添加服务器证书信息到信任编程经理的Android [英] Add Server Certificate Information to Trust Manager Android Programmatically
本文介绍了添加服务器证书信息到信任编程经理的Android的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我是新来这个 SSL 和 X509证书概念。什么我需要的是,有没有什么办法让从证书信息给定网址
例如:如果用户键入 https://www.google.com 的话,我需要为编程的证书信息。
编辑:
最后,我在证书信息从服务器。
现在,我的问题是:
1 如何检查信任证书或不?
2 我如何添加证书的信任管理器?
3。均匀,如果是不受信任的证书,如果用户想继续与那就没必要将证书添加到信任管理器。我怎样才能做到这一点?
4。难道,序检查证书是可信与否,我们真的需要另一个证书来比较?
我很新的给这些 X.509证书。
任何帮助将是非常鸭preciated。
编辑:
这是我曾尝试。但是,他们没有帮助我。我需要信任该证书或没有。
X509TrustManager的TrustManager =新X509TrustManager(){
@覆盖
公共无效checkClientTrusted(x509证书[]链,
字符串的authType)抛出CertificateException {
对于(TM的TrustManager:经理){
如果(TM的instanceof X509TrustManager){
((X509TrustManager)TM).checkClientTrusted(
链的authType);
}
}
}
@覆盖
公共无效checkServerTrusted(x509证书[]链,
字符串的authType){
为(x509证书证书:链){
最后弦乐mCertificatinoType = cert.getType();
日期afterDate = cert.getNotAfter();
日期beforeDate = cert.getNotBefore();
日期的currentdate =新的日期();
尝试 {
cert.checkValidity(新日期());
}赶上(CertificateExpiredException E){
LoginActivity.isExpired = TRUE;
e.printStackTrace();
}赶上(CertificateNotYetValidException E){
LoginActivity.isInValid = TRUE;
e.printStackTrace();
}
尝试 {
cert.verify(trustedRoot.getPublicKey());
}赶上(InvalidKeyException将E){
e.printStackTrace();
}赶上(CertificateException E){
e.printStackTrace();
}赶上(抛出:NoSuchAlgorithmException E){
e.printStackTrace();
}赶上(NoSuchProviderException E){
e.printStackTrace();
}赶上(SignatureException E){
e.printStackTrace();
}
尝试 {
如果(cert.getIssuerX500Principal()。等于(
trustedRoot.getIssuerX500Principal())){
}
cert.verify(trustedHost.getPublicKey());
}赶上(InvalidKeyException将E){
e.printStackTrace();
}赶上(CertificateException E){
e.printStackTrace();
}赶上(抛出:NoSuchAlgorithmException E){
e.printStackTrace();
}赶上(NoSuchProviderException E){
e.printStackTrace();
}赶上(SignatureException E){
e.printStackTrace();
}
如果(afterDate.compareTo(的currentdate)
* currentDate.compareTo(beforeDate)> 0){
} 其他 {
}
如果(cert.getIssuerX500Principal()。等于(
trustedRoot.getIssuerX500Principal())){
返回;
}
}
//为(x509证书证书:链){
// URL网址;
//字符串主机=;
//如果(baseHostString.equalsIgnoreCase()){
//最后设置设置= mApplication
// .getSettings();
// 尝试 {
// URL =新的URL(
// settings.serverAddress.toString());
//主机= url.getAuthority();
//}赶上(MalformedURLException异常E){
// e.printStackTrace();
//}
// } 其他 {
//
//}
//
//字符串DN = cert.getSubjectDN()的getName()。
//字符串CN = getValByAttributeTypeFromIssuerDN(DN,
//CN =);
//如果(CN.equalsIgnoreCase(主机)){
//如果(cert.getIssuerX500Principal()。等于(
// trustedRoot.getIssuerX500Principal())){
// 返回;
// } 其他 {
//}
// } 其他 {
//}
//}
对于(TM的TrustManager:经理){
如果(TM的instanceof X509TrustManager){
尝试 {
((X509TrustManager)TM).checkServerTrusted(
链的authType);
}赶上(CertificateException E){
e.printStackTrace();
}
}
}
}
@覆盖
公共x509证书[] getAcceptedIssuers(){
ArrayList的< x509证书>发行人=新的ArrayList<>();
对于(TM的TrustManager:经理){
如果(TM的instanceof X509TrustManager){
issuers.addAll(数组
.asList(((X509TrustManager)TM)
.getAcceptedIssuers()));
}
}
返回issuers.toArray(新x509证书[发行
。尺寸()]);
}
};
解决方案
最后,破解!
