1. 首頁
  2. 問答
  3. Android:使用自簽名SSL通過網絡發佈證書

Android:使用自簽名SSL通過網絡發佈證書

2016-06-07 52 views
0

我寫了一段代碼,需要在指定的網址上發佈到在線表單。該網站的SSL是一個自簽名SSL證書。我已經嘗試了一切,但繼續得到一個文件沒有發現異常。當我指定證書的URL時,它必須指向.crt文件的確切位置?Android:使用自簽名SSL通過網絡發佈證書

請看看下面的代碼,並請指導我在正確的方向:

public static byte[] doPost(String urlString, HashMap<String, String> postData, String certificateName) throws Exception 
{ 
    byte[] result = null; 

    // Load CAs from an InputStream 
    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); 
    InputStream CAInput = new BufferedInputStream(new FileInputStream(certificateName)); 
    Certificate certificate; 

    certificate = certificateFactory.generateCertificate(CAInput); 
    Dev.debug("Certificate: " + ((X509Certificate)certificate).getSubjectDN()); 
    CAInput.close(); 

    // Create Keystore containing our trusted certificates 
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
    keyStore.load(null, null); 
    keyStore.setCertificateEntry("tss_certificate", certificate); 

    // Create a TrustManager that trusts the CA in our KeyStore 
    String algorithm = TrustManagerFactory.getDefaultAlgorithm(); 
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm); 
    tmf.init(keyStore); 

    // Create an SSLContext that uses our TrustManager 
    SSLContext context = SSLContext.getInstance("TLS"); 
    context.init(null, tmf.getTrustManagers(), null); 

    // Create URL and connection 
    // The url string is "keystore.crt" 
    URL url = new URL(urlString); 
    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); 

    // Set connection properties 
    connection.setSSLSocketFactory(context.getSocketFactory()); 
    connection.setRequestMethod("POST"); 
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); 
    connection.setDoOutput(true); 
    connection.setDoInput(true); 

    // Create an output stream and write encoded data to the stream 
    byte[] output = HttpPost.postEncode(postData).getBytes(); 
    OutputStream out = new BufferedOutputStream(connection.getOutputStream()); 
    out.write(output); 
    out.flush(); 

    // Write to input stream 
    if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) 
    { 
     InputStream in = connection.getInputStream(); 
     ByteArrayOutputStream baos = new ByteArrayOutputStream(); 
     byte[] buffer = new byte[1024]; 
     int read; 
     while ((read = in.read()) > -1) baos.write(buffer, 0, read); 
     result = baos.toByteArray(); 
    } 

    connection.disconnect(); 

    return result; 
}

這裏是堆棧跟蹤:

06-07 20:16:09.445 2382-4296/techss.fitmentmanager W/System.err: java.io.FileNotFoundException: keystore: open failed: ENOENT (No such file or directory) 
06-07 20:16:09.445 2382-4296/techss.fitmentmanager W/System.err:  at libcore.io.IoBridge.open(IoBridge.java:452) 
06-07 20:16:09.445 2382-4296/techss.fitmentmanager W/System.err:  at java.io.FileInputStream.<init>(FileInputStream.java:76) 
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:  at java.io.FileInputStream.<init>(FileInputStream.java:103) 
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:  at techss.app_lib.HttpPostCert.doPost(HttpPostCert.java:34) 
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:  at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$2$override.run(JobCardStepSelectStateStaticAsset.java:104) 
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:  at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$2$override.access$dispatch(JobCardStepSelectStateStaticAsset.java) 
06-07 20:16:09.446 2382-4296/techss.fitmentmanager W/System.err:  at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$2.run(JobCardStepSelectStateStaticAsset.java:0) 
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err: Caused by: android.system.ErrnoException: open failed: ENOENT (No such file or directory) 
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:  at libcore.io.Posix.open(Native Method) 
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:  at libcore.io.BlockGuardOs.open(BlockGuardOs.java:186) 
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err:  at libcore.io.IoBridge.open(IoBridge.java:438) 
06-07 20:16:09.449 2382-4296/techss.fitmentmanager W/System.err: ... 6 more 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:328) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.http.SocketConnector.connectTls(SocketConnector.java:103) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.Connection.connect(Connection.java:143) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:185) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.http.HttpEngine.nextConnection(HttpEngine.java:341) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:248) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:433) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:384) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:231) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:210) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at techss.app_lib.CSVFile.importCsv(CSVFile.java:19) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at techss.fitmentmanager.jobcard.jobcard_steps.JobCardStepSelectStateStaticAsset$1.run(JobCardStepSelectStateStaticAsset.java:72) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:318) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:219) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:115) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:556) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err:  at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:324) 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: ... 14 more 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 
06-07 20:16:09.857 2382-4297/techss.fitmentmanager W/System.err: ... 20 more

來源

2016-06-07 Owen Nel

回答

0

您收到SSL異常,所以我認爲你是試圖從不受信任的主機(或自簽名)下載您的證書。如果你想這樣做,你有兩種選擇: - 推薦所有證書(因爲暴露給攻擊者,所以不建議這樣做)。 - 僅限您的自簽名證書。 如果你想信任所有的證書,這裏是a way to do that(不推薦)。 如果你只想接受你的證書,那麼你可以手動下載並安裝,或者如果你想要通過代碼來完成,那麼你需要this answer might help you

來源

2016-06-07 21:20:27 josemgu91

+0

感謝您的快速回復,但我正在做第二個例子所說的。我正在創建一個密鑰庫,但它正在我嘗試訪問的密鑰庫文件上拋出一個'FileNotFoundException'。我在我的服務器上有一個密鑰庫文件,我正在嘗試訪問該文件中的證書,但未找到該文件是問題的一部分。路徑是否必須位於該文件位置,還是由服務器提取?我不想採取步驟1來防止特別爲什麼有證書的攻擊。 –

+0

您是否試圖從推出的服務器中選擇證書文件? (服務器是否有有效的證書?) – josemgu91

+0

是的我試圖從服務器中選擇證書。服務器在KeyStore文件中有一個有效的自簽名證書。 –

相關問題

 相關問題