问题
I'm trying to test a secure http connection using self signed certificates... just for development purposes. But I haven't been able to resolve the peer not authenticated exception, of course I have looked at similar posts about this exception and the following one is the current implementation I'm using:
public class SelfCertificatesSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
super(trustStore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}
}
And the usage:
private DefaultHttpClient createHttpsClient(){
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
//sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, sf));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
return new DefaultHttpClient(ccm);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
However it's not working... I'm still getting the exception. What I am doing wrong? PD: I'm implementing a Java web application, this is not an Android client. Thanks a lot.
回答1:
The trust manager instance created by your code does not seem to be used anywhere, and the KeyStore instance does not seem to contain any trust material.
Instead of doing all that you should simply leverage functionality of SSLSocketFactory.
TrustStrategy easyStrategy = new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// eh, why not?
return true;
}
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);
回答2:
Thanks that made it, resolved by using the following code:
HttpClient client = null;
TrustStrategy easyStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] certificate, String authType)
throws CertificateException {
return true;
}
};
try {
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 8443, sf));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
client = new DefaultHttpClient(ccm);
} catch (KeyManagementException e1) {
e1.printStackTrace();
} catch (UnrecoverableKeyException e1) {
e1.printStackTrace();
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (KeyStoreException e1) {
e1.printStackTrace();
}
回答3:
In my particular case, the system time on my device was set in the past.
Thanks to this page for pointing out the seemingly obvious... :)
来源:https://stackoverflow.com/questions/9101763/sslpeerunverifiedexception-with-httpclient