带有httpClient的SSLPeerUnverifiedException
我正在尝试使用自签名证书测试安全的http连接…仅用于开发目的。 但是我无法解决对等体未经过身份validation的exception,当然我已经查看了有关此exception的类似post,以下是我正在使用的当前实现:
public class SelfCertificatesSocketFactory extends SSLSocketFactory { SSLContext sslContext = SSLContext.getInstance("TLS"); public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException { super(trustStore); TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; } @Override public Socket createSocket() throws IOException { return sslContext.getSocketFactory().createSocket(); } @Override public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose); } } 用法:
private DefaultHttpClient createHttpsClient(){ try { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore); //sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("https", 443, sf)); ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry); return new DefaultHttpClient(ccm); } catch (Exception e) { return new DefaultHttpClient(); } }
但它不起作用……我仍然得到例外。 我做错了什么? PD:我正在实现一个Java Web应用程序,这不是一个Android客户端。 非常感谢。
您的代码创建的信任管理器实例似乎没有在任何地方使用,并且KeyStore实例似乎不包含任何信任材料。
您应该简单地利用SSLSocketFactoryfunction,而不是完成所有这些。
TrustStrategy easyStrategy = new TrustStrategy() { public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { // eh, why not? return true; } }; SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);
谢谢,通过使用以下代码解决了它:
HttpClient client = null; TrustStrategy easyStrategy = new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] certificate, String authType) throws CertificateException { return true; } }; try { SSLSocketFactory sf = new SSLSocketFactory(easyStrategy,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("https", 8443, sf)); ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry); client = new DefaultHttpClient(ccm); } catch (KeyManagementException e1) { e1.printStackTrace(); } catch (UnrecoverableKeyException e1) { e1.printStackTrace(); } catch (NoSuchAlgorithmException e1) { e1.printStackTrace(); } catch (KeyStoreException e1) { e1.printStackTrace(); }
在我的特定情况下,我的设备上的系统时间是在过去设置的。
感谢这个页面指出看似明显的…… 🙂