分享程序员开发的那些事...
更新时间:2022-10-16 11:14:52
您可以试试下面的示例code。希望这有助于!
私人的TrustManager [] getWrappedTrustManagers(的TrustManager [] trustManagers){
最终X509TrustManager originalTrustManager =(X509TrustManager)trustManagers [0];
返回新的TrustManager [] {
新X509TrustManager(){
公共x509证书[] getAcceptedIssuers(){
返回originalTrustManager.getAcceptedIssuers();
}
公共无效checkClientTrusted(x509证书[]证书,字符串的authType){
尝试 {
originalTrustManager.checkClientTrusted(证书,的authType);
}赶上(CertificateException E){
e.printStackTrace();
}
}
公共无效checkServerTrusted(x509证书[]证书,字符串的authType){
尝试 {
originalTrustManager.checkServerTrusted(证书,的authType);
}赶上(CertificateException E){
e.printStackTrace();
}
}
}
};
}
私人SSLSocketFactory的getSSLSocketFactory_Certificate(字符串keyStoreType,INT keystoreResId)
抛出CertificateException,KeyStoreException,IOException异常,抛出:NoSuchAlgorithmException,KeyManagementException {
CertificateFactory CF = CertificateFactory.getInstance(X.509);
InputStream的caInput = getResources()openRawResource(keystoreResId)。
证书CA = cf.generateCertificate(caInput);
caInput.close();
如果(keyStoreType == NULL || keyStoreType.length()== 0){
keyStoreType = KeyStore.getDefaultType();
}
密钥库的keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(NULL,NULL);
keyStore.setCertificateEntry(CA,CA);
串tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
的TrustManagerFactory TMF = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(的keyStore);
的TrustManager [] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
的SSL连接的SSL连接= SSLContext.getInstance(TLS);
sslContext.init(NULL,wrappedTrustManagers,NULL);
返回sslContext.getSocketFactory();
}
私人SSLSocketFactory的getSSLSocketFactory_KeyStore(字符串keyStoreType,INT keystoreResId,串keyPassword)
抛出CertificateException,KeyStoreException,IOException异常,抛出:NoSuchAlgorithmException,KeyManagementException {
InputStream的caInput = getResources()openRawResource(keystoreResId)。
//创建一个包含可信CA密钥库
如果(keyStoreType == NULL || keyStoreType.length()== 0){
keyStoreType = KeyStore.getDefaultType();
}
密钥库的keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(caInput,keyPassword.toCharArray());
//创建的TrustManager一个信任的CA密钥库
串tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
的TrustManagerFactory TMF = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(的keyStore);
的TrustManager [] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
的SSL连接的SSL连接= SSLContext.getInstance(TLS);
sslContext.init(NULL,wrappedTrustManagers,NULL);
返回sslContext.getSocketFactory();
}
然后调用这两个中的一个:
的SSLSocketFactory的SSLSocketFactory = getSSLSocketFactory_KeyStore(BKS,R.raw.androidbksv1,123456789);
SSLSocketFactory的SSLSocketFactory的= getSSLSocketFactory_Certificate(BKS,R.raw.androidbksv1_cert);
I'm an android newbie. This question has been asked many times, but I've went through almost all the questions in here.
I'm trying to use a self-signed certificate on Node.Js server (using express) and Volley on android.
Using : http://blog.applegrew.com/2015/04/using-pinned-self-signed-ssl-certificate-with-android-volley/
I can't use http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificate/ because there's too much code to change on my app.
That's the error.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
My volleysingelton code :
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = mCtx.getResources().openRawResource(R.raw.evennewer);
try {
// Initialize the keystore with the provided trusted certificates
// Provide the password of the keystore
trusted.load(in, KEYSTORE_PASSWORD);
} finally {
in.close();
}
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(trusted);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sf = context.getSocketFactory();
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
My Node.Js code :
var config = {
key: fs.readFileSync('./ssl/newkey.key'),
cert: fs.readFileSync('./ssl/newcert.crt')
};
var port = 443;
var server = https.createServer(config, app).listen(port, function(){
console.log("Express server listening on port " + port);
});
And openssl debug returned:
Verify return code: 18 (self signed certificate)
You can try the following sample code. Hope this helps!
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
originalTrustManager.checkClientTrusted(certs, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
originalTrustManager.checkServerTrusted(certs, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
}
};
}
private SSLSocketFactory getSSLSocketFactory_Certificate(String keyStoreType, int keystoreResId)
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(keystoreResId);
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
if (keyStoreType == null || keyStoreType.length() == 0) {
keyStoreType = KeyStore.getDefaultType();
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
return sslContext.getSocketFactory();
}
private SSLSocketFactory getSSLSocketFactory_KeyStore(String keyStoreType, int keystoreResId, String keyPassword)
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {
InputStream caInput = getResources().openRawResource(keystoreResId);
// creating a KeyStore containing trusted CAs
if (keyStoreType == null || keyStoreType.length() == 0) {
keyStoreType = KeyStore.getDefaultType();
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(caInput, keyPassword.toCharArray());
// creating a TrustManager that trusts the CAs in the KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
return sslContext.getSocketFactory();
}
Then call one of the two:
SSLSocketFactory sslSocketFactory = getSSLSocketFactory_KeyStore("BKS", R.raw.androidbksv1, "123456789");
SSLSocketFactory sslSocketFactory = getSSLSocketFactory_Certificate("BKS", R.raw.androidbksv1_cert);