Android https - 特定服务器上的 tls
Android https - tls on a specific server
我开发了一个 Android 应用程序,需要连接到服务器以进行休息请求。
我是 https 的新手,而且(尽管过去 2 天花了在网上寻找)我什么都不懂。
服务器有一个用 COMODO(或 geotrust)制作的证书,并且有一个 KeyStore(NOT 是我制作的)。
我尝试使用:
-
(bue 无法理解 where/how 使用 openssl)
(但没用)
(也试过了,但都不管用。)
然后我试了这个。
并且有效。问题是我需要将它具体化为服务器的访问和none else.
这是我的 GET/DELETE 请求代码:
public static HttpsURLConnection setHttpsURLConnection(String type, URL url, Activity activity) throws IOException {
trustEveryone(); //from the link above
HttpsURLConnection response=(HttpsURLConnection) url.openConnection();
response.setConnectTimeout(Costanti.connectionTimeout);
response.setReadTimeout(Costanti.connectionTimeout);
response.setRequestProperty("Content-type", "application/json");
response.setRequestProperty("Accept", "application/json");
response.setRequestProperty("Authorization", "Basic tfhtrhsthLkO=");
response.setRequestMethod(type);
return response;
}
我需要知道我应该怎么做,一步一步。
你需要知道什么来帮助我?
https://www.ssllabs.com/ssltest 说:
- TLS 1.2
- TLS 1.1
- TLS 1.0
- 密钥 RSA 2048 位 (e 65537)
- 颁发者 GeoTrust DV SSL CA - G3
- 签名算法SHA256withRSA
- 证书透明度是(证书)
谢谢你回答我,两位。
@pedrofb 你的 link 不工作。
我找到了阅读 andorid 文档的解决方案 morning-clear-mind。
我的证书是由 GEOTRUST(一个 CA -> 说 "your certificate is 'more' valide through us" 的人)制作的。
Andorid 有一系列的 Trusted CA(这样配置很简单)。
当您的 CA 不在 Android 收藏夹中时,您需要说 andorid 您可以信任来自该 CA 的证书
-->
https://developer.android.com/training/articles/security-ssl.html
我所做的是获取服务器证书并在下一个代码中使用它(来自上面的 link)以生成 SSLSOCKETFACTORY 并在 httpsURLConnection.setSSLSocketFactory(套接字):
public static final String CERTIFICATO=("-----BEGIN CERTIFICATE-----\n" +
"MIIFuDCCBKCgA....kqhkiG9w0BAQsFADBm\n" +
"MQswCQYDVQQGEwJ...SW5jLjEdMBsGA1UECxMU\n" +
"RG9tYWluIFZhbGlk....ERWIFNTTCBD\n" +
"QSAtIEczMB4XDTE....k1OVowGzEZMBcGA1UE\n" +
"AwwQdGVzdDIuYmNzb2....ADggEPADCCAQoC\n" +
"ggEBAMEIbF7hHdy2...d6nWJE0zRSG1IzL6qTe\n" +
"tan8UGyIUdHTx0Cy...VRhchXab628VxP\n" +
"1Ngd2ffFUKBO9...N0/Fphr\n" +
"9yKJCwgbcb2PAsH....knT5q\n" +
"T6qkfug0jBVdKmaG5...Vg694vGZYVkFi\n" +
"NbDFAaF7f1oS...BKCEHRl\n" +
"c3QyLmJjc29mdC....hpodHRw\n" +
"Oi8vZ3Quc3ltY2I...gZngQwBAgEw\n" +
"gYQwPwYIKwY...N0LmNvbS9yZXNvdXJj\n" +
"ZXMvcmVw...RwczovL3d3dy5n\n" +
"ZW90cnVzdC5jb...WwwHwYDVR0jBBgw\n" +
"FoAUrWUihZ...B0GA1UdJQQW\n" +
"MBQGCCsGAQU....wHwYIKwYBBQUH\n" +
"MAGGE2h0d...0dHA6Ly9ndC5z\n" +
"eW1jYi5jb20vZ3Q...wDxAHYA3esdK3oN\n" +
"T6Ygi4GtgWhwf...RzBFAiBp54lk\n" +
"UV/yv5lgSW0w...K4uzyiBfJQMMe1\n" +
"OVzA+x/INw9...5G9+443fNDsgN\n" +
"3BAAAAFc9Ao..WRNuoF/GR\n" +
"ckf1umsC...NBgkqhkiG\n" +
"9w0BAQsFAA...lcKFn1fk\n" +
"N6tnsHI...JKA4fjAgV\n" +
"k5VMllg...pkVGqing\n" +
"h+pkAJg19u...suEdhrpK8c\n" +
"6ZU6kjpyNuIiVX9nAEA2..LkKM3Yi6LE\n" +
"N9TlYfz4B...nQd3bZAg==\n" +
"-----END CERTIFICATE-----\n");
public static SSLSocketFactory socket=null;
static {
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
InputStream in=null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca;
in = new ByteArrayInputStream(Costanti.CERTIFICATO.getBytes());
ca = cf.generateCertificate(in);
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
socket=context.getSocketFactory();
}catch (Exception e){
e.printStackTrace();
LogManage.logError(LogManage.Type.Connection, Costanti.class, null, "Problema con SSL conf");
socket=null;
}
finally {
if (in!=null)
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
我开发了一个 Android 应用程序,需要连接到服务器以进行休息请求。
我是 https 的新手,而且(尽管过去 2 天花了在网上寻找)我什么都不懂。
服务器有一个用 COMODO(或 geotrust)制作的证书,并且有一个 KeyStore(NOT 是我制作的)。
我尝试使用:
- (bue 无法理解 where/how 使用 openssl)
然后我试了这个。
并且有效。问题是我需要将它具体化为服务器的访问和none else.
