使用 ksoap2-android 的不可信证书 [英] Not trusted certificate using ksoap2-android

问题描述

我正在使用 ksoap2-android 通过 SSL 调用 wcf 服务.我可以让它在没有 SSL 的情况下工作，但现在我想通过 SSL 进行调用，但我遇到了一些问题.

I'm using ksoap2-android to make a call to wcf service over SSL. I can get it to work without SSL, but now I want to make the call over SSL, but I've run in to some problems.

我使用的是 HttpsTransportSE 而不是 HttpTransportSE，但出现错误:javax.net.ssl.SSLException: 不受信任的服务器证书

I'm using the HttpsTransportSE instead of HttpTransportSE, but I'm getting the error: javax.net.ssl.SSLException: Not trusted server certificate

我该如何解决这个问题?

How can I fix this?

是否可以将服务器证书添加到 Android 中的 Keystore 中以解决问题?

Can I add the server certificate to the Keystore in Android to solve the problem?

private static final String SOAP_ACTION = "http://example.com/Service/GetInformation";
private static final String METHOD_NAME = "GetInformation";
private static final String NAMESPACE = "http://example.com";    
private static final String URL = "dev.example.com/Service.svc";

public static Result GetInformation()
{
    SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);

    PropertyInfo property = new PropertyInfo();
    property.name = "request";

    Request request =
        new Request("12", "13", "Ben");

    userInformationProperty.setValue(request);
    userInformationProperty.setType(request.getClass());
    request.addProperty(property);

    SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
    envelope.dotNet = true;
    envelope.setOutputSoapObject(request);
    envelope.addMapping(NAMESPACE, "Request",new Request().getClass());

    HttpsTransportSE transport = new HttpsTransportSE(URL, 443, "", 1000);

    //HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
    transport.debug = true;

    try
    {
        transport.call(SOAP_ACTION, envelope);          
        return Result.FromSoapResponse((SoapObject)envelope.getResponse());
    }
    catch (IOException e)
    {
        e.printStackTrace();
    }
    catch (XmlPullParserException e)
    {
        e.printStackTrace();
    }

    return null;
}

推荐答案

嗯，有一个更简单的方法来做到这一点，而不是修改 HttpsServiceConnectionSE.您可以按照 http://groups.google.com/group/android-developers/browse_thread/thread/1ac2b851e07269ba/c7275f3b28ad8bbc?lnk=gst&q=certificate 然后在进行任何 SSL 通信之前调用 allowAllSSL()/调用 ksoap2.它将注册一个新的默认 HostnameVerifier 和 TrustManager.ksoap2 在进行 SSL 通信时将使用默认的，它的作用就像一个魅力.

Well, there is an easier way to do this instead of modifying HttpsServiceConnectionSE. You can install a fake trust manager as described in http://groups.google.com/group/android-developers/browse_thread/thread/1ac2b851e07269ba/c7275f3b28ad8bbc?lnk=gst&q=certificate and then call allowAllSSL() before you do any SSL communication/call to ksoap2. It will register a new default HostnameVerifier and TrustManager. ksoap2, when doing its SSL communication, will use the default ones and it works like a charm.

我想，您还可以为此付出更多努力，使其(更)安全，并在应用程序本地信任管理器中安装证书.我在一个安全的网络中，不怕中间人攻击，所以我做了第一个.

You can also put some more effort into this, make it (much) safer, and install certificates in an application local trust manager, I guess. I was in a safe network and not afraid of man-in-the-middle-attacks so I just did the first.

我发现有必要像这样使用 KeepAliveHttpsTransportSE new KeepAliveHttpsTransportSE(host, port, file, timeout);.参数进入 URL 对象，例如要访问 Jira 安装，它类似于 new KeepAliveHttpsTransportSE("host.whatever", 443, "/rpc/soap/jirasoapservice-v2", 1000).

I found it necessary to use KeepAliveHttpsTransportSE like this new KeepAliveHttpsTransportSE(host, port, file, timeout);. The parameters go into a URL object, so e.g. to access a Jira installation it's something like new KeepAliveHttpsTransportSE("host.whatever", 443, "/rpc/soap/jirasoapservice-v2", 1000).

如果您是新技术或 Web 服务的新手，那么它有时会很方便，您喜欢在 J2SE 环境中而不是在模拟器中甚至在设备上使用它，但是在 J2SE/ME ksoap2 库中(KeepAlive)HttpsTransportSE 东西丢失了(我使用了 ksoap2-j2se-full-2.1.2.jar).您可以做的是从 Android 衍生产品 ksoap2-android 中获取三个类 HttpsTransportSE、KeepAliveHttpsTransportSE 和 HttpsServiceConnectionSE 的源代码，并将它们放入您的 J2SE 项目中并使用它们.它对我很有用，并且通过未知且相当复杂的 Web 服务迈出了正确的第一步，从而提高了工作效率.

Sometimes its handy if you are new to the technology or the web service you like to use to play around with it in a J2SE environment instead of in the emulator or even on the device, but in the J2SE/ME ksoap2 library the (KeepAlive)HttpsTransportSE stuff is missing (I used ksoap2-j2se-full-2.1.2.jar). What you could do is to get the sources for the three classes HttpsTransportSE, KeepAliveHttpsTransportSE, and HttpsServiceConnectionSE from the Android spin-off ksoap2-android and put them into your J2SE project and use them. It worked for me and it became a productivity improvement to get the first steps right with an unknown and quite complex web service.

这篇关于使用 ksoap2-android 的不可信证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！