Android https-特定服务器上的tls
[英]Android https - tls on a specific server
问题描述
I developed an Android app that need to connect to a server for Rest request. 
我开发了一个Android应用,该应用需要连接到服务器以进行Rest请求。
I'm new in https and (despite last 2 days spent to looking for on the on web) I've not understood nothing. 我是https的新手,(尽管过去2天花了很多时间在网上查找),我还是一无所知。
The server has a certificate made with COMODO(or geotrust) and has a KeyStore ( NOT made by me). 该服务器具有使用COMODO(或geotrust)制作的证书,并且具有KeyStore( 不是我制作的)。
I tried to use: 我尝试使用:
- Trusting all certificates using HttpClient over HTTPS (bue cannot able to understand where/how use openssl) 在HTTPS上使用HttpClient信任所有证书 (由于无法理解在哪里/如何使用openssl)
- Java HttpsURLConnection and TLS 1.2 (but didin't work) Java HttpsURLConnection和TLS 1.2 (但无效)
- Android java.security.cert.CertPathValidatorException: Trust anchor for certification path not found (tried this too but neither works.) Android java.security.cert.CertPathValidatorException:找不到证书路径的信任锚 (也尝试过此方法,但均无效 )。
Then I tried this. 然后我尝试了这个。 Trusting all certificates using HttpClient over HTTPS 通过HTTPS使用HttpClient信任所有证书
And works. 和工程。 The problem is that I need to make it specific fpor the access of the server and none else. 问题是我需要使它特定于服务器的访问权限。
This is my code for GET/DELETE request: 这是我的GET / DELETE请求代码:
public static HttpsURLConnection setHttpsURLConnection(String type, URL url, Activity activity) throws IOException {
trustEveryone(); //from the link above
HttpsURLConnection response=(HttpsURLConnection) url.openConnection();
response.setConnectTimeout(Costanti.connectionTimeout);
response.setReadTimeout(Costanti.connectionTimeout);
response.setRequestProperty("Content-type", "application/json");
response.setRequestProperty("Accept", "application/json");
response.setRequestProperty("Authorization", "Basic tfhtrhsthLkO=");
response.setRequestMethod(type);
return response;
}
I need know what should i do, step by step. 我需要一步一步地知道我该怎么办。
What you need know to help me? 您需要知道些什么来帮助我?
https://www.ssllabs.com/ssltest says: https://www.ssllabs.com/ssltest说:
- TLS 1.2 TLS 1.2
- TLS 1.1 TLS 1.1
- TLS 1.0 TLS 1.0
- Key RSA 2048 bits (e 65537) 密钥RSA 2048位(e 65537)
- Issuer GeoTrust DV SSL CA - G3 发行人GeoTrust DV SSL CA-G3
- Signature algorithm SHA256withRSA 签名算法SHA256withRSA
- Certificate Transparency Yes (certificate) 证书透明度是(证书)
1 个解决方案
解决方案1
0 已采纳 2017-07-18 10:10:18
Thanks for answer me, both. 谢谢你回答我,两个。 @pedrofb your link doeasn't work. @pedrofb,您的链接无效。
I found the solution reading andorid documentation having a morning-clear-mind. 我发现解决方案阅读andorid文档时头脑清醒。
My certificate is made by GEOTRUST (a CA -> someone who says "your certificate is 'more' valide through us"). 我的证书是由GEOTRUST(CA->某人说“您的证书是我们的'更多'证明”)制成的。 Andorid has a range of Trusted CA (in that way the configuration is simple). Andorid具有一系列Trusted CA(通过这种方式配置很简单)。
When your CA is not present in the Android favorite you need say andorid that you can trust this certificate from that CA --> https://developer.android.com/training/articles/security-ssl.html 当您的CA不存在于Android收藏夹中时,您需要说出andorid,您可以信任来自该CA的此证书-> https://developer.android.com/training/articles/security-ssl.html
What i did is take the certificate of server and use it in the next code (from link above) in order to generate the SSLSOCKETFACTORY and use it in the httpsURLConnection.setSSLSocketFactory(socket) : 我所做的就是获取服务器证书,并在下一个代码中使用它(来自上面的链接),以便生成SSLSOCKETFACTORY并在httpsURLConnection.setSSLSocketFactory(socket)中使用它:
public static final String CERTIFICATO=("-----BEGIN CERTIFICATE-----\n" +
"MIIFuDCCBKCgA....kqhkiG9w0BAQsFADBm\n" +
"MQswCQYDVQQGEwJ...SW5jLjEdMBsGA1UECxMU\n" +
"RG9tYWluIFZhbGlk....ERWIFNTTCBD\n" +
"QSAtIEczMB4XDTE....k1OVowGzEZMBcGA1UE\n" +
"AwwQdGVzdDIuYmNzb2....ADggEPADCCAQoC\n" +
"ggEBAMEIbF7hHdy2...d6nWJE0zRSG1IzL6qTe\n" +
"tan8UGyIUdHTx0Cy...VRhchXab628VxP\n" +
"1Ngd2ffFUKBO9...N0/Fphr\n" +
"9yKJCwgbcb2PAsH....knT5q\n" +
"T6qkfug0jBVdKmaG5...Vg694vGZYVkFi\n" +
"NbDFAaF7f1oS...BKCEHRl\n" +
"c3QyLmJjc29mdC....hpodHRw\n" +
"Oi8vZ3Quc3ltY2I...gZngQwBAgEw\n" +
"gYQwPwYIKwY...N0LmNvbS9yZXNvdXJj\n" +
"ZXMvcmVw...RwczovL3d3dy5n\n" +
"ZW90cnVzdC5jb...WwwHwYDVR0jBBgw\n" +
"FoAUrWUihZ...B0GA1UdJQQW\n" +
"MBQGCCsGAQU....wHwYIKwYBBQUH\n" +
"MAGGE2h0d...0dHA6Ly9ndC5z\n" +
"eW1jYi5jb20vZ3Q...wDxAHYA3esdK3oN\n" +
"T6Ygi4GtgWhwf...RzBFAiBp54lk\n" +
"UV/yv5lgSW0w...K4uzyiBfJQMMe1\n" +
"OVzA+x/INw9...5G9+443fNDsgN\n" +
"3BAAAAFc9Ao..WRNuoF/GR\n" +
"ckf1umsC...NBgkqhkiG\n" +
"9w0BAQsFAA...lcKFn1fk\n" +
"N6tnsHI...JKA4fjAgV\n" +
"k5VMllg...pkVGqing\n" +
"h+pkAJg19u...suEdhrpK8c\n" +
"6ZU6kjpyNuIiVX9nAEA2..LkKM3Yi6LE\n" +
"N9TlYfz4B...nQd3bZAg==\n" +
"-----END CERTIFICATE-----\n");
public static SSLSocketFactory socket=null;
static {
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
InputStream in=null;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca;
in = new ByteArrayInputStream(Costanti.CERTIFICATO.getBytes());
ca = cf.generateCertificate(in);
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
socket=context.getSocketFactory();
}catch (Exception e){
e.printStackTrace();
LogManage.logError(LogManage.Type.Connection, Costanti.class, null, "Problema con SSL conf");
socket=null;
}
finally {
if (in!=null)
try {
in.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.