android中https(无对等证书)的问题 [英] Problems with https (No peer certificate) in android

查看:20
本文介绍了android中https(无对等证书)的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

问题

我想向网站发送 https 请求 https://10.2.20.20/fido/EzPay/login.php 我自己的服务器并从中获取响应并将其保存在例如字符串中.我在互联网上找到了一些示例代码,并尝试针对我的问题测试它们,但它们没有帮助.下面是我测试过的部分代码.

<小时>

代码示例:

我尝试使用此代码,但总是遇到相同的异常无对等证书"为什么?

试试{HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;DefaultHttpClient 客户端 = 新的 DefaultHttpClient();SchemeRegistry 注册表 = new SchemeRegistry();SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);registry.register(新方案(https",socketFactory,443));SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());//设置验证器HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);//示例发送http请求最终字符串 url = "https://10.2.20.20/fido/EzPay/login.php";HttpPost httpPost = new HttpPost(url);HttpResponse 响应 = httpClient.execute(httpPost);BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));字符串行 = "";while ((line = rd.readLine()) != null) {Log.i(DownloadImageTask.class.getName(), line);}}捕获(IOException ex){Log.e(DownloadImageTask.class.getName(), ex.getMessage());}

例外.

<块引用>

03-02 16:58:25.234:W/System.err(1868):javax.net.ssl.SSLPeerUnverifiedException: 没有对等证书 03-0216:58:25.238:W/System.err(1868):在org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:137)03-02 16:58:25.238:W/System.err(1868):在org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)03-02 16:58:25.238:W/System.err(1868):在org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)03-02 16:58:25.238:W/System.err(1868):在org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)03-02 16:58:25.250:W/System.err(1868):在org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)03-02 16:58:25.250:W/System.err(1868):在org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)03-02 16:58:25.250:W/System.err(1868):在org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)03-02 16:58:25.250:W/System.err(1868):在org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)03-02 16:58:25.250:W/System.err(1868):在org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)03-02 16:58:25.250:W/System.err(1868):在org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)03-02 16:58:25.250:W/System.err(1868):在com.https.test.DownloadImageTask.doInBackground(Https_testActivity.java:78)03-02 16:58:25.250:W/System.err(1868):在com.https.test.DownloadImageTask.doInBackground(Https_testActivity.java:1)03-02 16:58:25.250:W/System.err(1868):在android.os.AsyncTask$2.call(AsyncTask.java:264) 03-02 16:58:25.253:W/System.err(1868): 在java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305)03-02 16:58:25.253:W/System.err(1868):在java.util.concurrent.FutureTask.run(FutureTask.java:137) 03-0216:58:25.253:W/System.err(1868):在android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208) 03-0216:58:25.257:W/System.err(1868):在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)03-02 16:58:25.257:W/System.err(1868):在java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)03-02 16:58:25.257:W/System.err(1868):在java.lang.Thread.run(Thread.java:856)

<小时>

问题

我做错了什么以及如何解决这个问题.为什么我会收到无对等证书"异常?

谢谢.

已编辑

<小时>

Windows 服务器设置.

服务器名称 10.2.20.20别名/fido/EzPay/"d:/fido/EzPay/"别名/fido/EzPay "d:/fido/EzPay/"<目录d:/fido/EzPay/">选项索引 FollowSymLinks MultiViews允许覆盖所有命令允许,拒绝所有人都允许</目录># 这些是使其全部工作所需的实际 SSL 指令!SSL引擎开启SSLCertificateFile C:/wamp/bin/apache/apache2.2.17/conf/ssl/fidoserver.crtSSLCertificateKeyFile C:/wamp/bin/apache/apache2.2.17/conf/ssl/fidoserver.pem</虚拟主机>

解决方案

终于解决了 https 问题.当我战斗时,主要问题出在服务器上,具体来说是证书.Android 只支持BKS"证书,这就是我们无法得到响应的原因服务器.为了解决这个问题,我阅读了30多篇文章,终于找到了解决方案.

