机器人的WebView setCertificate问题的SSL问题 [英] Android WebView setCertificate issues SSL problems
问题描述
我已经看到了很多帖子和有关SSL错误的信息,并在一个我偶然发现我自己。
I have seen a lot of posts and information about SSL errors and I have stumbled upon one myself.
我想通过机器人的WebView访问一个网页GlobalSign CA的BE证书,我也得到一个不信任的错误。
I am trying to access a web page through Android WebView with a GlobalSign CA BE certificate, and I get a not-trusted error.
对于大多数手机,它工作正常来处理这个问题,而只是告诉处理程序进行。
For most phones, it works fine to handle this, and just tell the handler to proceed.
有些手机,不过,最终得到一个onReceivedError在web视图客户端,告诉它,它不能建立与服务器的联系。发生这种情况后,已通过onReceivedSslError了,并着手。
Some phones, however, end up getting a onReceivedError in the webview-client, telling it that it can't establish contact with the server. This happens after it has gone through the onReceivedSslError and proceeded.
我搜索的描述,发现很多涉及描述HttpClient的,要么安装自己的证书,或只是欺骗成接受一切。
I searched for descriptions and found a lot of descriptions involving HttpClient and either installing your own certificate or just tricking it into accepting all.
不过,由于我使用的WebView我想我会利用WebView.setCertificate(SslCertificate CRT)的。我搜索了这个功能的讨论,但并没有找到太多/任何信息。
However, since I was using WebView I thought I'd make use of WebView.setCertificate(SslCertificate crt) . I searched for discussions of this function, but did not find much/any info.
我一抱被认为是不可信的证书,而这样做code:
I got a hold of the certificate that was said to be untrusted, and did this code:
try{
Certificate myCert = CertificateFactory.getInstance("X509").
generateCertificate(this.getResources().
openRawResource(R.raw.globalsign_ca_be));
X509Certificate x509 = (X509Certificate) myCert;
SslCertificate sslCert = new SslCertificate(x509);
webView.setCertificate(sslCert);
}
catch (CertificateException ex){
ex.printStackTrace();
}
通过包含此.cer文件:
With a .cer file containing this:
----- BEGIN CERTIFICATE ----- MIIEbjCCA1agAwIBAgILBAAAAAABElatYgQwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNzA1MDQxMDAw MDBaFw0xNDAxMjcxMTAwMDBaMHExCzAJBgNVBAYTAkJFMR0wGwYDVQQLExREb21h aW4gVmFsaWRhdGlvbiBDQTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYG A1UEAxMfR2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALSfSeaznwFVNtA2lWzLFlpscrXineL6OekK 3HNcoDt2bQUokw2lQvPoy + 7TMxoTJwrfXNFUYmqaFzbWPFiHHrJmH1VpK4lWR7TC UAzlXcH9KRtmc0P0b9EUTyptSFI69eSQP96y9BDV + fqslg0QMiPS01GnlYVQ + G8P naeITg0xm0RBjkEvbpoatLalWfFJWQl + fknTaTNLAJLFG0Igafhk39inRNGQXv05 rWt9 / tWLpAFk9qe0IITMBS8n7h7VJJauhEOkPkPzO5nX + fLePRnt0GXxScpI0jh9 xkjXcmG4xsJnCthlWv1b88X9voxpz5kgtursOYDpZqjuPZ1Ge4cCAwEAAaOCAR8w ggEbMA4GA1UdDwEB / wQEAwIBBjASBgNVHRMBAf8ECDAGAQH / AgEAMEsGA1UdIARE MEIwQAYJKwYBBAGgMgEKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFs c2lnbi5uZXQvcmVwb3NpdG9yeS8wHQYDVR0OBBYEFDYSTp5xxCZB8frxKUy / F6RT KLbrMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQv cm9vdC5jcmwwEQYJYIZIAYb4QgEBBAQDAgIEMCAGA1UdJQQZMBcGCisGAQQBgjcK AwMGCWCGSAGG + EIEATAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo // z9SzAN BgkqhkiG9w0BAQUFAAOCAQEAwyV5SvrNJm9AariUG + ag4WvSMZo / ifvFCiJ1ev27 QDScvJ6FSVl6lcwNLUQLx8sVEB7S3ON46l / 1NVGmyD85kBWeXxXJt49da2OZaOFu XPydNzMKrodwSqLjqyZ9cwfk9wqqdY + m7psE0QVDdBq61MKdf7egbO0WmmdAVquD n0yc6yg0H43mWg9pQNmpnmr5iX / Q + IyzSC4LT / H5z / UOEQIMiRZzU10s0 + / eXwsl utVOj4WQP4iTeaUgrP + wisvLpVV4gzlBMqpdJZOn6u4YcrXiHX8IdBG2ASdOls + O 8Cr5UqwkGhmen2xSfIs6plTewcchfTrTvBqobfK / 33bKAw == ----- END CERTIFICATE -----
