1. Inicio
  2. Pregunta y respuesta
  3. : excepción "No javax.net.ssl.SSLException de confianza certificado de servidor" en Android

: excepción "No javax.net.ssl.SSLException de confianza certificado de servidor" en Android

2010-06-16 10 views
5

estoy consiguiendo esta excepción cuando estoy tratando de golpear HTTPS URL (.Net servicio web) de mi aplicación Android:: excepción "No javax.net.ssl.SSLException de confianza certificado de servidor" en Android

javax .net.ssl.SSLException: No certificado de servidor de confianza

Aquí está mi código:

HttpParams myParams = new BasicHttpParams(); 
HttpProtocolParams.setVersion(myParams, HttpVersion.HTTP_1_1); 
HttpProtocolParams.setContentCharset(myParams, "utf-8"); 
myParams.setBooleanParameter("http.protocol.expect-continue", false); 


HttpConnectionParams.setConnectionTimeout(myParams, 100000); 
HttpConnectionParams.setSoTimeout(myParams, 100000); 

// 
KeyStore trusted; 
try { 

     trusted = KeyStore.getInstance("pkcs12"); 
     trusted.load(null, "".toCharArray()); 
     SSLSocketFactory sslf = new SSLSocketFactory(trusted); 
    sslf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 

    SchemeRegistry schemeRegistry = new SchemeRegistry(); 
    schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 

    schemeRegistry.register(new Scheme("https", sslf, 443));  
    ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(myParams, schemeRegistry); 


    httpClient = new DefaultHttpClient(manager, myParams); 
    } catch (KeyStoreException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (NoSuchAlgorithmException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (CertificateException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (IOException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (KeyManagementException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    } catch (UnrecoverableKeyException e) { 
    // TODO Auto-generated catch block 
    e.printStackTrace(); 
    }   
    // 

    localContext = new BasicHttpContext(); 

    httpClient.getParams().setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.RFC_2109); 

    httpPost = new HttpPost("https://...."); 
    response = null; 

    StringEntity tmp = null;   

    httpPost.setHeader("SOAPAction", "SoapActionURL"); 

    if (contentType != null) { 
     httpPost.setHeader("Content-Type", contentType); 
    } else { 
     httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded"); 
    } 

    try { 
     tmp = new StringEntity(data,"UTF-8"); 
    } catch (UnsupportedEncodingException e) { 
     Log.e("Your App Name Here", "HttpUtils : UnsupportedEncodingException : "+e); 
    } 

    httpPost.setEntity(tmp); 

    try { 

     response = httpClient.execute(httpPost,localContext); 

     if (response != null) { 
      ret = EntityUtils.toString(response.getEntity()); 
     } 
    } catch (Exception e) { 
     Log.e("Your App Name Here", "HttpUtils: " + e); 
    }

Fuente

2010-06-16 user342823

+1

Véase la pregunta http://stackoverflow.com/questions/995514/https-connection-android#1000205 –

+0

Cuando realizar una llamada https realmente necesita la presencia de un certificado. ¿Tiene un certificado presente en su servicio web? – Droidekas

Respuesta

1 
KeyStore trusted; 
try { 

     trusted = KeyStore.getInstance("pkcs12"); 
     trusted.load(null, "".toCharArray()); 
     SSLSocketFactory sslf = new SSLSocketFactory(trusted);

No tiene un almacén de confianza que almacena el certificado del servidor al que se está conectando, y ese servidor al que se está conectando no es de confianza. Para solucionar esto, debe crear un archivo de almacén de claves con Keytool (creé un almacén de claves BKS y lo cargué con el proveedor SpongyCastle) como almacén de confianza.

keytool -importcert -file servercert.crt -alias mykey -keystore truststore.jks -storetype BKS -providerpath bcprov-jdk15on-151.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider

Además, he usado una versión más reciente de Apache HttpClient, específicamente http://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient-android/4.3.5

public KeyStore initializeTrustStore(Context context) 
{ 
    KeyStore keyStore = null; 
    try 
    { 
     keyStore = KeyStore.getInstance("BKS", BouncyCastleProvider.PROVIDER_NAME); 
     InputStream inputStream = context.getResources().openRawResource(R.raw.truststore); 
     try 
     { 
      keyStore.load(inputStream, "password".toCharArray()); 
     } 
     finally 
     { 
      inputStream.close(); 
     } 
    } 


    KeyStore trustStore = loadTrustStore(context); 
    SSLContext sslcontext = null; 
    CloseableHttpClient httpclient = null; 

     SSLContextBuilder sslContextBuilder = SSLContexts.custom() 
      .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()); 
     sslcontext = sslContextBuilder.build(); 

     // Allow TLSv1 protocol only 
     SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
      sslcontext, new String[] {"TLSv1"}, null, 
      SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER 
     ); 
     httpclient = HttpClients 
      .custom() 
      .setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) 
      .setSSLSocketFactory(sslsf).build(); 
     CloseableHttpResponse response = httpclient.execute(httpUriRequest); 
     try 
     { 
      HttpEntity entity = response.getEntity(); 
      //do things with response here 
      if(entity != null) 
      { 
       entity.consumeContent(); 
      } 
     } 
     finally 
     { 
      response.close(); 
     }

Fuente

2014-11-25 13:16:56 EpicPandaForce

Cuestiones relacionadas

 Cuestiones relacionadas