Google Play警告和“X509TrustManager的不安全实施”
我们收到了有关“您正在使用X509TrustManagfer的不安全实施”的邮件。 要解决此问题,我们已应用http://transoceanic.blogspot.in/2011/11/android-import-ssl-certificate-and-use.html中的解决方案
这里我们生成了新的BKS密钥库并传递了这个密钥库SSLSocketFactory。 该工厂负责validation服务器证书。 我们已经存在Keystore但它不是.BKS格式。 这就是为什么我们为特殊的HTTPS调用创建了新的。 请查看我的以下代码:
DefaultHttpClient sslClient = new MyHttpClient(StartupActivity.activity); public class MyHttpClient extends DefaultHttpClient { final Context context; public MyHttpClient(Context context) { this.context = context; } @Override protected ClientConnectionManager createClientConnectionManager() { SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("http", PlainSocketFactory .getSocketFactory(), 80)); // Register for port 443 our SSLSocketFactory with our keystore // to the ConnectionManager registry.register(new Scheme("https", newSslSocketFactory(), 443)); return new SingleClientConnManager(getParams(), registry); } private SSLSocketFactory newSslSocketFactory() { try { // Get an instance of the Bouncy Castle KeyStore format KeyStore trusted = KeyStore.getInstance("BKS"); // Get the raw resource, which contains the keystore with // your trusted certificates (root and any intermediate certs) InputStream in = context.getResources().openRawResource( R.raw.mykeystore); try { // Initialize the keystore with the provided trusted // certificates // Also provide the password of the keystore trusted.load(in, "keystore_password".toCharArray()); } finally { in.close(); } // Pass the keystore to the SSLSocketFactory. The factory is // responsible // for the verification of the server certificate. SSLSocketFactory sf = new SSLSocketFactory(trusted); // Hostname verification from certificate // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); return sf; } catch (Exception e) { throw new AssertionError(e); } } } 您能否检查并确认使用此解决方案我们的应用程序是否安全?
如果您有任何其他最佳解决方案,请告诉我们。