证书是随机没有被正确创建 [英] certificate is randomly not being created correctly

问题描述

我有一个自定义的HttpClient我创建对我的自定义信任存储，并使用它，它尝试访问所有SSL站点。这里的code为：

I have a custom httpclient that I created to take in my custom trust store, and use it for all ssl sites that it tries to access. Here's the code for that:

public class MyHttpClient extends DefaultHttpClient {

    private Context context;

    public MyHttpClient(Context context) {

        this.context = context;
    }

    @Override
    protected ClientConnectionManager createClientConnectionManager() {

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory
                .getSocketFactory(), 80));
        registry.register(new Scheme("https", newSslSocketFactory(), 443));
        return new SingleClientConnManager(getParams(), registry);
    }

    private SSLSocketFactory newSslSocketFactory() {

        try {
            KeyStore trusted = KeyStore.getInstance("BKS");
            InputStream in = context.getResources().openRawResource(
                    R.raw.cacerts);
            try {
                trusted.load(in, "changeit".toCharArray());
            }
            catch (CertificateException c) {
                System.out
                        .println("There was a certificate exception in myhttpclient!");
            }
            finally {

                in.close();
            }
            return new SSLSocketFactory(trusted);
            }
            catch (Exception e) {
                throw new AssertionError(e);
            }
    }
}

这就是它给我的堆栈跟踪：

And here's the stacktrace it's giving me:

W/System.err(4194): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
W/System.err(4194):     at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:258)
W/System.err(4194):     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
W/System.err(4194):     at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
W/System.err(4194):     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
W/System.err(4194):     at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
W/System.err(4194):     at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
W/System.err(4194):     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:428)
W/System.err(4194):     at org.apache.http.impl.client.AbstractHttpClient$1.executeRequestSending(AbstractHttpClient.java:608)
W/System.err(4194):     at org.apache.http.impl.client.naf.redirect.NafRequestExecutorWrapperRedirectionHandler.executeRequestSendingUsual(NafRequestExecutorWrapperRedirectionHandler.java:96)
W/System.err(4194):     at org.apache.http.impl.client.naf.redirect.NafRequestExecutorWrapperRedirectionHandler.executeRequestSending(NafRequestExecutorWrapperRedirectionHandler.java:73)
W/System.err(4194):     at org.apache.http.impl.client.naf.auth.NafHttpAuthStrategyDefault.sendFirstRequest(NafHttpAuthStrategyDefault.java:487)
W/System.err(4194):     at org.apache.http.impl.client.naf.auth.NafHttpAuthStrategyDefault.performAuthExecutionUnsafe(NafHttpAuthStrategyDefault.java:388)
W/System.err(4194):     at org.apache.http.impl.client.naf.auth.NafHttpAuthStrategyDefault.performAuthExecution(NafHttpAuthStrategyDefault.java:200)
W/System.err(4194):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:556)
W/System.err(4194):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:505)
W/System.err(4194):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:483)
W/System.err(4194):     at com.wmmccreedy.vce.AgConnection.submitInfo(AgConnection.java:111)
W/System.err(4194):     at com.wmmccreedy.vce.LoginSubmitActvity$DownloadWebPageTask.doInBackground(LoginSubmitActvity.java:199)
W/System.err(4194):     at com.wmmccreedy.vce.LoginSubmitActvity$DownloadWebPageTask.doInBackground(LoginSubmitActvity.java:1)
W/System.err(4194):     at android.os.AsyncTask$2.call(AsyncTask.java:185)
W/System.err(4194):     at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:306)
W/System.err(4194):     at java.util.concurrent.FutureTask.run(FutureTask.java:138)
W/System.err(4194):     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1088)
W/System.err(4194):     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:581)
W/System.err(4194):     at java.lang.Thread.run(Thread.java:1019)

现在，这正常工作......时间大约50％。我通过创建一个while循环解决这一点。它继续重新HttpClient的客户端，并尝试一遍又一遍访问服务器再次，直到它的工作原理，通常只有1〜2次尝试后（最大值我所看到的是4）。显然，这是非常低效的。

Now, this works correctly... about 50% of the time. I "solved" this by creating a while loop. It continues to recreate the httpclient client and try to access the server over and over again until it works, usually after only 1 to 2 attempts (max I've seen is 4). Obviously, this is very inefficient.

我已经缩小的问题，我上面贴的类，因为如果我创建HttpClient的只有一次，并尝试使用同一类多次，它要么总是失败，或者总是成功访问该网站，这取决于我是否有一个'好'的HttpClient或'坏'的HttpClient。
但是，如果我创建HttpClient的每一次我尝试访问该网页时，有时会工作，有时不工作。

I've narrowed down the problem to the class I've posted above, since if I create the httpclient just once and try to access the site using that same class multiple times, it will either always fail, or always succeed, depending on whether I got a 'good' httpclient, or a 'bad' httpclient. However, if I create the httpclient every single time I try and access the webpage, it will sometimes work and sometimes not work.

那么为什么这样做，我怎么能解决这个问题？为什么说它是唯一的工作间歇，有什么可以在客户端的作品之间有可能改变？

So why is it doing this, and how can I fix this? And why is it only working intermittently, what could be changing between creations of the client?

编辑：解决

看来，我已经留下了一些别名，一些老版本在我的信任，并随机挑选它发现哪一个首先，它并不总是最终被正确的。每个别名曾在他们都是一样的证书，但每个拥有所有证书的顺序不同。我测试过，直到我找到了正确的存储，删除了休息，现在一切都是完美的。

It appears that I had left some old versions of some aliases in my truststore, and it was randomly picking whichever one it found first, which didn't always end up being the correct one. Each alias had all the same certs in them, but each had all of the certs in a different order. I tested until I found the correct store, deleted the rest, and everything is perfect now.

推荐答案

这是不是一个'创建证书'的问题。

This is not a 'certificate creation' problem.

服务器（对方）没有送你一个证书。这可能是因为它无法找到一个在其密钥库，是由别人代您的信任信任的签名。

The server (the peer) didn't send you a certificate. This is probably because it couldn't find one in its keystore that was signed by someone trusted by your truststore.

这篇关于证书是随机没有被正确创建的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！