带有 httpClient 的 SSLPeerUnverifiedException
我正在尝试使用自签名证书测试安全的 http 连接...仅用于开发目的.但是我一直无法解决 peer not authenticated 异常,当然我看过关于这个异常的类似帖子,以下是我正在使用的当前实现:
I'm trying to test a secure http connection using self signed certificates... just for development purposes. But I haven't been able to resolve the peer not authenticated exception, of course I have looked at similar posts about this exception and the following one is the current implementation I'm using:
public class SelfCertificatesSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public SelfCertificatesSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException,UnrecoverableKeyException,KeyStoreException,KeyManagementException {
super(trustStore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket,host,port,autoClose);
}
}
及用法:
private DefaultHttpClient createHttpsClient(){
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new SelfCertificatesSocketFactory(trustStore);
//sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, sf));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
return new DefaultHttpClient(ccm);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
但是它不起作用...我仍然遇到异常.我做错了什么?PD:我正在实现一个 Java Web 应用程序,这不是一个 Android 客户端.非常感谢.
However it's not working... I'm still getting the exception. What I am doing wrong? PD: I'm implementing a Java web application, this is not an Android client. Thanks a lot.
推荐答案
您的代码创建的信任管理器实例似乎没有在任何地方使用,并且 KeyStore 实例似乎不包含任何信任材料.
The trust manager instance created by your code does not seem to be used anywhere, and the KeyStore instance does not seem to contain any trust material.
您应该简单地利用 SSLSocketFactory
的功能,而不是做所有这些.
Instead of doing all that you should simply leverage functionality of SSLSocketFactory
.
TrustStrategy easyStrategy = new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// eh, why not?
return true;
}
};
SSLSocketFactory sf = new SSLSocketFactory(easyStrategy);
相关文章