使用这个网络库:
由于目前处于开发状态,我想使用自签名SSL证书
图书馆论坛有一些讨论:
https://github.com/koush/ion/issues/3
Ion ion = Ion.getDefault(c);
ion.configure().createSSLContext("TLS");
ion.getHttpClient().getSSLSocketMiddleware().setSSLContext(sslContext);
ion.getHttpClient().getSSLSocketMiddleware().setTrustManagers(trustManagers);
经过一些研究,我已经获取了crt并获取了sslContext和trustmanager,问题是,它仍然返回异常
javax.net.ssl.SSLException
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
这是我的尝试:
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.raw.load);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
//System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
caInput.close();
}
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
ssl_context = SSLContext.getInstance("TLS");
ssl_context.init(null, tmf.getTrustManagers(), null);
} catch (Exception e) {
Log.d("test1", "A: " + e);
}
Ion.getDefault(this).getHttpClient().getSSLSocketMiddleware().setTrustManagers(tmf.getTrustManagers());
Ion.getDefault(this).getHttpClient().getSSLSocketMiddleware().setSSLContext(ssl_context);
//test SSL
Ion.getDefault(this).with(this)
.load("https://na2b.no-ip.com/dragonair/can_app/api/media_list.php")
.asJsonObject()
.setCallback(new FutureCallback<JsonObject>() {
@Override
public void onCompleted(Exception e, JsonObject result) {
if (e != null) {
Log.d("test1", "B: " + e);
} else {
Log.d("test1", "result" + result);
}
}
});
请注意异常出现在 B: 部分,这意味着 trustmanager 和 SSLcontext 应该正确构建,如何解决?
感谢您的帮助。
最佳答案
关于你的问题,IMO,你可以引用我下面的示例代码。我已经使用我的网络服务 (Asp.Net WebAPI) 进行了测试。希望对您有所帮助!
public class MainActivity extends AppCompatActivity {
private Context mContext = this;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// cert file stored in \app\src\main\res\raw
InputStream caInput = getResources().openRawResource(R.raw.your_cert);
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
AsyncSSLSocketMiddleware sslMiddleWare = Ion.getDefault(mContext).getHttpClient().getSSLSocketMiddleware();
sslMiddleWare.setTrustManagers(wrappedTrustManagers);
sslMiddleWare.setHostnameVerifier(getHostnameVerifier());
sslMiddleWare.setSSLContext(sslContext);
// Post application/x-www-form-urlencoded and read a String
Ion.with(mContext)
.load("https://yourserver/token")
.setBodyParameter("grant_type", "password")
.setBodyParameter("username", "bnk")
.setBodyParameter("password", "bnk123456789")
.asString()
.setCallback(new FutureCallback<String>() {
@Override
public void onCompleted(Exception e, String result) {
if (result != null) {
Log.i("ionSample", result);
} else if (e != null) {
e.printStackTrace();
}
}
});
} catch (Exception e) {
e.printStackTrace();
}
}
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
// or the following:
// HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
// return hv.verify("www.yourserver.com", session);
}
};
}
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
}
Logcat 输出:
I/ionSample: {"access_token":"oS1SHxck8TzidTL...P-_6VFjRlDsjF9_A0JONu59rzYOVQV...ka78pHSvRPB5YrrBlHsF562Ay__Jd0MDfpOB0SRML2N8O3XPZK8woV4vjASzfGEzi7KJMmY8pkM_-P9ohHhWPD3PtgRahiqTUSapdpg6n197uJxdQWyU","token_type":"bearer","expires_in":2591999,"userName":"bnk",".issued":"Wed, 06 Jan 2016 06:26:45 GMT",".expires":"Fri, 05 Feb 2016 06:26:45 GMT"}
关于android - 如何在 android 网络库 (ION) 中使用自签名 SSL?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34540584/