忽略DefaultHttpClient SSL错误 [英] ignore ssl errors in DefaultHttpClient
问题描述
林寻找可能忽略所有SSL错误(例如,不信任)在默认情况下的HttpClient。我见过很多解决方案,在这里,但我alwas需要导入特定证书的将其添加到的TrustManager或者它是DefaultHttpClient的HttpsUrlConnection instad。 我使用的webrequests是:
Im searching for a possibility to ignore all ssl errors (eg. not trusted) in a default httpclient. I've seen lots of solutions here, but i alwas have to import a specific certificate an add it to the trustmanager or it is for HttpsUrlConnection instad of DefaultHttpClient. My used webrequests are:
public static String makeGETRequest(String s,String encoding)
{
DefaultHttpClient http = new DefaultHttpClient();
final String username = "USERNAME";
final String password = "PASSWORD";
UsernamePasswordCredentials c = new UsernamePasswordCredentials(username,password);
BasicCredentialsProvider cP = new BasicCredentialsProvider();
cP.setCredentials(AuthScope.ANY, c);
http.setCredentialsProvider(cP);
HttpResponse res;
try {
res = http.execute(new HttpGet(s));
InputStream is = res.getEntity().getContent();
BufferedInputStream bis = new BufferedInputStream(is);
ByteArrayBuffer baf = new ByteArrayBuffer(50);
int current = 0;
while((current = bis.read()) != -1){
baf.append((byte)current);
}
return new String(baf.toByteArray(),encoding);
}
catch (ClientProtocolException e) {
// TODO Auto-generated catch block
return "error: " + e.getMessage();
}
catch (IOException e) {
// TODO Auto-generated catch block
return "error: " + e.getMessage();
}
}
和
public static String makePOSTRequest(String s, List <NameValuePair> nvps,String encoding)
{
DefaultHttpClient http = new DefaultHttpClient();
final String username = "USERNAME";
final String password = "PASSWORD";
UsernamePasswordCredentials c = new UsernamePasswordCredentials(username,password);
BasicCredentialsProvider cP = new BasicCredentialsProvider();
cP.setCredentials(AuthScope.ANY, c);
http.setCredentialsProvider(cP);
HttpResponse res;
try {
HttpPost httpost = new HttpPost(s);
httpost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.DEFAULT_CONTENT_CHARSET));
res = http.execute(httpost);
InputStream is = res.getEntity().getContent();
BufferedInputStream bis = new BufferedInputStream(is);
ByteArrayBuffer baf = new ByteArrayBuffer(50);
int current = 0;
while((current = bis.read()) != -1){
baf.append((byte)current);
}
res = null;
httpost = null;
String ret = new String(baf.toByteArray(),encoding);
return ret;
}
catch (ClientProtocolException e) {
// TODO Auto-generated catch block
return e.getMessage();
}
catch (IOException e) {
// TODO Auto-generated catch block
return e.getMessage();
}
}
有没有人知道如何忽略这个code SSL错误?
Did anyone know how to ignore ssl errors in this code?
编辑: 因为我相信只有一个特定的(已过期)的证书,我尝试覆盖DefaultHttpClient以下列方式:
edit: because I have to trust only one specific (expired) certificate, I try to overwrite the DefaultHttpClient in the following way:
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
KeyStore trusted = KeyStore.getInstance("BKS");
InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
try {
trusted.load(in, "mypassword".toCharArray());
} finally {
in.close();
}
return new SSLSocketFactory(trusted);
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
在R.raw.mykeystore该文件是一个.bks文件,我用 Portecle 创建的,我使一个新的BKS和进口的过期证书的存储PEM,它seemes上班,keystored无错装,但如果我执行请求,我得到一个IO异常消息没有对方的证书,可能是什么这个问题?
The file in R.raw.mykeystore is a .bks file, which I created with Portecle, I make a new bks and imported the stored pem of the expired certificate, it seemes to work and the keystored is loaded without errors, but if I perform the request, i get a IO Exception with the message "no peer certificate", what might be the problem?
推荐答案
我解决了这个问题。它的工作原理,如果你使用上面的要求,但不是在DefaultHttpClient,用你自己的版本:
I solved the problem. It works if you use the above request, but instead of the DefaultHttpClient, use your own version:
public class MyHttpClient extends DefaultHttpClient {
final Context context;
TrustManager easyTrustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
public MyHttpClient(Context context) {
this.context = context;
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private MySSLSocketFactory newSslSocketFactory() {
try {
KeyStore trusted = KeyStore.getInstance("BKS");
try {
trusted.load(null, null);
} finally {
}
MySSLSocketFactory sslfactory = new MySSLSocketFactory(trusted);
sslfactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return sslfactory;
} catch (Exception e) {
throw new AssertionError(e);
}
}
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}
}
这篇关于忽略DefaultHttpClient SSL错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!