2016-04-28 72 views
2

我使用JSOUP连接到很多 https网站。我使用的方法Jsoup.connect(URL),但它抛出异常:从google play旁路SSL警告

javax.net.ssl.SSLHandshakeException: Certificate not valid or trusted. 

所以我用这个代码信任所有证书的SSL:

public static void enableSSLSocket() throws KeyManagementException, NoSuchAlgorithmException { 
    TrustManager[] trustAllCerts = new TrustManager[]{ 
    new X509TrustManager() { 
     public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
      return null; 
     } 
     public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } 
     public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } 
    } 
}; 

// Install the all-trusting trust manager 
try { 
    SSLContext sc = SSLContext.getInstance("SSL"); 
    sc.init(null, trustAllCerts, new java.security.SecureRandom()); 
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 
    HttpsURLConnection.setDefaultHostnameVerifier(
     new HostnameVerifier() { 
      public boolean verify(String urlHostName, SSLSession session) { 
       return true; 
      } 
     }); 
} 
catch (Exception e) { 
    //We can not recover from this exception. 
    e.printStackTrace(); 
}} 

但SICE我使用代码上面有古尔警告在玩商店。

您的应用程序正在对Apa​​che HTTP客户端使用X509TrustManager接口的不安全实现,从而导致安全漏洞。有关详细信息,请参阅此Google帮助中心文章,其中包括修复漏洞的最后期限。

如果我添加以下代码:

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
       try { 
        chain[0].checkValidity(); 
       } catch (Exception e) { 
        throw new CertificateException("Certificate not valid or trusted."); 
       } 
      } 

警告了,但JSOUP不工作是不是有同样的异常再次合作。 那么有什么方法可以相信所有的SSL和绕过谷歌警告?提前致谢。

+3

“那么有没有什么办法可以相信所有的SSL和绕过谷歌警告?” - 希望不是。 “但JSOUP不工作” - 那么也许你应该考虑打开一个单独的堆栈溢出问题,在那里提供你的JSoup问题的[mcve],并详细解释什么是“不工作”的含义。 – CommonsWare

+0

@CommonWare我只是更新我的问题。希望你能帮我! – hoanngothanh

+0

我建议你完全消除你的'enableSSLSocket()'方法。 – CommonsWare

回答

0

我找到解决办法,跳有人需要它:

public static void trustSSLCertificate(final Activity mActivity, final DownloadPortalTask task){ 
 
     try { 
 
      HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { 
 
       public boolean verify(String hostname, SSLSession session) { 
 
        return true; 
 
       } 
 
      }); 
 

 
      SSLContext context = SSLContext.getInstance("TLS"); 
 
      context.init(null, new X509TrustManager[]{new X509TrustManager() { 
 
       public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
 
       } 
 

 
       public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
 
        try { 
 
         chain[0].checkValidity(); 
 
        } catch (final Exception e) { 
 

 
         mActivity.runOnUiThread(new Runnable() { 
 
          @Override 
 
          public void run() { 
 
           AlertDialog.Builder builder = new AlertDialog.Builder(mActivity); 
 
           AlertDialog alertDialog = builder.create(); 
 
           alertDialog.setCancelable(false); 
 
           String message = "There a problem with the security certificate for this web site."; 
 
           message += "\nDo you want to continue anyway?"; 
 
           alertDialog.setTitle("SSL Certificate Error"); 
 
           alertDialog.setMessage(message); 
 
           alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() { 
 
            @Override 
 
            public void onClick(DialogInterface dialog, int which) { 
 
             acceptSSL = true; 
 
             return; 
 

 
            } 
 
           }); 
 

 
           alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() { 
 
            @Override 
 
            public void onClick(DialogInterface dialog, int which) { 
 
             acceptSSL = true; 
 
             task.onInterruptedDownload(); 
 
            } 
 
           }); 
 
           alertDialog.show(); 
 

 
          } 
 

 
         }); 
 

 
         while(!acceptSSL){ 
 
          try{ 
 
           Thread.sleep(1000); 
 
          } catch(InterruptedException er) { } 
 
         } 
 

 
        } 
 
       } 
 
       public X509Certificate[] getAcceptedIssuers() { 
 
        return new X509Certificate[0]; 
 
       } 
 
      }}, new SecureRandom()); 
 
      HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); 
 
     } catch (Exception e) { // should never happen 
 
      e.printStackTrace(); 
 
     } 
 
    }

调用此方法之前调用Jsoup。谷歌播放的SSL警告消失了。