.java:137)12-13 12:32:44.555:W/System.err(4407):at android.os.AsyncTask $ SerialExecutor $ 1.run(AsyncTask .java:230)12-13 12:32:44.555:W/System.err(4407):at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076) 12-13 12:32:44.555:W/System.err( 4407):在 java.util.concurrent.ThreadPoolExecutor中$ Worker.run(ThreadPoolExecutor.java:569) 12-13 12:32:44.555:W/System.err的(4407):在 java.lang.Thread中。运行(Thread.java:856)12-13 12:32:44.555: W/System.err(4407):导致者: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException:Trust anchor找不到 认证路径。 12-13 12:32:44.560:W/System.err(4407): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl。(TrustManagerImpl.java:192) 12-13 12:32:44.560:W/System.err ) 12-13 12:32:44.560:W/System.err(4407):at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:573) 12-13 12: 32:44.560:W/System.err(4407):at org.apache.harmony.xnet.provider.jsse.NativeCrypto.SSL_do_handshake(Native Method)12-13 12:32:44.560:W/System.err( 4407):at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371) 12-13 12:32:44.560:W/System.err(4407):... 18更多12-13 12:32:44.560:W/Syst em.err(4407):导致: java.security.cert.CertPathValidatorException:未找到 证书路径的信任锚点。 12-13 12:32:44.560:W/System.err的(4407): ...... 23多个
我的连接代码看起来如下:
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(context.getResources().openRawResource(R.raw.gecko_cert_1), "gecko_cert_1".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(ks, "gecko_cert_1".toCharArray());
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(kmf.getKeyManagers(), null, null);
//request
URL serverURL = new URL(myurl);
HttpsURLConnection conn = (HttpsURLConnection)serverURL.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
//conn.setHostnameVerifier(DO_NOT_VERIFY);
conn.setReadTimeout(10000 /* milliseconds */);
conn.setConnectTimeout(15000 /* milliseconds */);
conn.setRequestMethod("GET");
conn.setDoInput(true);
// Starts the query
conn.connect();
干杯, 马尔辛
它现在适用于我。
添加以下代码段上的连接方法的顶部:
X509TrustManager[] tm = new X509TrustManager[] { new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
} };
然后交换行:
sc.init(kmf.getKeyManagers(), null, null);
到:
sc.init(kmf.getKeyManagers(), tm, null);
我也未注释这个线:
conn.setHostnameVerifier(DO_NOT_VERIFY);
干杯, Marcin
这是坏的,坏的,坏的。它将允许和信任*任何*证书,打开您的应用程序以进行中间人攻击。获取服务器证书,将其添加到信任库并初始化您的连接。一些细节和代码在这里:http://nelenkov.blogspot.jp/2011/12/using-custom-certificate-trust-store-on.html –
在你的文章中你提到你有在iOS中工作的证书认证。你能提供你在iOS上使用证书认证的代码吗? – njtman