X509TrustManager的TrustManager =新X509TrustManager(){
@覆盖
公共无效checkClientTrusted(x509证书[]链,
字符串的authType)抛出CertificateException {
对于(TM的TrustManager:经理){
如果(TM的instanceof X509TrustManager){
((X509TrustManager)TM).checkClientTrusted(
链的authType);
}
}
}
@覆盖
公共无效checkServerTrusted(
最后的X509Certificate []链,字符串的authType){
为(x509证书证书:链){
最后弦乐mCertificatinoType = cert.getType();
日期afterDate = cert.getNotAfter();
日期beforeDate = cert.getNotBefore();
日期的currentdate =新的日期();
尝试 {
cert.checkValidity(新日期());
}赶上(CertificateExpiredException E){
isExpired =真;
e.printStackTrace();
}赶上(CertificateNotYetValidException E){
isInValid = TRUE;
e.printStackTrace();
}
如果(afterDate.compareTo(的currentdate)
* currentDate.compareTo(beforeDate)> 0){
isExpired = FALSE;
} 其他 {
isExpired =真;
}
字符串DN = cert.getSubjectDN()的getName()。
字符串CN = getValByAttributeTypeFromIssuerDN(DN,
CN =);
字符串主机=;
如果(TextUtils.isEmpty(查询)){
如果(baseHostString.equalsIgnoreCase()){
最后设置设置= mApplication
.getSettings();
尝试 {
网址URL =新的URL(
settings.serverAddress
的ToString());
主机= url.getAuthority();
如果(host.contains(将String.valueOf(网址
.getPort()))){
串toBeReplaced =:
+ url.getPort();
主机= host.replace(toBeReplaced,
);
}
}赶上(MalformedURLException异常E){
e.printStackTrace();
}
} 其他 {
尝试 {
网址URL =新的URL(baseHostString);
主机= url.getAuthority();
如果(host.contains(将String.valueOf(网址
.getPort()))){
串toBeReplaced =:
+ url.getPort();
主机= host.replace(toBeReplaced,
);
}
}赶上(MalformedURLException异常E){
e.printStackTrace();
}
}
} 其他 {
尝试 {
网址URL =新的URL(查询);
主机= url.getAuthority();
如果(host.contains(将String.valueOf(网址
.getPort()))){
串toBeReplaced =:
+ url.getPort();
主机= host.replace(toBeReplaced,);
}
}赶上(MalformedURLException异常E){
e.printStackTrace();
}
}
如果(CN.equalsIgnoreCase(主机)){
isHostMisMatch = FALSE;
} 其他 {
isHostMisMatch = TRUE;
}
对于(TM的TrustManager:经理){
如果(TM的instanceof X509TrustManager){
尝试 {
((X509TrustManager)TM)
.checkServerTrusted(链,
的authType);
}赶上(CertificateException E){
如果(e.getMessage()!=空
&功放;&安培; e.getMessage()
。载(
找不到信任锚的证书路径。)){
isNotTrusted = TRUE;
mApplication
.setCurrentCertificate(链);
}
e.printStackTrace();
}
}
}
如果(cert.getIssuerX500Principal()。等于(
trustedRoot.getIssuerX500Principal())){
返回;
}
}
}
@覆盖
公共x509证书[] getAcceptedIssuers(){
ArrayList的< x509证书>发行人=新的ArrayList<>();
对于(TM的TrustManager:经理){
如果(TM的instanceof X509TrustManager){
issuers.addAll(数组
.asList(((X509TrustManager)TM)
.getAcceptedIssuers()));
}
}
返回issuers.toArray(新x509证书[发行
。尺寸()]);
}
};
谢谢大家。
I am new to this SSL and X509Certificate Concepts. What all I need is, Is there any way to get the Certificate Information from a given Url
For Example: If User has typed https://www.google.com then I need the Certificate Information for that Programmatically.
Edit:
Finally, I got the Certificate Information from Server.
Now, my questions are:
1. How can I Check Certificate is Trusted or not ?
2. How can I add the Certificate to the Trust Manager ?
3. Even, if it is Un-trusted Certificate, if the user wants to continue with that then i need to add the certificate to the Trust Manager. How can i Achieve this?
4. Is it that, inorder to check a Certificate is trusted or not, do we really need to have another certificate to compare ?
I am very much new to these X.509 Certificate.
Any help will be really Appreciated.
EDIT:
This is what i have Tried. But, none of them is Helping me. I need to get the Certificate is trusted or not.
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
LoginActivity.isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
LoginActivity.isInValid = true;
e.printStackTrace();
}
try {
cert.verify(trustedRoot.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
try {
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
}
cert.verify(trustedHost.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
} else {
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
// for (X509Certificate cert : chain) {
// URL url;
// String host = "";
// if (baseHostString.equalsIgnoreCase("")) {
// final Settings settings = mApplication
// .getSettings();
// try {
// url = new URL(
// settings.serverAddress.toString());
// host = url.getAuthority();
// } catch (MalformedURLException e) {
// e.printStackTrace();
// }
// } else {
//
// }
//
// String dn = cert.getSubjectDN().getName();
// String CN = getValByAttributeTypeFromIssuerDN(dn,
// "CN=");
// if (CN.equalsIgnoreCase(host)) {
// if (cert.getIssuerX500Principal().equals(
// trustedRoot.getIssuerX500Principal())) {
// return;
// } else {
// }
// } else {
// }
// }
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm).checkServerTrusted(
chain, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
解决方案
Finally, cracked!
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(
final X509Certificate[] chain, String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
isInValid = true;
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
isExpired = false;
} else {
isExpired = true;
}
String dn = cert.getSubjectDN().getName();
String CN = getValByAttributeTypeFromIssuerDN(dn,
"CN=");
String host = "";
if (TextUtils.isEmpty(query)) {
if (baseHostString.equalsIgnoreCase("")) {
final Settings settings = mApplication
.getSettings();
try {
URL url = new URL(
settings.serverAddress
.toString());
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
} else {
try {
URL url = new URL(baseHostString);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
} else {
try {
URL url = new URL(query);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced, "");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
if (CN.equalsIgnoreCase(host)) {
isHostMisMatch = false;
} else {
isHostMisMatch = true;
}
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm)
.checkServerTrusted(chain,
authType);
} catch (CertificateException e) {
if (e.getMessage() != null
&& e.getMessage()
.contains(
"Trust anchor for certification path not found.")) {
isNotTrusted = true;
mApplication
.setCurrentCertificate(chain);
}
e.printStackTrace();
}
}
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
Thanks Everybody.
这篇关于添加服务器证书信息到信任编程经理的Android的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