这是我的 GET/DELETE 请求代码:
public static HttpsURLConnection setHttpsURLConnection(String type, URL url, Activity activity) throws IOException {
trustEveryone(); //from the link above
HttpsURLConnection response=(HttpsURLConnection) url.openConnection();
response.setConnectTimeout(Costanti.connectionTimeout);
response.setReadTimeout(Costanti.connectionTimeout);
response.setRequestProperty("Content-type", "application/json");
response.setRequestProperty("Accept", "application/json");
response.setRequestProperty("Authorization", "Basic tfhtrhsthLkO=");
response.setRequestMethod(type);
return response;
}
我需要知道我应该怎么做,一步一步。
你需要知道什么来帮助我?
https://www.ssllabs.com/ssltest 说:
- TLS 1.2
- TLS 1.1
- TLS 1.0
- 密钥 RSA 2048 位 (e 65537)
- 颁发者 GeoTrust DV SSL CA - G3
- 签名算法SHA256withRSA
- 证书透明度是(证书)
谢谢你回答我,两位。 @pedrofb 你的 link 不工作。
我找到了阅读 andorid 文档的解决方案 morning-clear-mind。
我的证书是由 GEOTRUST(一个 CA -> 说 "your certificate is 'more' valide through us" 的人)制作的。 Andorid 有一系列的 Trusted CA(这样配置很简单)。
当您的 CA 不在 Android 收藏夹中时,您需要说 andorid 您可以信任来自该 CA 的证书 --> https://developer.android.com/training/articles/security-ssl.html
我所做的是获取服务器证书并在下一个代码中使用它(来自上面的 link)以生成 SSLSOCKETFACTORY 并在 httpsURLConnection.setSSLSocketFactory(套接字):
public static final String CERTIFICATO=("-----BEGIN CERTIFICATE-----\n" +
"MIIFuDCCBKCgA....kqhkiG9w0BAQsFADBm\n" +
"MQswCQYDVQQGEwJ...SW5jLjEdMBsGA1UECxMU\n" +
"RG9tYWluIFZhbGlk....ERWIFNTTCBD\n" +
"QSAtIEczMB4XDTE....k1OVowGzEZMBcGA1UE\n" +
"AwwQdGVzdDIuYmNzb2....ADggEPADCCAQoC\n" +
"ggEBAMEIbF7hHdy2...d6nWJE0zRSG1IzL6qTe\n" +
"tan8UGyIUdHTx0Cy...VRhchXab628VxP\n" +
"1Ngd2ffFUKBO9...N0/Fphr\n" +
"9yKJCwgbcb2PAsH....knT5q\n" +
"T6qkfug0jBVdKmaG5...Vg694vGZYVkFi\n" +
"NbDFAaF7f1oS...BKCEHRl\n" +
"c3QyLmJjc29mdC....hpodHRw\n" +
"Oi8vZ3Quc3ltY2I...gZngQwBAgEw\n" +
"gYQwPwYIKwY...N0LmNvbS9yZXNvdXJj\n" +
"ZXMvcmVw...RwczovL3d3dy5n\n" +
"ZW90cnVzdC5jb...WwwHwYDVR0jBBgw\n" +
"FoAUrWUihZ...B0GA1UdJQQW\n" +
"MBQGCCsGAQU....wHwYIKwYBBQUH\n" +
"MAGGE2h0d...0dHA6Ly9ndC5z\n" +
"eW1jYi5jb20vZ3Q...wDxAHYA3esdK3oN\n" +
"T6Ygi4GtgWhwf...RzBFAiBp54lk\n" +
"UV/yv5lgSW0w...K4uzyiBfJQMMe1\n" +
"OVzA+x/INw9...5G9+443fNDsgN\n" +
"3BAAAAFc9Ao..WRNuoF/GR\n" +
"ckf1umsC...NBgkqhkiG\n" +
"9w0BAQsFAA...lcKFn1fk\n" +
"N6tnsHI...JKA4fjAgV\n" +
"k5VMllg...pkVGqing\n" +
"h+pkAJg19u...suEdhrpK8c\n" +
"6ZU6kjpyNuIiVX9nAEA2..LkKM3Yi6LE\n" +
"N9TlYfz4B...nQd3bZAg==\n" +
"-----END CERTIFICATE-----\n");
public static SSLSocketFactory socket=null;
static {
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
InputStream in=null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca;
in = new ByteArrayInputStream(Costanti.CERTIFICATO.getBytes());
ca = cf.generateCertificate(in);
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
socket=context.getSocketFactory();
}catch (Exception e){
e.printStackTrace();
LogManage.logError(LogManage.Type.Connection, Costanti.class, null, "Problema con SSL conf");
socket=null;
}
finally {
if (in!=null)
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}