Andorid https - tls在特定服务器上
问题描述:
我开发了一个需要向服务器请求Rest请求的andorid应用程序。Andorid https - tls在特定服务器上
我是新来的https和(过去2天花在网上寻找)我没有任何理解。
服务器有COMODO(或GeoTrust的)取得了证书,并具有密钥库(不我做的)。
我试着使用:
- Trusting all certificates using HttpClient over HTTPS (积屑瘤能不能明白的地方/如何使用OpenSSL)
- Java HttpsURLConnection and TLS 1.2 (但didin't工作)
- Android java.security.cert.CertPathValidatorException: Trust anchor for certification path not found (试过这种太但都不起作用。)
然后我试了这个。 Trusting all certificates using HttpClient over HTTPS
而且工作。问题是,我需要使它具体服务器的访问,而不是别的。
这是我获取代码/ DELETE请求:
public static HttpsURLConnection setHttpsURLConnection(String type, URL url, Activity activity) throws IOException {
trustEveryone(); //from the link above
HttpsURLConnection response=(HttpsURLConnection) url.openConnection();
response.setConnectTimeout(Costanti.connectionTimeout);
response.setReadTimeout(Costanti.connectionTimeout);
response.setRequestProperty("Content-type", "application/json");
response.setRequestProperty("Accept", "application/json");
response.setRequestProperty("Authorization", "Basic tfhtrhsthLkO=");
response.setRequestMethod(type);
return response;
}
我需要知道我应该怎么做,一步一步来。
你需要知道什么来帮助我?
https://www.ssllabs.com/ssltest说:
- TLS 1.2
- TLS 1.1
- TLS 1.0
- 密钥RSA 2048位(E 65537)
- 发行人GeoTrust的DV SSL CA - G3
- 签名算法SHA256withRSA
- 证书透明度是(证书)
谢谢大家。
答
谢谢你的回答。 @pedrofb你的链接doeasn't工作。
我发现解决方案的阅读和文档有清醒的头脑。
我的证书是由GEOTRUST(一个CA - >有人说“你的证书更''通过我们')。 Andorid拥有一系列可信CA(这种配置很简单)。
当你的CA没有出现在你需要说的Android喜爱的Andorid,你可以从CA 信任此证书 - > https://developer.android.com/training/articles/security-ssl.html
我所做的是采取服务器的证书并使用它在下一个代码(从上面的链接),以产生SSLSocketFactory的,并在httpsURLConnection.setSSLSocketFactory(插座)使用它:
public static final String CERTIFICATO=("-----BEGIN CERTIFICATE-----\n" +
"MIIFuDCCBKCgA....kqhkiG9w0BAQsFADBm\n" +
"MQswCQYDVQQGEwJ...SW5jLjEdMBsGA1UECxMU\n" +
"RG9tYWluIFZhbGlk....ERWIFNTTCBD\n" +
"QSAtIEczMB4XDTE....k1OVowGzEZMBcGA1UE\n" +
"AwwQdGVzdDIuYmNzb2....ADggEPADCCAQoC\n" +
"ggEBAMEIbF7hHdy2...d6nWJE0zRSG1IzL6qTe\n" +
"tan8UGyIUdHTx0Cy...VRhchXab628VxP\n" +
"1Ngd2ffFUKBO9...N0/Fphr\n" +
"9yKJCwgbcb2PAsH....knT5q\n" +
"T6qkfug0jBVdKmaG5...Vg694vGZYVkFi\n" +
"NbDFAaF7f1oS...BKCEHRl\n" +
"c3QyLmJjc29mdC....hpodHRw\n" +
"Oi8vZ3Quc3ltY2I...gZngQwBAgEw\n" +
"gYQwPwYIKwY...N0LmNvbS9yZXNvdXJj\n" +
"ZXMvcmVw...RwczovL3d3dy5n\n" +
"ZW90cnVzdC5jb...WwwHwYDVR0jBBgw\n" +
"FoAUrWUihZ...B0GA1UdJQQW\n" +
"MBQGCCsGAQU....wHwYIKwYBBQUH\n" +
"MAGGE2h0d...0dHA6Ly9ndC5z\n" +
"eW1jYi5jb20vZ3Q...wDxAHYA3esdK3oN\n" +
"T6Ygi4GtgWhwf...RzBFAiBp54lk\n" +
"UV/yv5lgSW0w...K4uzyiBfJQMMe1\n" +
"OVzA+x/INw9...5G9+443fNDsgN\n" +
"3BAAAAFc9Ao..WRNuoF/GR\n" +
"ckf1umsC...NBgkqhkiG\n" +
"9w0BAQsFAA...lcKFn1fk\n" +
"N6tnsHI...JKA4fjAgV\n" +
"k5VMllg...pkVGqing\n" +
"h+pkAJg19u...suEdhrpK8c\n" +
"6ZU6kjpyNuIiVX9nAEA2..LkKM3Yi6LE\n" +
"N9TlYfz4B...nQd3bZAg==\n" +
"-----END CERTIFICATE-----\n");
public static SSLSocketFactory socket=null;
static {
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
InputStream in=null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca;
in = new ByteArrayInputStream(Costanti.CERTIFICATO.getBytes());
ca = cf.generateCertificate(in);
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
socket=context.getSocketFactory();
}catch (Exception e){
e.printStackTrace();
LogManage.logError(LogManage.Type.Connection, Costanti.class, null, "Problema con SSL conf");
socket=null;
}
finally {
if (in!=null)
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
我看不出一个具体问题STA在这里。在Android中使用curl时,您是否遇到证书验证问题? – halfer
基本上,您需要将https连接配置为使用包含证书颁发机构的根证书的自定义trustore。试试这个并发布错误https://developer.android.com/training/articlessecurity/-ssl.html – pedrofb