您可以在下面看到我为解决此问题所做的步骤:

我做的第一件事是从我们的 fidoserver.crt 证书生成 .bks 密钥库文件,为此我阅读了这篇文章并执行以下操作:

  1. 打开cmd
  2. 转到 JDK 文件夹cd X:ProgramsJavaJdk6in"
  3. 调用以下命令:

<块引用>

keytool -import -alias tomcat -file X://KeyStore/fidoserver.crt-keypass 密码 - 密钥库 X://KeyStore/keystore.bks -storetype BKS -storepass 222222 -providerClassorg.bouncycastle.jce.provider.BouncyCastleProvider -providerpathX://KeyStore/bcprov-jdk16-146.jar

在运行此命令之前,我已下载 Bouncy Castle .jar 文件并将其放入文件夹中带证书.完成所有步骤后,我得到 keystore.bks 文件,这是适用于 Android 应用程序的正确证书文件.我将此文件放在 Androids mnc/sdcard 文件夹中.在 java 代码中,我编写了以下代码来读取该 keystore.bbk 文件

KeyStore trustStore = KeyStore.getInstance( "BKS";/*KeyStore.getDefaultType()*/);FileInputStream instream = new FileInputStream(new File("/mnt/sdcard/keystore.bks"));尝试 {trustStore.load(instream, "222222".toCharArray());} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} 最后 {尝试 { instream.close();} catch(忽略异常){}}//使用给定的密钥库创建套接字工厂.SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);Scheme sch = new Scheme(https", socketFactory, 443);httpclient.getConnectionManager().getSchemeRegistry().register(sch);HttpGet httpget = new HttpGet("https://10.2.20.20/fido/EzPay/login.php");System.out.println("执行请求" + httpget.getRequestLine());HttpResponse 响应 = httpclient.execute(httpget);HttpEntity entity = response.getEntity();System.out.println("----------------------------------------";);System.out.println(response.getStatusLine());如果(实体!= null){System.out.println("响应内容长度:" + entity.getContentLength());}//打印 html.BufferedReader in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));字符串行 = "";while ((line = in.readLine()) != null) {System.out.println(line);}附寄();

这一切都允许 m 使用给定的密码 222222(我们在使用 keytool 创建密钥库时提供的密码)加载我们的证书.

在此之后,我的所有测试应用程序都开始正常工作.现在我可以向 https 发送请求并得到响应.我已经测试过FIDO 服务器的应用程序,一切正常!我想周一我会对 EzPay 应用程序进行一些更改将开始使用 https 连接.

参考资料

Problem

I want to send https request to the site https://10.2.20.20/fido/EzPay/login.php my own server and get response from it and save it for example in a string. I have found some example codes in internet and try to test them for my problem but they are not helpful. Below I present some parts of codes which I have tested.

Code Example:

I try this code, but I always get same exception "No peer certificate" Why ?

try
{
    HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

    DefaultHttpClient client = new DefaultHttpClient();

    SchemeRegistry registry = new SchemeRegistry();
    SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
    socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
    registry.register(new Scheme("https", socketFactory, 443));
    SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
    DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());

    // Set verifier      
    HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

    // Example send http request
    final String url = "https://10.2.20.20/fido/EzPay/login.php";
    HttpPost httpPost = new HttpPost(url);
    HttpResponse response = httpClient.execute(httpPost);

    BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
    String line = "";
    while ((line = rd.readLine()) != null) {
        Log.i(DownloadImageTask.class.getName(), line);
    }

}
catch(IOException ex)
{
    Log.e(DownloadImageTask.class.getName(), ex.getMessage());
}

Exception.

