如何通过 Android 访问 SSL 连接? [英] How Can I Access an SSL Connection Through Android?

问题描述

我开始学习一个没有围绕 Android 的教程并得到了这个:

 System.setProperty("javax.net.ssl.trustStore", "truststore");System.setProperty("javax.net.ssl.trustStorePassword", "密码");SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();尝试 {套接字 s = ssf.createSocket("192.168.2.11", 6543);PrintWriter out = new PrintWriter(s.getOutputStream());而(真){out.println("SSL 测试");Log.d("数据", "数据发送");}} catch (UnknownHostException e) {//TODO 自动生成的 catch 块e.printStackTrace();} catch (IOException e) {//TODO 自动生成的 catch 块e.printStackTrace();}

我想这归结为几个问题:

1. 我没有创建自己的信任库，但是在网上搜索教程和内容，我不知道如何创建信任库.有什么方法可以创建或修改信任库以在其中包含我需要的证书?(如果有任何区别，我使用的是自签名证书)

2. 如何让 SSL 握手顺利进行?现在，我得到的错误是:

   <前>javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:未找到证书路径的信任锚.

   老实说，我真的不明白这意味着什么.

3. 我需要在我的 Android 设备上修改哪些设置或文件以确保可以进行这种连接?

解决方案

1) 视情况而定.您在服务器端是否有自签名证书，并且您正在尝试向 android 设备验证您的身份?或者您是否在 android 端试图验证您对服务器的身份?如果是前者，那么请看这个链接:http://www.codeproject.com/KB/android/SSLVerification_Android.aspx?display=Mobile

您要特别注意它制作 KeyStore 文件的位置.

2) 您收到该错误的原因是它不信任您正在连接的服务器，因为您没有正确创建信任库，或者您正在连接到证书尚未添加到信任库的服务器.你到底想连接什么?

3) 确保您在 manifest.xml 中有 <uses-permission android:name="android.permission.INTERNET"/>.

编辑抱歉，请查看我对第一段所做的更改.

这是初始化您的密钥库和信任库的部分

SSLcontext sslContext = SSLContext.getDefault();KeyStore trustSt = KeyStore.getInstance("BKS");TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());InputStream trustStoreStream = this.getResources().openRawResource(R.raw.truststore);trustSt.load(trustStoreStream, "<你的密码>".toCharArray());trustManagerFactory.init(trustStre);KeyStore keyStore = KeyStore.getInstance("BKS");KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());InputStream keyStoreStream = this.getResources().openRawResource(R.raw.keystore);keyStore.load(keyStoreStream, "<你的密码>".toCharArray());keyManagerFactory.init(keyStore, "<你的密码>".toCharArray());sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

I started following a tutorial that wasn't cased around Android and got this:

    System.setProperty("javax.net.ssl.trustStore", "truststore");
    System.setProperty("javax.net.ssl.trustStorePassword", "password");

    SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    try {
        Socket s = ssf.createSocket("192.168.2.11", 6543);
        PrintWriter out = new PrintWriter(s.getOutputStream());
        while (true){
            out.println("SSL TEST");
            Log.d("DATA", "DATA SENT");
        }



    } catch (UnknownHostException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

I guess this boils down to a few questions:

1. I do not have my own trust store created, but searching through tutorials and things online, I am not sure how to create one. Is there a way I can create or modify a trust store to have the certificates I need in it? (I am using a self-signed certificate if that makes any difference)

2. How do I make things with the SSL handshake run smoothly? Right now, the error I am getting is:

   javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
   

   Honestly, I don't really understand what that means.

3. What settings or files do I need to modify on my Android device to make sure this connection can happen?

解决方案

1) It depends. Do you have a self signed cert on the server side and you are trying to validate your identity to the android device? Or are you on the android side trying to validate your idendity to the server? If it is the former , then please see this link: http://www.codeproject.com/KB/android/SSLVerification_Android.aspx?display=Mobile

You want to pay particular attention to where it makes the KeyStore file.

2) The reason you're getting that error is because it doesn't trust the server you are connecting either because you did not create the truststore correctly or you are connecting to a server whose certificate has not been added to the truststore. What exactly are you trying to connect to?

3) Make sure you have the <uses-permission android:name="android.permission.INTERNET" /> in the manifest.xml.

Edit My apologies, please see the changes I made to the first paragraph.

Here is the part to initialize your keystore and truststore

SSLcontext sslContext = SSLContext.getDefault();

KeyStore trustSt = KeyStore.getInstance("BKS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
InputStream trustStoreStream = this.getResources().openRawResource(R.raw.truststore);
trustSt.load(trustStoreStream, "<yourpassword>".toCharArray());
trustManagerFactory.init(trustStre);

KeyStore keyStore = KeyStore.getInstance("BKS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
InputStream keyStoreStream = this.getResources().openRawResource(R.raw.keystore);
keyStore.load(keyStoreStream, "<yourpassword>".toCharArray());
keyManagerFactory.init(keyStore, "<yourpassword>".toCharArray());

sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

这篇关于如何通过 Android 访问 SSL 连接?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！