问题
I am getting this error in my logcat. I have implemented ssl pinning in my android application. I think I have done something wrong which is causing this error.
05-19 17:39:54.998: E/NativeCrypto(30908): ssl=0x5eefaf80 cert_verify_callback x509_store_ctx=0x5dbea940 arg=0x0
05-19 17:39:54.998: E/NativeCrypto(30908): ssl=0x5eefaf80 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA
Following is my ssl pinning android code. Which works but throws the above mentioned error.
public static HttpClient getHttpClient(HttpParams params, Context context) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, KeyManagementException, UnrecoverableKeyException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = context.getResources().openRawResource(R.raw.abc);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
try {
caInput.close();
} catch (IOException e) {
Log.e("Error","Closing the cert file",e);
}
}
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
SSLSocketFactory sf = new TrustSelectCertsSSLSocketFactory(keyStore,context);
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
DefaultHttpClient client = new DefaultHttpClient(ccm, params);
DefaultHttpRequestRetryHandler defaultHttpRequestRetryHandler = new DefaultHttpRequestRetryHandler(0, false);
client.setHttpRequestRetryHandler(defaultHttpRequestRetryHandler);
return client;
}
TrustSelectCertSSLFactory.java code
public class TrustSelectCertSSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public TrustSelectCertSSLFactory(KeyStore truststore, Context context) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException,
UnrecoverableKeyException, CertificateException {
super(truststore);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(truststore);
sslContext.init(null, tmf.getTrustManagers(), null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
The code which calls the function getHttpClient
....
HttpClient client = getHttpClient(params,context);
....
httpResponse = client.execute(post);
....
Is my SSL pinning implementation correct and why is this error showing up in the logcat? If you need more details then please mention it in the comment section.
I searched on google but it's giving me solutions which are not solution to this problem. Is there something else I should look for?
link 1
link 2
来源:https://stackoverflow.com/questions/30326358/is-this-android-ssl-pinning-implementation-correct-and-why-is-this-error-showing