03-02 16:58:25.234: W/System.err(1868): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate 03-02 16:58:25.238: W/System.err(1868): at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:137) 03-02 16:58:25.238: W/System.err(1868): at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93) 03-02 16:58:25.238: W/System.err(1868): at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) 03-02 16:58:25.238: W/System.err(1868): at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) 03-02 16:58:25.250: W/System.err(1868): at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) 03-02 16:58:25.250: W/System.err(1868): at com.https.test.DownloadImageTask.doInBackground(Https_testActivity.java:78) 03-02 16:58:25.250: W/System.err(1868): at com.https.test.DownloadImageTask.doInBackground(Https_testActivity.java:1) 03-02 16:58:25.250: W/System.err(1868): at android.os.AsyncTask$2.call(AsyncTask.java:264) 03-02 16:58:25.253: W/System.err(1868): at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:305) 03-02 16:58:25.253: W/System.err(1868): at java.util.concurrent.FutureTask.run(FutureTask.java:137) 03-02 16:58:25.253: W/System.err(1868): at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:208) 03-02 16:58:25.257: W/System.err(1868): at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076) 03-02 16:58:25.257: W/System.err(1868): at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569) 03-02 16:58:25.257: W/System.err(1868): at java.lang.Thread.run(Thread.java:856)

Question

What I'm doing wrong and how I can solve this issue. Why I get "No peer certificate" exception ?

Thanks.

Edited

Windows Server settings.

<VirtualHost *:443>
  ServerName 10.2.20.20

 Alias /fido/EzPay/ "d:/fido/EzPay/" 
Alias /fido/EzPay "d:/fido/EzPay/" 

<Directory "d:/fido/EzPay/">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride all
        Order allow,deny
    Allow from all
</Directory>


  # These are the actual SSL directives needed to get it all working!
  SSLEngine on
  SSLCertificateFile C:/wamp/bin/apache/apache2.2.17/conf/ssl/fidoserver.crt
  SSLCertificateKeyFile C:/wamp/bin/apache/apache2.2.17/conf/ssl/fidoserver.pem
</VirtualHost>

解决方案

Finally I have solved https problem. As I fought the main problem was in server, concretely in certificate. Android supports only "BKS" certificate and that’s was the reason that we can’t get response from the server. In order to solve this issue I have read more then 30 articles and finally found solution.

The steps which I done to solve this issue you can see below:

First thing that I do was generating .bks keystore file from our fidoserver.crt certificate, in order to do that I have read this article and do following:

  1. Open cmd
  2. Go to JDK folder "cd X:ProgramsJavaJdk6in"
  3. Call following command:

keytool -import -alias tomcat -file X://KeyStore/fidoserver.crt -keypass password - keystore X://KeyStore/keystore.bks -storetype BKS -storepass 222222 -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath X://KeyStore/bcprov-jdk16-146.jar

Before running this command I have download Bouncy Castle .jar file and put it in the folder with certificates. After doing this all steps I get keystore.bks file which is the right certificate file for Android application. I put this file in Androids mnc/sdcard folder. In java code I have write following code to read that keystore.bbk file

KeyStore trustStore  = KeyStore.getInstance( "BKS" /*KeyStore.getDefaultType()*/ );
FileInputStream instream = new FileInputStream(new File("/mnt/sdcard/keystore.bks"));
try {
    trustStore.load(instream, "222222".toCharArray());
} catch (NoSuchAlgorithmException e) {
    e.printStackTrace();
} catch (CertificateException e) {
    e.printStackTrace();
} catch (IOException e) {
    e.printStackTrace();
} finally {
    try { instream.close(); } catch (Exception ignore) {}
}

// Create socket factory with given keystore.
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);

SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);

HttpGet httpget = new HttpGet("https://10.2.20.20/fido/EzPay/login.php");

System.out.println("executing request " + httpget.getRequestLine());

HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();

System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
    System.out.println("Response content length:  " + entity.getContentLength());
}
            
// Print html.
BufferedReader in = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
String line = "";
while ((line = in.readLine()) != null) {
     System.out.println(line);
}
in.close();

This all allow m to load our certificate with given password 222222 (password we give when create a keystore with keytool).

After this all my test application start to work correctly. Now I can send request to https and get response from it. I have tested application with FIDO server, everything works great! I think on Monday I will make some changes in EzPay application and it will start working with https connections.

References

这篇关于android中https(无对等证书)的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