在我的情况下,当我在模拟器上运行程序时 - 它的工作正常。 但是当我将 apk 安装到手机时 - 出现错误 Not trusted server certificate。 有什么问题?
我的 AsyncTask 有一段代码用于向服务器发送响应:
public abstract class BaseAsyncWorker extends AsyncTask<String, Void, String>{
public static final String AS = "BaseAsyncWorker";
private String URL;
private String result;
final Context context;
public BaseAsyncWorker(String url,Context context){
this.URL = url;
this.context = context;
}
//before
@Override
protected abstract void onPreExecute();
//background
@Override
protected String doInBackground(String... objects) {
for (String obj : objects) {
Log.d(AS,obj.toString() );
Log.d(AS,"beginning background" );
Logger.appendLog("Start response...");
try{
HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
DefaultHttpClient client = new DefaultHttpClient();
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
socketFactory.setHostnameVerifier((X509HostnameVerifier)hostnameVerifier);
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", socketFactory,443));
SingleClientConnManager mngr = new SingleClientConnManager(client.getParams(),
registry);
//trustEveryone();
DefaultHttpClient httpClient = new DefaultHttpClient(mngr,client.getParams());
//MMGHttpClient httpClient = new MMGHttpClient(context);
//httpClient.getParams().setParameter(CoreProtocolPNames.USER_AGENT, "MyMobiGift Ltd. Android");
//HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
HttpPost httpPost = new HttpPost(URL);
StringEntity se = new StringEntity(obj);
httpPost.setEntity(se);
httpPost.setHeader("Accept", "application/json");
httpPost.setHeader("Content-type", "application/json");
HttpResponse response = (HttpResponse)httpClient.execute(httpPost);
StatusLine status = response.getStatusLine();
if((status.getStatusCode())==200){
HttpEntity entity = response.getEntity();
if(entity!=null){
InputStream instream = entity.getContent();
result= convertStreamToString(instream);
instream.close();
Logger.appendLog("End response with result: "+result);
}else{
result=null;
Logger.appendLog("End response without result");
}
}
}catch (ClientProtocolException e) {Logger.appendLog("ClientProtocolException at"+e.getMessage());}
catch (IOException e) {Logger.appendLog("IOException at" + e.getMessage());}
}
return result;
}
最佳答案
这就是帮助我通过 ssl 构建正常工作的 http 通信的原因。
http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
如果您希望客户端(android 设备)真正(不是盲目地)信任主机,则需要将公共(public)证书加载到设备的 KeyStore,否则设备将无法与服务器通信
您将使用 .crt 文件,但要与 Android KeyStore 一起使用,您需要将其转换为“bks”。我执行以下操作:
// read .crt file from memory
InputStream inStream = ctx.openFileInput("cetificate.crt");
//InputStream inStream = ctx.getAssets().open("wm_loaner.cer");
if(inStream != null)
{
KeyStore cert = CertUtils.ConvertCerToBKS(inStream, "MyAlias", "password".toCharArray());
inStream.close();
}
public static KeyStore ConvertCerToBKS(InputStream cerStream, String alias, char [] password)
{
KeyStore keyStore = null;
try
{
keyStore = KeyStore.getInstance("BKS", "BC");
CertificateFactory factory = CertificateFactory.getInstance("X.509", "BC");
Certificate certificate = factory.generateCertificate(cerStream);
keyStore.load(null, password);
keyStore.setCertificateEntry(alias, certificate);
}
catch ....
{
}
return keyStore;
}
证书被转换并加载到 KeyStore 后,您可以建立连接
关于Android Https 错误 Not trusted server certificate,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9131879/