我从 HTTPConnection 调用获取证书并保存在信任管理器中,但 webView 需要 SSL 而不是 X509 证书,是否可以转换?
I get my certificate from a HTTPConnection call and save in trust managers, but webView needs SSL not X509 Certificate, is it possible to convert?
我有一个 HTTPConnection 调用,我在上面执行此操作:
if(conn != null && conn.getServerCertificates() != null) {
Utils.appendLog("Entered Logic to add certificates",false);
Certificate ca = conn.getServerCertificates()[0];
Log.i("","adding certificate is: " + ca.getPublicKey().toString());
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream readStream = new FileInputStream(c.getFilesDir() + "/VidyoRemote/keystore.jks");
String pass = "Ready4Launch!";
try{
keyStore.load(readStream, pass.toCharArray());
}catch (Exception e){
Log.e("","error trying to load:" + e.getMessage());
keyStore.load(null, pass.toCharArray());
}
keyStore.setCertificateEntry("ca", ca);
FileOutputStream fos = new FileOutputStream(c.getFilesDir() + "/VidyoRemote/keystore.jks");
keyStore.store(fos, pass.toCharArray());
fos.close();
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
正在保存 x509 证书。
但后来我需要使用 webview 连接到该 IP。
我收到 SSL 证书的 SSL 错误。我如何检查这个SSL证书到我保存的X509?
我的 OnReceivedSslError:
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler,
SslError error) {
Log.i("","ssl certificate is: " + error.getCertificate());
Log.i("","ssl certificate is: " + error.getCertificate().getIssuedBy().toString());
Log.i("","ssl certificate is: " + error.getCertificate().getIssuedTo().toString());
Log.i("","ssl certificate is: " + error.getCertificate().getValidNotAfterDate().toString());
c = new ContextWrapper(context);
Utils.appendLog("received SSL error on webview: "+ + error.getPrimaryError() + " on certificate: " + error.getCertificate(), false);
try{
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream readStream = new FileInputStream(c.getFilesDir() + "/VidyoRemote/keystore.jks");
String pass = "Ready4Launch!";
try{
keyStore.load(readStream, pass.toCharArray());
}catch (Exception e){
Log.e("","error trying to load check:" + e.getMessage());
keyStore.load(null, pass.toCharArray());
}
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
for (TrustManager trustManager : tmf.getTrustManagers()){
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
for (X509Certificate certificate : x509TrustManager.getAcceptedIssuers()){
Log.i("","certificate is: " + certificate.toString());
Log.i("","certificate is: " + certificate.getSerialNumber());
Log.i("","certificate is: " + certificate.getSignature());
Log.i("","certificate is: " + certificate.getVersion());
Log.i("","certificate is: " + certificate.getPublicKey());
}
}
}catch (Exception e){
Log.e("","Error is: " + e.getMessage());
}
// handler.proceed();
}
它是这样工作的:
for (TrustManager trustManager : tmf.getTrustManagers()){
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
for (X509Certificate certificate : x509TrustManager.getAcceptedIssuers()){
Log.i("","certificate is: " + certificate.getIssuerX500Principal().getName());
if(error.getCertificate().toString().contains(certificate.getIssuerX500Principal().getName())){
handler.proceed();
}
}
}
certificate.getIssuerX500Principal().getName() 包含在 SSL 证书中
我有一个 HTTPConnection 调用,我在上面执行此操作:
if(conn != null && conn.getServerCertificates() != null) {
Utils.appendLog("Entered Logic to add certificates",false);
Certificate ca = conn.getServerCertificates()[0];
Log.i("","adding certificate is: " + ca.getPublicKey().toString());
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream readStream = new FileInputStream(c.getFilesDir() + "/VidyoRemote/keystore.jks");
String pass = "Ready4Launch!";
try{
keyStore.load(readStream, pass.toCharArray());
}catch (Exception e){
Log.e("","error trying to load:" + e.getMessage());
keyStore.load(null, pass.toCharArray());
}
keyStore.setCertificateEntry("ca", ca);
FileOutputStream fos = new FileOutputStream(c.getFilesDir() + "/VidyoRemote/keystore.jks");
keyStore.store(fos, pass.toCharArray());
fos.close();
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
正在保存 x509 证书。 但后来我需要使用 webview 连接到该 IP。 我收到 SSL 证书的 SSL 错误。我如何检查这个SSL证书到我保存的X509? 我的 OnReceivedSslError:
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler,
SslError error) {
Log.i("","ssl certificate is: " + error.getCertificate());
Log.i("","ssl certificate is: " + error.getCertificate().getIssuedBy().toString());
Log.i("","ssl certificate is: " + error.getCertificate().getIssuedTo().toString());
Log.i("","ssl certificate is: " + error.getCertificate().getValidNotAfterDate().toString());
c = new ContextWrapper(context);
Utils.appendLog("received SSL error on webview: "+ + error.getPrimaryError() + " on certificate: " + error.getCertificate(), false);
try{
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
InputStream readStream = new FileInputStream(c.getFilesDir() + "/VidyoRemote/keystore.jks");
String pass = "Ready4Launch!";
try{
keyStore.load(readStream, pass.toCharArray());
}catch (Exception e){
Log.e("","error trying to load check:" + e.getMessage());
keyStore.load(null, pass.toCharArray());
}
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
for (TrustManager trustManager : tmf.getTrustManagers()){
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
for (X509Certificate certificate : x509TrustManager.getAcceptedIssuers()){
Log.i("","certificate is: " + certificate.toString());
Log.i("","certificate is: " + certificate.getSerialNumber());
Log.i("","certificate is: " + certificate.getSignature());
Log.i("","certificate is: " + certificate.getVersion());
Log.i("","certificate is: " + certificate.getPublicKey());
}
}
}catch (Exception e){
Log.e("","Error is: " + e.getMessage());
}
// handler.proceed();
}
它是这样工作的:
for (TrustManager trustManager : tmf.getTrustManagers()){
X509TrustManager x509TrustManager = (X509TrustManager) trustManager;
for (X509Certificate certificate : x509TrustManager.getAcceptedIssuers()){
Log.i("","certificate is: " + certificate.getIssuerX500Principal().getName());
if(error.getCertificate().toString().contains(certificate.getIssuerX500Principal().getName())){
handler.proceed();
}
}
}
certificate.getIssuerX500Principal().getName() 包含在 SSL 证书中