接收及放大器;从服务器HTTPS验证证书 - 机器人 [英] Receive & Validate certificate from server HTTPS - android

问题描述

我从我的Andr​​oid客户端通过HTTPS调用Web服务。我得到了验证，从服务器端的证书领取。我怎么做 ？在present这是我的，我用它来调用Web服务code。

I am calling web service from my android client via https. I got to validate the certificate receive from server side. How do I do that ? At present this is my code that I use to call a web service.

private static String SendPost(String url, ArrayList<NameValuePair> pairs) {   // url = "https://....."   
    errorMessage = "";   
    String response = "";   

    DefaultHttpClient hc=new DefaultHttpClient();      
    ResponseHandler <String> res=new BasicResponseHandler();      
    HttpPost postMethod=new HttpPost(url);   

    try {   
postMethod.setEntity(new UrlEncodedFormEntity(pairs));   
        response = hc.execute(postMethod, res);   
    } catch (UnsupportedEncodingException e) {   
        e.printStackTrace();   
    } catch (ClientProtocolException e) {   
        e.printStackTrace();   
    } catch (IOException e) {   
        e.printStackTrace();   
    }        

    return response;   
}  

我如何验证完成后在从服务器接收到一个自签名的证书？我得到了通过公共/私有密钥做测试。客户端将有一个的CA文件。 Ijust需要在客户端为了验证能使用CA的服务器证书，服务是公。这必须与公共/专用密钥。我怎样才能调用后之前接收来自服务器的证书？

How do I validate a self-signed certificate received from server during performing Post ? I got to do testing via public/private keys. Client will have a CA file. Ijust need the client to verify the server certificate using the CA, the service is public .This has to do with public/private key. How can I receive the certificate from the server before calling the post ?

他们有几个选项和$ C，适用于计算器$ C片段。几个环节，我发现多个答案是： <一href="http://stackoverflow.com/questions/2012497/accepting-a-certificate-for-https-on-android">Accepting在Android 的HTTPS证书 http://stackoverflow.com/questions/3761737/https-get-ssl-with-android-and-self-signed-server-certificate

Their are several options and code snippets available on stackoverflow. Couple of links I found with multiple answers is : Accepting a certificate for HTTPs on Android http://stackoverflow.com/questions/3761737/https-get-ssl-with-android-and-self-signed-server-certificate

但我不能做出来这是个好/适用于我！我不想禁用所有或接受任何。要检查公共/私人密钥/

But I can't make out which is good/applicable for me ! I don't want to disable all or accept any. Have to check the public/private keys/

任何帮助是非常AP preciated。

Any help is highly appreciated.

推荐答案

鲍勃·李写了有关如何使用SSL证书与Android一个不错的博客文章。我认为这是适用于您的情况：的http：//博客。 crazybob.org/2010/02/android-trusting-ssl-certificates.html

Bob Lee wrote a nice blog post on how using SSL certificates with Android. I think it is applicable to your case: http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

您只需要创建一个密钥库包含您的自签名证书，并使用的HttpClient 实施中描述的自定义这个职务。

You just have to create a KeyStore containing your self-signed certificate and use the custom HttpClient implementation described in that post.

更新：

主机名验证可以通过<一个被customizez href="http://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html#setHostnameVerifier%28org.apache.http.conn.ssl.X509HostnameVerifier%29"相对=nofollow>设置自定义 X509HostnameVerifier 上的 SSLSocketFactory的。某些实现在机器人已经可以： AllowAllHostnameVerifier ， BrowserCompatHostnameVerifier ， StrictHostnameVerifier

Host name validation can be customizez by setting a custom X509HostnameVerifier on the SSLSocketFactory. Some implementations are already available in android: AllowAllHostnameVerifier, BrowserCompatHostnameVerifier, StrictHostnameVerifier

/* ... */
public class MyHostnameVerifier extends AbstractVerifier {
  boolean verify(String hostname, SSLSession session) {
    X509Certificate[] chain = session.getPeerCertificateChain();
    /* made some checks... */
    return checked;
  }
}
sslSocketFactory.setHostnameVerifier(new MyHostnameVerifier());

这篇关于接收及放大器;从服务器HTTPS验证证书 - 机器人的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！