忽略DefaultHttpClient中的ssl错误

我在默认的httpclient中寻找忽略所有ssl错误（例如不可信）的可能性。我在这里看到了很多解决方案，但是我必须导入一个特定的证书并将它添加到trustmanager，或者它用于DefaultHttpClient的HttpsUrlConnection instad。我使用webrequests是：忽略DefaultHttpClient中的ssl错误

public static String makeGETRequest(String s,String encoding) 
{ 
    DefaultHttpClient http = new DefaultHttpClient(); 
    final String username = "USERNAME"; 
    final String password = "PASSWORD"; 
    UsernamePasswordCredentials c = new UsernamePasswordCredentials(username,password); 
    BasicCredentialsProvider cP = new BasicCredentialsProvider(); 
    cP.setCredentials(AuthScope.ANY, c); 
    http.setCredentialsProvider(cP); 
    HttpResponse res; 
    try { 

     res = http.execute(new HttpGet(s)); 
     InputStream is = res.getEntity().getContent(); 
     BufferedInputStream bis = new BufferedInputStream(is); 
     ByteArrayBuffer baf = new ByteArrayBuffer(50); 
     int current = 0; 
     while((current = bis.read()) != -1){ 
       baf.append((byte)current); 
     } 

     return new String(baf.toByteArray(),encoding); 
     } 
    catch (ClientProtocolException e) { 
     // TODO Auto-generated catch block 
     return "error: " + e.getMessage(); 
    } 
    catch (IOException e) { 
     // TODO Auto-generated catch block 
     return "error: " + e.getMessage(); 
    } 

}

和：

public static String makePOSTRequest(String s, List <NameValuePair> nvps,String encoding) 
{ 
    DefaultHttpClient http = new DefaultHttpClient(); 
    final String username = "USERNAME"; 
    final String password = "PASSWORD"; 
    UsernamePasswordCredentials c = new UsernamePasswordCredentials(username,password); 
    BasicCredentialsProvider cP = new BasicCredentialsProvider(); 
    cP.setCredentials(AuthScope.ANY, c); 
    http.setCredentialsProvider(cP); 
    HttpResponse res; 
    try { 
     HttpPost httpost = new HttpPost(s); 
     httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.DEFAULT_CONTENT_CHARSET)); 
     res = http.execute(httpost); 
     InputStream is = res.getEntity().getContent(); 
     BufferedInputStream bis = new BufferedInputStream(is); 
     ByteArrayBuffer baf = new ByteArrayBuffer(50); 
     int current = 0; 
     while((current = bis.read()) != -1){ 
       baf.append((byte)current); 
     } 
     res = null; 
     httpost = null; 
     String ret = new String(baf.toByteArray(),encoding); 
     return ret; 
     } 
    catch (ClientProtocolException e) { 
     // TODO Auto-generated catch block 
     return e.getMessage(); 
    } 
    catch (IOException e) { 
     // TODO Auto-generated catch block 
     return e.getMessage(); 
    } 

}

没有人知道如何忽略这个代码SSL错误？

编辑：因为我相信只有一个特定的（已过期）证书，我尝试覆盖DefaultHttpClient以下列方式：

public class MyHttpClient extends DefaultHttpClient { 
final Context context; 

    public MyHttpClient(Context context) { 
    this.context = context; 
    } 

    @Override protected ClientConnectionManager createClientConnectionManager() { 
    SchemeRegistry registry = new SchemeRegistry(); 
    registry.register(
     new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
    registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
    return new SingleClientConnManager(getParams(), registry); 
    } 

    private SSLSocketFactory newSslSocketFactory() { 
    try { 
     KeyStore trusted = KeyStore.getInstance("BKS"); 
     InputStream in = context.getResources().openRawResource(R.raw.mykeystore); 
     try { 
     trusted.load(in, "mypassword".toCharArray()); 
     } finally { 
     in.close(); 
     } 
     return new SSLSocketFactory(trusted); 
    } catch (Exception e) { 
     throw new AssertionError(e); 
    } 
    }

}

在R.raw文件。 mykeystore是一个.bks文件，我使用Portecle创建，我创建了一个新的bks并导入了已过期证书的存储区域，它看起来可以正常工作，而且密钥存储没有错误，但是如果我执行请求， IO异常与消息“没有对等证书”，可能是什么问题？

来源

2011-08-29 2red13

“忽略SSL错误（例如不信任）”是不安全的。请参阅RFC 2246.如果您不希望它安全，为什么要使用SSL？ – EJP

感谢转化为评论;）正如我写的，过期的SSL证书来自第三方代理，我告诉他们安装一个有效的代理，但我必须wirite快速解决方法，以使我的客户的功能，而证书已过期... – 2red13

按照EJP的评论，有选择性地容忍过期证书并让绝对通过任何证书是非常不同的事情。 – Bruno

我解决了这个问题。它的工作原理，如果你使用上面的要求，但不是在DefaultHttpClient，用你自己的版本：

public class MyHttpClient extends DefaultHttpClient { 
final Context context; 
TrustManager easyTrustManager = new X509TrustManager() { 
    @Override 
    public void checkClientTrusted(
      X509Certificate[] chain, 
      String authType) throws CertificateException { 
    } 

    @Override 
    public void checkServerTrusted(
      X509Certificate[] chain, 
      String authType) throws CertificateException { 
    } 

    @Override 
    public X509Certificate[] getAcceptedIssuers() { 
     return null; 
    }  
}; 
    public MyHttpClient(Context context) { 
    this.context = context; 
    } 

    @Override protected ClientConnectionManager createClientConnectionManager() { 
    SchemeRegistry registry = new SchemeRegistry(); 
    registry.register(
     new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
    registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
    return new SingleClientConnManager(getParams(), registry); 
    } 


    private MySSLSocketFactory newSslSocketFactory() { 
    try { 
     KeyStore trusted = KeyStore.getInstance("BKS");  
     try { 
     trusted.load(null, null); 

     } finally { 
     } 

     MySSLSocketFactory sslfactory = new MySSLSocketFactory(trusted); 
     sslfactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 
     return sslfactory; 
    } catch (Exception e) { 
     throw new AssertionError(e); 
    } 

    } 
    public class MySSLSocketFactory extends SSLSocketFactory { 
     SSLContext sslContext = SSLContext.getInstance("TLS"); 

     public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { 
      super(truststore); 

      TrustManager tm = new X509TrustManager() { 
       public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
       } 

       public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
       } 

       public X509Certificate[] getAcceptedIssuers() { 
        return null; 
       } 
      }; 

      sslContext.init(null, new TrustManager[] { tm }, null); 
     } 

     @Override 
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { 
      return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose); 
     } 

     @Override 
     public Socket createSocket() throws IOException { 
      return sslContext.getSocketFactory().createSocket(); 
     } 
    } 
    }

来源

2011-08-31 06:35:17 2red13

这段代码会导致操作系统版本2.2中的破损管道错误，在2.3.3中修复+ – 2red13

未使用的字段easyTrustManager！ –

此代码适用于我。谢谢 –

忽略DefaultHttpClient中的ssl错误

回答

相关问题