安卓：使HTTPS请求 [英] Android: Making Https Request

问题描述

我如何避免javax.net.ssl​​.SSLPeerUnverifiedException：同行不认证？例外和Android的Apache的lib差距做出的HTTPS请求构造的SSLSocketFactory（的SSL连接）是不确定的

How do I avoid the "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" exception and the Android Apache lib gap "The constructor SSLSocketFactory(SSLContext) is undefined" in making an Https request?

推荐答案

这个方法有一个HttpClient的实例，并返回一个准备用于HTTPS HttpClient的实例。

This method takes an HttpClient instance and returns a ready-for-https HttpClient instance.

 private HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new MySSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}

由于Android的org.apache.http.conn.ssl.SSLSocketFactory不具备的SSLSocketFactory（的SSLContext）构造，我已经扩展了类，如下所示。

Because the Android org.apache.http.conn.ssl.SSLSocketFactory does not have the SSLSocketFactory(SSLContext) constructor, I have extended the class as follows.

 public class MySSLSocketFactory extends SSLSocketFactory {
     SSLContext sslContext = SSLContext.getInstance("TLS");

     public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
         super(truststore);

         TrustManager tm = new X509TrustManager() {
             public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
             }

             public X509Certificate[] getAcceptedIssuers() {
                 return null;
             }
         };

         sslContext.init(null, new TrustManager[] { tm }, null);
     }

     public MySSLSocketFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        super(null);
        sslContext = context;
     }

     @Override
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
         return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
     }

     @Override
     public Socket createSocket() throws IOException {
         return sslContext.getSocketFactory().createSocket();
     }
}

优秀文章在这里：<一href="http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html">http://javaskeleton.blogspot.com/2010/07/avoiding-peer-not-authenticated-with.html

和我们有所帮助：<一href="http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https">Trusting使用HttpClient的所有证书通过HTTPS

这篇关于安卓：使HTTPS请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！