Android:如何使用证书进行 HttpPost [英] Android: how to do HttpPost with a certificate

问题描述

我有一个执行 HttpPost 的应用程序.

I have an Application that performs an HttpPost.

现在我需要为帖子添加一个证书，以便接收 HttpPost 的服务器接受.

Now I need to add a Certificate to the post to be accepted by the server receiving the HttpPost.

请问我该怎么做?

非常感谢任何建议！！！

HttpClient httpclient = new DefaultHttpClient();

    HttpPost httppost = new HttpPost("https://svcs.sandbox.paypal.com/AdaptivePayments/Preapproval");
    try {

        httppost.addHeader("X-PAYPAL-SECURITY-USERID", "maurizio.pietrantuono_api1.db.com");
        httppost.addHeader("X-PAYPAL-SECURITY-PASSWORD", "1395657583");
        httppost.addHeader("X-PAYPAL-SECURITY-SIGNATURE", "A0GgTivJ6ivBB8QDTl.cZfiYK5d9AZwsFixwIUdUhJc4JXTriwpfU2zw");
        httppost.addHeader("X-PAYPAL-REQUEST-DATA-FORMAT", "NV");
        httppost.addHeader("X-PAYPAL-RESPONSE-DATA-FORMAT", "NV");
        httppost.addHeader("X-PAYPAL-APPLICATION-ID", "APP-80W284485P519543T");

        StringEntity se=new StringEntity("cancelUrl=http://your_cancel_url"+
"&currencyCode=USD"+
"&endingDate=2015-03-29T08%3A00%3A00.000Z"+
"&maxAmountPerPayment=200.00"+
"&maxNumberOfPayments=30"+
"&maxTotalAmountOfAllPayments=1500.00"+
"&pinType=NOT_REQUIRED"+
"&requestEnvelope.errorLanguage=en_US"+
"&returnUrl=http://www.google.com"+
"&startingDate=2014-04-29T07%3A00%3A00.000Z"+
"&senderEmail=mauriziop-facilitator@hotmail.it");
        httppost.setEntity(se);

        HttpResponse response = httpclient.execute(httppost);

推荐答案

您可能正面临着在像 Java 和 Android 这样的平台上要做的最合乎逻辑但最复杂的事情之一.事实证明，没有一种直接的方法可以实现这一点，因为证书种类繁多，并且没有一种方法可以为所有证书进行 HTTP 调用，因为其中一些可能由未知的 CA 签名，其他的需要中间包才能使证书有效等.

You're probably facing one of the most logical yet most complicate things to do on a plaform like Java and therefore also Android. Turns out that there's not a one-and-direct way of achieving that since there are lots of kinds of certificates and there's not a method for making a HTTP call for all of them, because some of them might be signed by unknown CAs, others have intermediate bundles required in order for the cert be valid, etc.

可能有一种方法可以帮助您将证书存储到用户的密钥库中，这样您就可以发出 HTTPS 请求，因为他们已经信任目标 SSL 证书.在这种情况下，您将创建一个新的 KeyStore，导入证书，然后发出 HTTPS 请求:

Probably a way that will help you is storing the certificate into the user's keystore and this way you can make HTTPS requests because they'll already trust the destination SSL certificate. In this case, you'll be creating a new KeyStore, import the certificate and then make the HTTPS request:

import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;

// Some of these exist in more than one package, be careful to include these
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;

// This would reference to your KeyStore to store the certificate
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);             // This will make a new store
// In the next line, specify the file path
// You can also export the destination certificate (in your case, Paypal's)
// put it as a hardcoded `String` and work with it.
InputStream is = ...;
BufferedInputStream bis = new BufferedInputStream(is);

CertificateFactory cf = CertificateFactory.getInstance("X.509");

while (bis.available() > 0) {
  Certificate cert = cf.generateCertificate(bis);
  trustStore.setCertificateEntry("myAlias" + bis.available(), cert);
}

之后，向 SSL 服务器发出 HTTP 请求应该可以工作了.

Afterwards, making the HTTP request to the SSL server should work.

