gpt4 book ai didi

java - 添加自签名证书 OkHttpClient

转载 作者:太空宇宙 更新时间:2023-11-03 13:30:51 31 4
gpt4 key购买 nike

我有一个 Android 应用程序需要使用 REST 连接到服务器。我使用 Retrofit 2 来处理请求,效果很好。问题是当我想使用 SSL 连接时。使用开放式 ssl,我有一个 client.crt、myPrivateKey.pem 和 request.csr。我还有一个用于加密客户端和服务器证书的 rootCA。

上网一查,发现很多解决方案都是一个CA文件。

这是我目前的代码。

// https://developer.android.com/training/articles/security-ssl.html#java
private OkHttpClient initClient(boolean ssl) {
if (ssl) {
SSLSocketFactory sslSocketFactory = null;
X509TrustManager x509TrustManager = null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream certificateFileCRT = mContext.getResources().openRawResource(R.raw.client);
Certificate certCRT = cf.generateCertificate(certificateFileCRT);
System.out.println("ca=" + ((X509Certificate) certCRT).getSubjectDN());
certificateFileCRT.close();

String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", certCRT);

String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);

TrustManager[] trustManagers = tmf.getTrustManagers();
x509TrustManager = (X509TrustManager) trustManagers[0];

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[]{x509TrustManager}, null);

sslSocketFactory = sslContext.getSocketFactory();
} catch (CertificateException |IOException | KeyStoreException | NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}

return new OkHttpClient.Builder()
.readTimeout(60, TimeUnit.SECONDS)
.sslSocketFactory(sslSocketFactory, x509TrustManager)
.build();
// return getUnsafeOkHttpClient();
} else {
return new OkHttpClient.Builder()
.readTimeout(60, TimeUnit.SECONDS)
.build();
}
}

当我向客户端发送请求时,我收到 java.security.cert.CertPathValidatorException trust anchor for certification path not found。

你能帮我用我的证书和 key 创建我的客户端吗?

最佳答案

我从这个 website 修复了我的代码库

私有(private) OkHttpClient initClient() 抛出 KeyStoreException、CertificateException、NoSuchAlgorithmException、IOException、UnrecoverableKeyException、KeyManagementException {

// Trust self signed certificate
InputStream certificateFileCRT = mContext.getResources().openRawResource(R.raw.server);
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(certificateFileCRT);
String alias = cert.getSubjectX500Principal().getName();
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null);
trustStore.setCertificateEntry(alias, cert);

// KeyStore containing client certificate
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream fis = mContext.getResources().openRawResource(R.raw.client);
keyStore.load(fis, "PASSWORD".toCharArray());

// Build an SSL context
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(keyStore, "PASSWORD".toCharArray());
KeyManager[] keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
TrustManager[] trustManagers = tmf.getTrustManagers();

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagers, trustManagers, null);

return new OkHttpClient.Builder()
.readTimeout(60, TimeUnit.SECONDS)
.sslSocketFactory(sslContext.getSocketFactory())
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})
.build();

关于java - 添加自签名证书 OkHttpClient,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55465995/

31 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com