接受证书在Android的HTTPS [英] Accepting a certificate for HTTPs on Android
问题描述
我试图让Android手机HTTPS连接,使用HttpClient的。麻烦的是,由于证书未签名我不断收到javax.net.ssl.SSLException:不受信任的服务器证书
I'm trying to make Https connections on the Android phones, using HttpClient. Trouble is that since the certificate isn't signed I keep getting "javax.net.ssl.SSLException: Not trusted server certificate".
现在我已经看到了一堆的解决方案,您只需接受所有证书,但如果我要问用户什么?我想获得类似于浏览器的一个对话框,让用户决定是否继续。
Now I've seen a bunch of solutions where you simply accept all certificates, but what if I want to ask the user? I want to get a dialog similar to that of the browser, letting the user decide to continue or not.
preferably我想使用相同的certificatestore作为浏览器。任何想法?
Preferably I'd like to use the same certificatestore as the browser. Any ideas?
推荐答案
您需要做的第一件事情是设置验证的水平。 如此高的水平是没有那么多的:
The first thing you need to do is to set the level of verification. Such levels is not so much:
- ALLOW_ALL_HOSTNAME_VERIFIER
- BROWSER_COMPATIBLE_HOSTNAME_VERIFIER
- STRICT_HOSTNAME_VERIFIER
尽管该方法setHostnameVerifier()已经过时了新图书馆的Apache,但对于版本的Android SDK是正常的。
因此,我们采取 ALLOW_ALL_HOSTNAME_VERIFIER 并设置它的方法工厂 SSLSocketFactory.setHostnameVerifier()。
Although the method setHostnameVerifier() is obsolete for new library apache, but for version in Android SDK is normal.
And so we take ALLOW_ALL_HOSTNAME_VERIFIER and set it in the method factory SSLSocketFactory.setHostnameVerifier().
接下来,需要设置我们的工厂的协议HTTPS。要做到这一点,只需调用 SchemeRegistry.register()方法。
Next, You need set our factory for the protocol to https. To do this, simply call the SchemeRegistry.register() method.
然后你需要创建一个 DefaultHttpClient 与 SingleClientConnManager 。
此外,在code下面你可以看到,默认情况下也将通过该方法使用我们的标志( ALLOW_ALL_HOSTNAME_VERIFIER ) HttpsURLConnection.setDefaultHostnameVerifier()
Then you need to create a DefaultHttpClient with SingleClientConnManager.
Also in the code below you can see that on default will also use our flag (ALLOW_ALL_HOSTNAME_VERIFIER) by the method HttpsURLConnection.setDefaultHostnameVerifier()
下面code,我的作品:
Below code works for me:
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
DefaultHttpClient client = new DefaultHttpClient();
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
registry.register(new Scheme("https", socketFactory, 443));
SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());
// Set verifier
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
// Example send http request
final String url = "https://encrypted.google.com/";
HttpPost httpPost = new HttpPost(url);
HttpResponse response = httpClient.execute(httpPost);
这篇关于接受证书在Android的HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