-----BEGIN CERTIFICATE----- MIIEbjCCA1agAwIBAgILBAAAAAABElatYgQwDQYJKoZIhvcNAQEFBQAwVzELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0wNzA1MDQxMDAw MDBaFw0xNDAxMjcxMTAwMDBaMHExCzAJBgNVBAYTAkJFMR0wGwYDVQQLExREb21h aW4gVmFsaWRhdGlvbiBDQTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYG A1UEAxMfR2xvYmFsU2lnbiBEb21haW4gVmFsaWRhdGlvbiBDQTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALSfSeaznwFVNtA2lWzLFlpscrXineL6OekK 3HNcoDt2bQUokw2lQvPoy+7TMxoTJwrfXNFUYmqaFzbWPFiHHrJmH1VpK4lWR7TC UAzlXcH9KRtmc0P0b9EUTyptSFI69eSQP96y9BDV+fqslg0QMiPS01GnlYVQ+g8p naeITg0xm0RBjkEvbpoatLalWfFJWQl+fknTaTNLAJLFG0Igafhk39inRNGQXv05 rWt9/tWLpAFk9qe0IITMBS8n7h7VJJauhEOkPkPzO5nX+fLePRnt0GXxScpI0jh9 xkjXcmG4xsJnCthlWv1b88X9voxpz5kgtursOYDpZqjuPZ1Ge4cCAwEAAaOCAR8w ggEbMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMEsGA1UdIARE MEIwQAYJKwYBBAGgMgEKMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFs c2lnbi5uZXQvcmVwb3NpdG9yeS8wHQYDVR0OBBYEFDYSTp5xxCZB8frxKUy/F6RT KLbrMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQv cm9vdC5jcmwwEQYJYIZIAYb4QgEBBAQDAgIEMCAGA1UdJQQZMBcGCisGAQQBgjcK AwMGCWCGSAGG+EIEATAfBgNVHSMEGDAWgBRge2YaRQ2XyolQL30EzTSo//z9SzAN BgkqhkiG9w0BAQUFAAOCAQEAwyV5SvrNJm9AariUG+ag4WvSMZo/ifvFCiJ1ev27 QDScvJ6FSVl6lcwNLUQLx8sVEB7S3ON46l/1NVGmyD85kBWeXxXJt49da2OZaOFu XPydNzMKrodwSqLjqyZ9cwfk9wqqdY+m7psE0QVDdBq61MKdf7egbO0WmmdAVquD n0yc6yg0H43mWg9pQNmpnmr5iX/Q+IyzSC4LT/H5z/UOEQIMiRZzU10s0+/eXwsl utVOj4WQP4iTeaUgrP+wisvLpVV4gzlBMqpdJZOn6u4YcrXiHX8IdBG2ASdOls+o 8Cr5UqwkGhmen2xSfIs6plTewcchfTrTvBqobfK/33bKAw== -----END CERTIFICATE-----
它完成,且没有例外,但我还是得到了我的WebView相同的行为。首先一个SSL错误,然后一个错误说是不能通信/加载页面。
It completed without exception, but I still got the same behaviour from my webview. First an SSL-error and then an error saying it could not communicate/load the page.
如果任何人有一些信息,已经能够获得SSL,在web视图正常工作,甚至只是在方法调试这方面的帮助。我将非常AP preciate吧。
If anyone has some info, has been able to get SSL working properly in WebView, or even just help in ways to debug this. I would greatly appreciate it.
我的头也爆炸了一下,因为我不是很有经验的SSL开始。
My head is also exploding a bit, because I'm not very experienced in SSL to begin with.
*这是一个公共密钥顺便说一句,平平淡淡;)(GlobalSign CA的BE)
*it's a public key btw, nothing exciting ;) (GlobalSign CA BE)
一些更多的信息: 在SSL例外: 主要错误:3 证书:颁发给:CN = GlobalSign的域验证 CA,O = GlobalSign的NV-SA,OU =域验证CA,C = BE;
some more info: the ssl exception: primary error: 3 certificate: Issued to: CN=GlobalSign Domain Validation CA,O=GlobalSign nv-sa,OU=Domain Validation CA,C=BE;
发布单位:CN = GlobalSign根CA,OU =根CA,O = GlobalSign的NV-SA,C = BE;
Issued by: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE;
错误3,SSL_UNTRUSTED
error 3 is , SSL_UNTRUSTED
我也不过有一种感觉,setCertificate功能,是不是要添加可信证书缺失根或类似的,而是添加一个客户端证书来识别与服务器期待的。将是很好的对这个功能虽然一些更多的信息,似乎有点无证。
I do however have a feeling that the setCertificate function, is not to add a trusted certificate for a missing root or similar, but instead to add a client certificate to identify with a server expecting one. Would be good with some more info on this function though, it seems a bit undocumented.
我穿过一个网站名为ssltest.net运行confied.payex.com:443并从那里下载证书拿到了加州。
I got the CA through running confied.payex.com:443 through a site called ssltest.net and downloading the cert from there.
推荐答案
我试图去code中的证书,但它似乎并没有有效(其实我测试了2个不同X509的实现无一不给了我一个不正确编码的错误)。
I tried to decode the certificate but it does not seem to be valid (actually I tested 2 distinct X509 implementations and both gave me an "incorrect encoding" error).
您可以提供更多的细节上的SSL异常?
Can you give more details on the SSL exception?
我没有找到关于 setCertificate 方法的信息。我觉得这个方法需要服务器证书。您应该确保证书时去code是的最终实体的证书,而不是一个CA证书。
I did not find much information about the setCertificate method. I think this method expects the server certificate. You should ensure that the certificate you decode is the end entity certificate and not a CA certificate.
这篇关于机器人的WebView setCertificate问题的SSL问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
