个人中心
gpt4 book ai didi

android - Android 上的 HttpClient 和自定义 TrustManager

转载 作者:太空狗 更新时间:2023-10-29 12:57:10 26 4
gpt4 key购买 nike

我一直在尝试使用 apache HttpClient 库注册我的自定义 TrustManger。以下链接包含有关如何执行此操作的说明:Https Connection Android

不幸的是,我想使用的构造函数 (public SSLSocketFactory(SSLContext sslContext) ) 在 Android 版本的 HttpClient 中不可用。我会使用 sslContext 来初始化我的自定义 TrustManager。 Android 似乎已将其替换为“KeyStore”。

我的问题是:(如何)我可以在 Android 中使用 DefaultHttpClient 注册自定义 TrustManger? KeyStore 类中是否有替代方案?

最终我想暂时忽略证书检查......请只考虑 HttpClient 库,因为我的整个应用程序都是基于它的。

最佳答案

解决方案是创建自己的套接字工厂。

public class NetworkSSLSocketFactory implements LayeredSocketFactory {

    private SSLContext sslContext;
    private SSLSocketFactory socketFactory;
    private X509HostnameVerifier hostnameVerifier;

    /**
     * Creates a socket factory that will use the {@link SSLContext} and
     * {@link X509HostnameVerifier} specified. The SSLContext provided should
     * have the {@link NetworkTrustManager} associated with it.
     * 
     * @param sslContext
     * @param hostnameVerifier
     */
    public NetworkSSLSocketFactory(SSLContext sslContext,
            X509HostnameVerifier hostnameVerifier) {
        this.sslContext = sslContext;
        this.socketFactory = sslContext.getSocketFactory();
        this.hostnameVerifier = hostnameVerifier;
    }  
}

然后创建一个使用您的 TrustManager 的 SSLContext,然后创建一个 AndroidHttpClient 并将其 https 模式替换为使用您的 SocketFactory 的模式。

    /**
     * Return the SSLContext for use with our HttpClient or create a new Context
     * if needed.
     * <p>
     * This context uses our {@link NetworkTrustManager}
     * 
     * @return an {@link SSLContext}
     */
    public SSLContext getSSLContext() {

        if (mSSLContextInstance != null)
            return mSSLContextInstance;

        try {
            mSSLContextInstance = SSLContext.getInstance("TLS");
            TrustManager trustManager = new NetworkTrustManager(getKeyStore());
            TrustManager[] tms = new TrustManager[] { trustManager };
            mSSLContextInstance.init(null, tms, new SecureRandom());
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, e.getMessage());
        } catch (KeyManagementException e) {
            Log.e(TAG, e.getMessage());
        }

        return mSSLContextInstance;
    }

现在是客户端

/**
 * Return an HttpClient using our {@link NetworkTrustManager} and
 * {@link NetworkHostnameVerifier}
 * 
 * @return an {@link HttpClient}
 */
public HttpClient getHttpClient() {

    if (mHttpClientInstance != null)
        return mHttpClientInstance;

    SSLContext sslContext = getSSLContext();

    // Now create our socket factory using our context.
    X509HostnameVerifier hostnameVerifier = new NetworkHostnameVerifier();
    NetworkSSLSocketFactory sslSocketFactory = new NetworkSSLSocketFactory(
            sslContext, hostnameVerifier);

    // Some services (like the KSOAP client) use the HttpsURLConnection
    // class
    // to establish SSL connections.
    HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
            .getSocketFactory());

    // Generate the Client for the Server
    mHttpClientInstance = AndroidHttpClient.newInstance(getAgent(),
            mContext);

    // Get the registry from the AndroidHttpClient and change the
    // HTTPS scheme to use our socket factory. This way we can
    // control the certificate authority and trust system.
    SchemeRegistry schemeRegistry = mHttpClientInstance
            .getConnectionManager().getSchemeRegistry();

    schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));

    return mHttpClientInstance;
}

如果您不知道如何创建新的 keystore ,请看这里:

    /**
     * Get the current KeyStore or if not yet created, create a new one. This
     * will <b>NOT</b> load the KeyStore file identified by
     * {@link #KEYSTORE_NAME}. To load the KeyStore file, use the function
     * {@link #loadKeyStore()} which will automatically call this function (so
     * you don't need to).
     * <p>
     * 
     * @return a {@link KeyStore}
     */
    public KeyStore getKeyStore() {

        if (mKeyStore != null)
            return mKeyStore;

        try {
            String defaultType = KeyStore.getDefaultType();
            mKeyStore = KeyStore.getInstance(defaultType);
            mKeyStore.load(null, null);
        } catch (Exception e) {
            Log.w(TAG, e.getMessage());
        }

        return mKeyStore;
    }

上述解决方案是一个解决方案的开始,它允许您创建一个 TrustManager 来验证“System KeyStore”的证书以及您拥有的“Private KeyStore”(两个 keystore )。然后,您无需尝试将证书添加到系统 keystore 。您可以在 getFilesDir() 文件夹中创建自己的 KeyStore。

我仍然没有完成从 HttpResult = HttpClient.execute(HttpPost) 捕获证书的逻辑;方法,但我现在正在积极地写这个。如果您需要帮助,我现在可以与您合作。

如果有人知道如何从 HttpRequestBase 对象中的 SSLSocekt 捕获/获取证书,请告诉我。我正在努力寻找它。

关于android - Android 上的 HttpClient 和自定义 TrustManager,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5170279/

26 4 0
文章推荐: java - 将消息从多个 Activity 传递到主要 Activity
文章推荐: android - 数据库打开/关闭 - 数据库未打开
文章推荐: android - 向 Android 添加新的编解码器?
文章推荐: android - 无法链接到 jni/ndk 共享库中的 libjpeg.so
太空狗
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com