---- 编辑----

您无需为站点生成证书，因为该站点已有证书.您必须导入其已经存在的证书.我正在向您展示如何操作的示例，它是在 Firefox 和西班牙语下完成的，但我想您会用您的语言推断出关键词.

You don't need to generate a certificate for a site, as this site already has one. You have to import its already existing certificate. I'm showing you an example of how to do it, it's done under Firefox and in spanish, but I guess you'll deduce the key words in your language.

转到要导出其证书的站点.在此示例中，我使用的是 Paypal，但您可以为 任何 站点执行此操作.还要考虑到一个站点可能有很多证书，这意味着，例如，https://www.paypal.com 有一个，而 https://sandbox.paypal.com 有另一个完全不同的.你需要检查一下.

Go to the site whose certificate you want to export. In this example, I'm doing Paypal's, but you might do it for any site. Also take in consideration that a site might have many certificates, that means that, for instance, https://www.paypal.com has one and https://sandbox.paypal.com has another totally different. You'll need to check this.

在地址栏的左侧，点击显示 Paypal, Inc (US) 的绿色文本(宣布该站点拥有 SSL 证书).

On the left side of the address bar, click on the Green text that says Paypal, Inc (US) (that announces that the site has a SSL certificate).

您会看到如下所示的屏幕:

You'll see a screen like this:

点击更多信息按钮，你会看到如下内容:

Click on the More information button and you'll see something like this:

点击See certificate(或类似的)按钮，现在你会看到这个屏幕:

Click on the See certificate (or similar) button, and now you'll see this screen:

点击Details标签，在列表中一个一个选择站点(在本例中，首先是VeriSign Class 3 Public Primary Certification Authority - g5，然后是VeriSign Class 3 Extended Validation SSL CA，最后是 www.paypal.com)，然后点击底部的 Export...那个屏幕.系统会要求您导出 PEM 证书.

Click on the Details tab, in the list, select sites one by one (in this case, firstly VeriSign Class 3 Public Primary Certification Authority - g5, then VeriSign Class 3 Extended Validation SSL CA, and lastly www.paypal.com), and afterwards, click on Export... at the bottom of that screen. You'll be asked to export a PEM certificate.

您刚刚所做的是导出整个证书链，但现在您必须将它们放在一起.只需打开一个文本文件，然后将您刚刚下载的三个证书一个接一个地按照您下载的顺序附加并特别注意不要包含额外的空格.

What you have just done is exporting the whole certificate chain, but now you have to put it all together. Simply open a text file and append the three certificates you just downloaded one after other in the order you downloaded and having special care to not include additional spaces.

这是您必须在代码中导入的证书.在我包含的代码段中，有一个地方需要放置文件的路径，就是这个.由于您可能希望为所有客户包含该代码，您可能会做两件事:

That's the certificate you'll have to import in your code. In the snippet I included, there's a place you need to put a path to a file, it would be this. Since you probably want to include that code for all your clients, you might do 2 things:

• 将证书作为项目的一部分导入.这将使任何运行您的应用程序的客户端都拥有该证书，这样您就可以使用上面的代码而无需任何修改，但是当 Paypal 更改该证书时您需要小心(它们通常会在一段时间后过期并且需要被新的有效证书替换 - 您可以在证书的属性中看到证书的到期时间).

• Import the certificate as a part of your project. This would make that any client running your app will have that cert, this way you can use the code above without any moddification, but you'd need to be careful when Paypal would change that certificate (they usually expire after a time and need to be replaced by a new valid one - you can see the expiration time of a certificate in the properties of the certificate).

如上所述导出证书，将其放在公共场所(例如，网络服务器)，每次用户运行您的应用程序时，下载并验证密钥库中的证书是否与您的应用程序相同你刚刚读过.如果它不存在，只需第一次导入即可.如果它存在并且不匹配，则更新它.否则，您无需执行任何操作.

Export the certificate as described above, put it in a public place (for instance, a web server) and each time a user runs your app, download it and verify if the certificate in the keystore is the same that you just have read. If it doesn't exist, simply import it for the first time. If it exists and doesn't match, update it. Else, you don't need to do anything.

这篇关于Android:如何使用证书进行 HttpPost的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！