我一直在尝试向apache httpclient库注册我的自定义信任管理器。以下链接包含如何执行此操作的说明:Https Connection Android
不幸的是,我想使用的构造函数(public sslsocketfactory(sslcontext sslcontext))在httpclient的android版本中不可用。我将使用sslcontext初始化我的自定义信任管理器。似乎Android已经用一个“密钥库”取代了它。
我的问题是:(如何)我可以在android中向defaulthttpclient注册一个自定义的trustmanager吗?在keystore类中有其他的选择吗?
最后我想暂时忽略证书检查…
请只考虑httpclient库,因为我的整个应用程序都是基于它的。
最佳答案
解决方案是创建自己的套接字工厂。
public class NetworkSSLSocketFactory implements LayeredSocketFactory {
private SSLContext sslContext;
private SSLSocketFactory socketFactory;
private X509HostnameVerifier hostnameVerifier;
/**
* Creates a socket factory that will use the {@link SSLContext} and
* {@link X509HostnameVerifier} specified. The SSLContext provided should
* have the {@link NetworkTrustManager} associated with it.
*
* @param sslContext
* @param hostnameVerifier
*/
public NetworkSSLSocketFactory(SSLContext sslContext,
X509HostnameVerifier hostnameVerifier) {
this.sslContext = sslContext;
this.socketFactory = sslContext.getSocketFactory();
this.hostnameVerifier = hostnameVerifier;
}
}
然后创建一个使用trustmanager的sslcontext,然后创建一个androidhttpclient,并用一个使用socketfactory的模式替换它的https模式。
/**
* Return the SSLContext for use with our HttpClient or create a new Context
* if needed.
* <p>
* This context uses our {@link NetworkTrustManager}
*
* @return an {@link SSLContext}
*/
public SSLContext getSSLContext() {
if (mSSLContextInstance != null)
return mSSLContextInstance;
try {
mSSLContextInstance = SSLContext.getInstance("TLS");
TrustManager trustManager = new NetworkTrustManager(getKeyStore());
TrustManager[] tms = new TrustManager[] { trustManager };
mSSLContextInstance.init(null, tms, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
Log.e(TAG, e.getMessage());
} catch (KeyManagementException e) {
Log.e(TAG, e.getMessage());
}
return mSSLContextInstance;
}
现在是客户
/**
* Return an HttpClient using our {@link NetworkTrustManager} and
* {@link NetworkHostnameVerifier}
*
* @return an {@link HttpClient}
*/
public HttpClient getHttpClient() {
if (mHttpClientInstance != null)
return mHttpClientInstance;
SSLContext sslContext = getSSLContext();
// Now create our socket factory using our context.
X509HostnameVerifier hostnameVerifier = new NetworkHostnameVerifier();
NetworkSSLSocketFactory sslSocketFactory = new NetworkSSLSocketFactory(
sslContext, hostnameVerifier);
// Some services (like the KSOAP client) use the HttpsURLConnection
// class
// to establish SSL connections.
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
.getSocketFactory());
// Generate the Client for the Server
mHttpClientInstance = AndroidHttpClient.newInstance(getAgent(),
mContext);
// Get the registry from the AndroidHttpClient and change the
// HTTPS scheme to use our socket factory. This way we can
// control the certificate authority and trust system.
SchemeRegistry schemeRegistry = mHttpClientInstance
.getConnectionManager().getSchemeRegistry();
schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
return mHttpClientInstance;
}
如果您不知道如何创建新的密钥库,请执行以下操作:
/**
* Get the current KeyStore or if not yet created, create a new one. This
* will <b>NOT</b> load the KeyStore file identified by
* {@link #KEYSTORE_NAME}. To load the KeyStore file, use the function
* {@link #loadKeyStore()} which will automatically call this function (so
* you don't need to).
* <p>
*
* @return a {@link KeyStore}
*/
public KeyStore getKeyStore() {
if (mKeyStore != null)
return mKeyStore;
try {
String defaultType = KeyStore.getDefaultType();
mKeyStore = KeyStore.getInstance(defaultType);
mKeyStore.load(null, null);
} catch (Exception e) {
Log.w(TAG, e.getMessage());
}
return mKeyStore;
}
上面的解决方案是一个解决方案的开始,它允许您创建一个trustmanager,该trustmanager将验证“系统密钥库”的证书以及您拥有的“私有密钥库”(两个密钥库)。然后,您不需要尝试将证书添加到系统密钥库。您可以在getfilesdir()文件夹中创建自己的密钥库。
我仍然没有完成从httpresult=httpclient.execute(httppost);方法捕获证书的逻辑,但是我现在正在积极地编写这篇文章。如果你需要帮助,我现在可以和你一起工作了。
如果有人知道如何从httprequestbase对象中的sslsocket捕获/获取证书,请告诉我。我在找这个。