android:如何接受CA证书 [英] android: how to accept CA certificate

问题描述

我正在尝试通过 android 中的 https 与 OCS 服务器建立安全连接.

I am trying to make a secure connection to a OCS server through https in android.

我找到了 EasySSLFactory 和 EasyX509TrustManager 类来让 android 信任证书，但我不知道如何只初始化一次 EasySSLFactory 和 EasyX509TrustManager 对象.

I found the EasySSLFactory and EasyX509TrustManager classes to make android trust the certificate but I don't know how to initialize only one time the EasySSLFactory and EasyX509TrustManager objects.

我有以下代码来接受证书并建立单一连接:

I have the following code to accept a certificate and make a single connection:

    SchemeRegistry schemeRegistry = new SchemeRegistry();

    schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(),
            443));

    HttpParams params = new BasicHttpParams();
    params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 3);
    params.setParameter(ConnManagerPNames.MAX_CONNECTIONS_PER_ROUTE,
            new ConnPerRouteBean(1));
    params.setParameter(HttpProtocolParams.USE_EXPECT_CONTINUE, false);
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setContentCharset(params, "utf8");

    int timeoutConnection = 1000;
    HttpConnectionParams.setConnectionTimeout(params, timeoutConnection);

    int timeoutSocket = 1000;
    HttpConnectionParams.setSoTimeout(params, timeoutSocket);

    clientConnectionManager = new ThreadSafeClientConnManager(params,
            schemeRegistry);

    HttpClient client = new DefaultHttpClient(clientConnectionManager,
            params);

为了以新方法建立新连接，我也必须写这些行...有没有一种方法可以将它们放在类构造函数中，然后在该类中进行连接，而无需在连接之前编写它..

In order to make a new connection in an new method, I have to do write those lines too... Is there a way that I can put them in the class constructor and then do connections in that class without writing that before the connection..

谢谢

推荐答案

看看我的 博客文章.我已经发布了一份详细说明，您可以如何将所需的证书添加到自定义密钥库并使用它初始化 HttpClient.

Look at my blog article. I've posted a detailed description how you can add your desired certificate to a custom keystore and initialize the HttpClient with it.

希望能帮到你

编辑:我还没有尝试过，但也许 TrustStrategy 界面可能会有所帮助.

EDIT: I havent tried it, but maybe the TrustStrategy interface may help.

您可以实现自己的 TrustStrategy 接口并使用 适当的构造函数.您的策略可以只返回 true(在 isTrusted 方法中)，但出于安全原因，您应该进行一些检查以确保证书是否可以被视为可信(这取决于您的需求)

You could implement your own TrustStrategy interface and initialize the SSLSocketFactory with the appropriate constructor. Your strategy can just return true (in the isTrusted method), but you should do for security reasons a bit of checking to be sure if the certificate can be considered as trusted (it depends on your needs)

查看我的 SecureHttpClient 类博客文章中的第 35 行.用以下内容替换该行:

Look at line 35 on my blog article of the SecureHttpClient class. Replace the line with something like this:

SSLSocketFactory sf = new SSLSocketFactory(myTrustStrategy);

如果这对您有用，请告诉我.

Please let me know if this works for you.

问候

这篇关于android:如何接受CA证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！