Android的:如何做HttpPost与证书 [英] Android: how to do HttpPost with a certificate
问题描述
我有一个执行HttpPost。
应用程序现在我需要一个证书添加到后由服务器接收被接受的HttpPost。
请我怎么做呢?
任何建议非常AP preciated !!!
的HttpClient HttpClient的=新DefaultHttpClient(); HttpPost httppost =新HttpPost(https://svcs.sandbox.paypal.com/AdaptivePayments/$p$papproval);
尝试{ httppost.addHeader(X-PAYPAL-SECURITY-USERID,maurizio.pietrantuono_api1.db.com);
httppost.addHeader(X-贝宝安全密码,1395657583);
httppost.addHeader(X-PAYPAL-SECURITY-签名,A0GgTivJ6ivBB8QDTl.cZfiYK5d9AZwsFixwIUdUhJc4JXTriwpfU2zw);
httppost.addHeader(X-PAYPAL-REQUEST数据格式,NV);
httppost.addHeader(X-PAYPAL-RESPONSE数据格式,NV);
httppost.addHeader(X-PAYPAL-APPLICATION-ID,APP-80W284485P519543T); StringEntity SE =新StringEntity(cancelUrl = HTTP:// your_cancel_url+
&放大器;货币code = USD+
&放大器; ENDINGDATE = 2015-03-29T08%3A00%3A00.000Z+
与& maxAmountPerPayment = 200.00+
&放大器; maxNumberOfPayments = 30+
与& maxTotalAmountOfAllPayments = 1500.00+
与& pinType = NOT_REQUIRED+
&放大器; requestEnvelope.errorLanguage = EN_US+
与& RETURNURL = HTTP://www.google.com+
&放大器; STARTINGDATE = 2014-04-29T07%3A00%3A00.000Z+
与& senderEmail=mauriziop-facilitator@hotmail.it);
httppost.setEntity(SE); HTT presponse响应= httpclient.execute(httppost);
你可能面临的最合乎逻辑的一个又最复杂的事情做Java等者平台,因此也机器人。原来,有没有实现的一个和直接的方式,因为有许多种证书及,有没有一种方法用于制作HTTP呼吁所有的人,因为他们中的一些可能由未知的CA签名,其他人为了有需要的证书中间包是有效的,等等。
可能的方式,将帮助您的存储证书到用户的密钥库,并通过这种方式可以使HTTPS请求,因为他们会信任已经在目标SSL证书。在这种情况下,你就可以创建一个新的密钥库,导入证书,然后进行HTTPS请求:
进口java.io.BufferedInputStream中;
进口java.io.IOException异常;
进口的java.io.InputStream;//在多个包有些存在,要小心这些包括
进口java.security.GeneralSecurityException;
进口java.security.KeyStore中;
进口java.security.cert.Certificate中;
进口java.security.cert.CertificateFactory;//这将参考您的密钥库存储证书
密钥库KS = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(NULL); //这将使新店
//下一行,指定文件路径
//您还可以导出目标证书(在你的情况,贝宝)
//把它作为一个硬$ C $`CD和String`使用它。
InputStream为= ...;
二BufferedInputStream为=新的BufferedInputStream(是);CertificateFactory CF = CertificateFactory.getInstance(X.509);而(bis.available()大于0){
证书证书= cf.generateCertificate(之二);
trustStore.setCertificateEntry(myAlias+ bis.available(),证书);
}
此后,使该HTTP请求到SSL服务器应该工作
---- ----编辑
您不需要生成一个网站的证书,因为这个网站已经有一个。你必须输入其现有的证书。我展示你如何做到这一点,它下的Firefox和西班牙做了一个例子,但我想你演绎的关键词在你的语言。
转到要导出其证书的网站。在这个例子中,我做贝宝的,但你可能会做它的任何网站。还需要考虑,一个网站可能有很多证书,这意味着,例如, https://www.paypal.com 有一个和 https://sandbox.paypal.com 还有另一个完全不同的。你需要检查一下。
在地址栏左侧,点击该说贝宝公司(美国)(即宣布,该网站有一个SSL证书)的绿色文本。
您会看到这样的画面:
点击更多信息按钮,你会看到这样的内容:
点击见证书(或类似)按钮,现在你会看到这样的画面:
点击详细信息标签,在列表中,选择网站一一(在这种情况下,首先威瑞信类3公用主证书颁发机构 - G5 ,那么威瑞信3类扩展验证SSL CA ,最后 www.paypal.com ),之后,点击导出... 在该屏幕的底部。你会被要求导出 PEM 证书。
你刚才做的是出口,整个证书链,但现在你必须把它放在一起。只需打开一个文本文件,并添加您刚刚下载一个接其他的的顺序您下载并有专人看管不包括额外的空格三证
这就是你必须在你的code导入证书。在我包括片段,还有你需要把路径文件的位置,这将是这一点。因为你很可能希望包括code为所有的客户,你可能会做两件事情:
-
导入证书作为项目的一部分。这将使该运行你的应用程序的客户端将有证书,这样就可以使用上面的code没有任何moddification,但你必须要小心时,贝宝将改变该证书(他们通常一段时间后过期和需要由一个新的有效的一种来取代 - 你可以看到一个证书的过期时间在证书的属性)。
-
如上所述导出证书,把它放在一个公共场所(例如,Web服务器),并且每个用户运行你的应用程序时,下载并验证是否在密钥库中的证书是一样的你刚才已经阅读。如果它不存在,导入它的第一次。如果它存在,并且不匹配,更新。否则,你不需要做任何事情。
I have an Application that performs an HttpPost.
