Android: Making Https Request

后端未结

关注

 2  1670

执念已碎 2020-12-01 02:02

How do I avoid the \"javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated\" exception and the Android Apache lib gap \"The constructor SSLSocketFactory(SSLContex

2条回答

有刺的猬 (楼主)

2020-12-01 02:17

This method takes an HttpClient instance and returns a ready-for-https HttpClient instance.

 private HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new MySSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}

Because the Android org.apache.http.conn.ssl.SSLSocketFactory does not have the SSLSocketFactory(SSLContext) constructor, I have extended the class as follows.

 public class MySSLSocketFactory extends SSLSocketFactory {
     SSLContext sslContext = SSLContext.getInstance("TLS");

     public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         super(truststore);

         TrustManager tm = new X509TrustManager() {
             public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public X509Certificate[] getAcceptedIssuers() {
                 return null;
             }
         };

         sslContext.init(null, new TrustManager[] { tm }, null);
     }

     public MySSLSocketFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        super(null);
        sslContext = context;
     }

     @Override
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
         return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
     }

     @Override
     public Socket createSocket() throws IOException {
         return sslContext.getSocketFactory().createSocket();
     }
}

Excellent article here: http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html

And some help here: Trusting all certificates using HttpClient over HTTPS

0 讨论(0)

查看其它2个回答