本文介绍了Android的SSL没有同行证书的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个例外:没有对方的证书

I've got an exception: No peer certificate

当我问谷歌,然后我得到的解决方案,在那里我相信所有证书。但这个问题的答案是,它是不安全的。

When I'm asking google, then i get solution, where i'm trusting all certificates. But answers of this question are, it's insecure.

所以我称为类:

HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
           HttpClient client = new DefaultHttpClient();

           SchemeRegistry registry = new SchemeRegistry();
           SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
           socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
           registry.register(new Scheme("https", socketFactory, 443));
           SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
           DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());

           HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
           Log.v("URL:", Url[0]);
           HttpPost post = new HttpPost(Url[0]);
           post.addHeader("Username", Url[1]);
           post.addHeader("Passwort", Url[2]);
           HttpResponse getResponse = httpClient.execute(post); //Wirft Exception
           HttpEntity responseEntity = getResponse.getEntity();
           UserID = Integer.parseInt(responseEntity.getContent().toString());

这是我的类:

class MyHttpClient extends DefaultHttpClient {

final Context context;

public MyHttpClient(Context context) {
    this.context = context;
}

@Override
protected ClientConnectionManager createClientConnectionManager() {
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    // Register for port 443 our SSLSocketFactory with our keystore
    // to the ConnectionManager
    registry.register(new Scheme("https", (SocketFactory) newSslSocketFactory(), 443));
    return new SingleClientConnManager(getParams(), registry);
}

private SSLSocketFactory newSslSocketFactory() {
    try {
        // Get an instance of the Bouncy Castle KeyStore format
        KeyStore trusted = KeyStore.getInstance("BKS");
        // Get the raw resource, which contains the keystore with
        // your trusted certificates (root and any intermediate certs)
        InputStream in = context.getResources().openRawResource(R.raw.mykey);
        try {
            // Initialize the keystore with the provided trusted certificates
            // Also provide the password of the keystore
            trusted.load(in, "PASSWORT".toCharArray());
        } finally {
            in.close();
        }
        // Pass the keystore to the SSLSocketFactory. The factory is responsible
        // for the verification of the server certificate.
        SSLSocketFactory sf = new SSLSocketFactory(trusted);
        // Hostname verification from certificate
        // [url=http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506]Chapter2.Connection management[/url]
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        return sf;
    } catch (Exception e) {
        throw new AssertionError(e);
    }
}

}

推荐答案

我发现了SSLPeerUnverifiedException的另一个可能的原因:没有对等证书

I've discovered another possible cause of the SSLPeerUnverifiedException : No Peer Certificate

如果你的模拟器与那就是当证书已经创建你可能会遇到这个异常。比以前的日期运行

If your emulator is running with a date that is earlier than when the certificate was created you'll likely come across this exception.

在我的情况的证书是验证在7月10日,不过模拟器了5月7日的当前日期。

The certificate in my case was validated on the 10th July, but the emulator had a current date of 7th May.

我不知道为什么我的模拟器有它的日期设置为5月7日,因为它本来是要充分利用网络的时候,不过那是另外一个时间问题。

I have no idea why my emulator had its date set to 7th May since it was supposed to be getting the time from the network, but that's an issue for another time.

只是想我应该共享的情况下,它可以帮助其他人避免浪费几天faffing周围的人。

Just thought I should share that in case it helps anyone else avoid wasting a couple of days faffing around.

这篇关于Android的SSL没有同行证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-04 06:01