堆栈内存溢出
  简体   繁体   English

在Android-J2SE上使用SSL与服务器客户端套接字通信

[英]Using SSL with server client socket communication on android-j2se

 原文  2017-01-04 10:02:13       java/ android/ sockets/ ssl

问题描述

I am making a very small scale application with server - client model where server is a j2se application and client is a android application. 我正在使用服务器-客户端模型制作一个非常小型的应用程序,其中服务器是j2se应用程序,客户端是android应用程序。

The server would be hosted with Dynamic DNS and needs to be portable as in changing domain name. 该服务器将托管有动态DNS,并且需要像更改域名一样可移植。

Now with SSL this could be problematic as the certificate is required to have a identifiable server address , either domain name or IP , both of which might change. 现在使用SSL可能会出现问题,因为要求证书具有可识别的服务器地址(域名或IP),两者都可能会更改。 I assume it is to prevent someone from masquerading as the server sending the same public key from a different location. 我认为这是为了防止某人伪装成服务器从另一个位置发送相同的公钥。

So how should I cope with this situation? 那么我该如何应对呢?

1 个解决方案

解决方案1
 0  2017-01-04 10:24:46

Below would be the hint to proceed. 以下是继续进行的提示。 Add a custom trust manager for connections which validate the certificate of the server - and add a custom host name verification logic which evaluates the host name to be from the acceptable list - or just hardcode to true. 添加一个用于验证服务器证书的连接的自定义信任管理器-添加一个自定义主机名验证逻辑,该逻辑将主机名评估为可接受的列表-或仅将硬编码设置为true。 

        SSLContext ctx = SSLContext.getInstance("TLS");
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(getTrustedCert());//todo
        ctx.init(null, tmf.getTrustManagers(), null);

        HttpsURLConnection.setDefaultSSLSocketFactory(ctx.getSocketFactory());

        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {  
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return isInAcceptableHostNameList(arg0);//todo
            }
        });

From docs - 文档 -

This class uses HostnameVerifier and SSLSocketFactory. 此类使用HostnameVerifier和SSLSocketFactory。 There are default implementations defined for both classes. 这两个类都有默认的实现。 However, the implementations can be replaced on a per-class (static) or per-instance basis. 但是,可以按每个类(静态)或每个实例替换这些实现。 All new HttpsURLConnections instances will be assigned the "default" static values at instance creation, but they can be overriden by calling the appropriate per-instance set method(s) before connecting. 创建实例时,将为所有新的HttpsURLConnections实例分配“默认”静态值,但可以通过在连接之前调用适当的每个实例集方法来覆盖它们。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在Android上使用客户端/服务器证书进行双向身份验证SSL套接字 - Using client/server certificates for two way authentication SSL socket on Android 使用java中的套接字进行服务器客户端通信 - server client communication using socket in java 套接字通信服务器/客户端 - Socket Communication Server/Client Android通过SSL与Bouncy Castle进行服务器之间的通信 - Android to server communication using SSL with Bouncy Castle 多线程套接字通信客户端/服务器 - Multithreading Socket communication Client/Server C#服务器与Android客户端应用之间的SSL通信 - SSL communication between a C# Server and an Android Client App 带有套接字的Java Communication Server客户端 - Java Communication Server Client with Socket 基于客户端服务器套接字的通信 - client server socket based communication 如何在Java(Android)套接字通信中立即检测到服务器与客户端的断开连接 - How to detect the server disconnection to the client immediately in Java(Android) socket communication Android,客户端服务器通信 - Android, Client Server Communication
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM