带有httpClient的SSLPeerUnverifiedException [英] SSLPeerUnverifiedException with httpClient

问题描述

我正在尝试使用自签名证书测试安全的http连接...仅用于开发目的。但是我无法解决对等体未经过身份验证的异常，当然我已经查看了有关此异常的类似帖子，以下是我正在使用的当前实现：

I'm trying to test a secure http connection using self signed certificates... just for development purposes. But I haven't been able to resolve the peer not authenticated exception, of course I have looked at similar posts about this exception and the following one is the current implementation I'm using:

public class SelfCertificatesSocketFactory extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
    super(trustStore);

      TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };




}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}



@Override
public Socket createSocket(Socket socket, String host, int port,
        boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}



}

和用法：

private DefaultHttpClient createHttpsClient(){
    try {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);

        SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
        //sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 443, sf));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        return new DefaultHttpClient(ccm);
    } catch (Exception e) {
        return new DefaultHttpClient();
    }

}

然而它不起作用......我仍然得到例外。我做错了什么？
PD：我正在实现一个Java Web应用程序，这不是一个Android客户端。
非常感谢。

However it's not working... I'm still getting the exception. What I am doing wrong? PD: I'm implementing a Java web application, this is not an Android client. Thanks a lot.

推荐答案

您的代码创建的信任管理器实例似乎没有在任何地方使用， KeyStore实例似乎不包含任何信任材料。

The trust manager instance created by your code does not seem to be used anywhere, and the KeyStore instance does not seem to contain any trust material.

您应该只使用 SSLSocketFactory 。

TrustStrategy easyStrategy = new TrustStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
        // eh, why not?
        return true;
    }
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);

这篇关于带有httpClient的SSLPeerUnverifiedException的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！