1. 首页
  2. 问答
  3. :在Android的“javax.net.ssl.SSLException不受信任的服务器证书”异常

:在Android的“javax.net.ssl.SSLException不受信任的服务器证书”异常

2010-06-16 120 views
5

我收到的时候我想从我的Android应用程序打HTTPS URL(NET Web服务)此异常::在Android的“javax.net.ssl.SSLException不受信任的服务器证书”异常

的javax .net.ssl.SSLException:不受信任的服务器证书

这里是我的代码:

HttpParams myParams = new BasicHttpParams(); 
HttpProtocolParams.setVersion(myParams, HttpVersion.HTTP_1_1); 
HttpProtocolParams.setContentCharset(myParams, "utf-8"); 
myParams.setBooleanParameter("http.protocol.expect-continue", false); 


HttpConnectionParams.setConnectionTimeout(myParams, 100000); 
HttpConnectionParams.setSoTimeout(myParams, 100000); 

// 
KeyStore trusted; 
try { 

     trusted = KeyStore.getInstance("pkcs12"); 
     trusted.load(null, "".toCharArray()); 
     SSLSocketFactory sslf = new SSLSocketFactory(trusted); 
    sslf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 

    SchemeRegistry schemeRegistry = new SchemeRegistry(); 
    schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 

    schemeRegistry.register(new Scheme("https", sslf, 443));  
    ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(myParams, schemeRegistry); 


    httpClient = new DefaultHttpClient(manager, myParams); 
    } catch (KeyStoreException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (NoSuchAlgorithmException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (CertificateException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (IOException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (KeyManagementException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (UnrecoverableKeyException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    }   
    // 

    localContext = new BasicHttpContext(); 

    httpClient.getParams().setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.RFC_2109); 

    httpPost = new HttpPost("https://...."); 
    response = null; 

    StringEntity tmp = null;   

    httpPost.setHeader("SOAPAction", "SoapActionURL"); 

    if (contentType != null) { 
     httpPost.setHeader("Content-Type", contentType); 
    } else { 
     httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded"); 
    } 

    try { 
     tmp = new StringEntity(data,"UTF-8"); 
    } catch (UnsupportedEncodingException e) { 
     Log.e("Your App Name Here", "HttpUtils : UnsupportedEncodingException : "+e); 
    } 

    httpPost.setEntity(tmp); 

    try { 

     response = httpClient.execute(httpPost,localContext); 

     if (response != null) { 
      ret = EntityUtils.toString(response.getEntity()); 
     } 
    } catch (Exception e) { 
     Log.e("Your App Name Here", "HttpUtils: " + e); 
    }

来源

2010-06-16 user342823

+1

见问题http://stackoverflow.com/questions/995514/https-connection-android#1000205 – 2010-10-25 21:02:48

+0

当你执行一个https呼叫,你实际上需要证书的存在。你的web服务上有证书吗? – Droidekas 2015-03-01 16:26:04

回答

1 
KeyStore trusted; 
try { 

     trusted = KeyStore.getInstance("pkcs12"); 
     trusted.load(null, "".toCharArray()); 
     SSLSocketFactory sslf = new SSLSocketFactory(trusted);

您没有存储要连接的服务器的证书的信任库,并且您连接的服务器不受信任。为了解决这个问题,你需要使用Keytool创建一个密钥库文件(我创建了一个BKS密钥库并将其加载到SpongyCastle提供程序中)作为信任库。

keytool -importcert -file servercert.crt -alias mykey -keystore truststore.jks -storetype BKS -providerpath bcprov-jdk15on-151.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider

另外,我用的Apache的HttpClient的新版本,特别是http://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient-android/4.3.5

public KeyStore initializeTrustStore(Context context) 
{ 
    KeyStore keyStore = null; 
    try 
    { 
     keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME); 
     InputStream inputStream = context.getResources().openRawResource(R.raw.truststore); 
     try 
     { 
      keyStore.load(inputStream, "password".toCharArray()); 
     } 
     finally 
     { 
      inputStream.close(); 
     } 
    } 


    KeyStore trustStore = loadTrustStore(context); 
    SSLContext sslcontext = null; 
    CloseableHttpClient httpclient = null; 

     SSLContextBuilder sslContextBuilder = SSLContexts.custom() 
      .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()); 
     sslcontext = sslContextBuilder.build(); 

     // Allow TLSv1 protocol only 
     SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
      sslcontext, new String[] {"TLSv1"}, null, 
      SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER 
     ); 
     httpclient = HttpClients 
      .custom() 
      .setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) 
      .setSSLSocketFactory(sslsf).build(); 
     CloseableHttpResponse response = httpclient.execute(httpUriRequest); 
     try 
     { 
      HttpEntity entity = response.getEntity(); 
      //do things with response here 
      if(entity != null) 
      { 
       entity.consumeContent(); 
      } 
     } 
     finally 
     { 
      response.close(); 
     }

来源

2014-11-25 13:16:56 EpicPandaForce

相关问题

 相关问题