Now I need to add a Certificate to the post to be accepted by the server receiving the HttpPost.
Please how do I go about it?
Any suggestion very much appreciated !!!
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://svcs.sandbox.paypal.com/AdaptivePayments/Preapproval");
try {
httppost.addHeader("X-PAYPAL-SECURITY-USERID", "maurizio.pietrantuono_api1.db.com");
httppost.addHeader("X-PAYPAL-SECURITY-PASSWORD", "1395657583");
httppost.addHeader("X-PAYPAL-SECURITY-SIGNATURE", "A0GgTivJ6ivBB8QDTl.cZfiYK5d9AZwsFixwIUdUhJc4JXTriwpfU2zw");
httppost.addHeader("X-PAYPAL-REQUEST-DATA-FORMAT", "NV");
httppost.addHeader("X-PAYPAL-RESPONSE-DATA-FORMAT", "NV");
httppost.addHeader("X-PAYPAL-APPLICATION-ID", "APP-80W284485P519543T");
StringEntity se=new StringEntity("cancelUrl=http://your_cancel_url"+
"¤cyCode=USD"+
"&endingDate=2015-03-29T08%3A00%3A00.000Z"+
"&maxAmountPerPayment=200.00"+
"&maxNumberOfPayments=30"+
"&maxTotalAmountOfAllPayments=1500.00"+
"&pinType=NOT_REQUIRED"+
"&requestEnvelope.errorLanguage=en_US"+
"&returnUrl=http://www.google.com"+
"&startingDate=2014-04-29T07%3A00%3A00.000Z"+
"&senderEmail=mauriziop-facilitator@hotmail.it");
httppost.setEntity(se);
HttpResponse response = httpclient.execute(httppost);
You're probably facing one of the most logical yet most complicate things to do on a plaform like Java and therefore also Android. Turns out that there's not a one-and-direct way of achieving that since there are lots of kinds of certificates and there's not a method for making a HTTP call for all of them, because some of them might be signed by unknown CAs, others have intermediate bundles required in order for the cert be valid, etc.
Probably a way that will help you is storing the certificate into the user's keystore and this way you can make HTTPS requests because they'll already trust the destination SSL certificate. In this case, you'll be creating a new KeyStore, import the certificate and then make the HTTPS request:
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
// Some of these exist in more than one package, be careful to include these
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
// This would reference to your KeyStore to store the certificate
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null); // This will make a new store
// In the next line, specify the file path
// You can also export the destination certificate (in your case, Paypal's)
// put it as a hardcoded `String` and work with it.
InputStream is = ...;
BufferedInputStream bis = new BufferedInputStream(is);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
while (bis.available() > 0) {
Certificate cert = cf.generateCertificate(bis);
trustStore.setCertificateEntry("myAlias" + bis.available(), cert);
}
Afterwards, making the HTTP request to the SSL server should work.
---- EDIT ----
You don't need to generate a certificate for a site, as this site already has one. You have to import its already existing certificate. I'm showing you an example of how to do it, it's done under Firefox and in spanish, but I guess you'll deduce the key words in your language.
Go to the site whose certificate you want to export. In this example, I'm doing Paypal's, but you might do it for any site. Also take in consideration that a site might have many certificates, that means that, for instance, https://www.paypal.com has one and https://sandbox.paypal.com has another totally different. You'll need to check this.
On the left side of the address bar, click on the Green text that says Paypal, Inc (US) (that announces that the site has a SSL certificate).
You'll see a screen like this:
Click on the More information button and you'll see something like this:
Click on the See certificate (or similar) button, and now you'll see this screen:
Click on the Details tab, in the list, select sites one by one (in this case, firstly VeriSign Class 3 Public Primary Certification Authority - g5, then VeriSign Class 3 Extended Validation SSL CA, and lastly www.paypal.com), and afterwards, click on Export... at the bottom of that screen. You'll be asked to export a PEM certificate.
What you have just done is exporting the whole certificate chain, but now you have to put it all together. Simply open a text file and append the three certificates you just downloaded one after other in the order you downloaded and having special care to not include additional spaces.
That's the certificate you'll have to import in your code. In the snippet I included, there's a place you need to put a path to a file, it would be this. Since you probably want to include that code for all your clients, you might do 2 things:
Import the certificate as a part of your project. This would make that any client running your app will have that cert, this way you can use the code above without any moddification, but you'd need to be careful when Paypal would change that certificate (they usually expire after a time and need to be replaced by a new valid one - you can see the expiration time of a certificate in the properties of the certificate).
Export the certificate as described above, put it in a public place (for instance, a web server) and each time a user runs your app, download it and verify if the certificate in the keystore is the same that you just have read. If it doesn't exist, simply import it for the first time. If it exists and doesn't match, update it. Else, you don't need to do anything.
这篇关于Android的:如何做HttpPost与证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
