堆栈内存溢出
  简体   繁体   English

如何使Android上的NanoHTTPD接受具有专用客户端证书的客户端连接

[英]How to make NanoHTTPD on Android accept connection from client with dedicated client certificate

 原文  2017-08-15 01:03:13       android/ ssl/ ssl-certificate

问题描述

I make an web service on an Android device using NanoHTTPD. 我使用NanoHTTPD在Android设备上制作了Web服务。 But it will trust all certificate and accept SSL connection from all client. 但是它将信任所有证书并接受来自所有客户端的SSL连接。 I want to limit the access from specific client only. 我只想限制来自特定客户端的访问。

Update: I try to work like this: 更新:我尝试像这样工作: 

        String KEYSTOREPASS = "test";
        char[]ctpass = KEYSTOREPASS.toCharArray();
        KeyStore ks = KeyStore.getInstance("PKCS12");

        //Directly load cert from Resources
        //ks.load(ctx.getResources().openRawResource(R.raw.cayan_cert),kspass);

        //Or dynamically generate a cert and use it
        ipAddressInCN = MainApplication.getIPAddress();

        //Use the current IP Address to generate a cert that signed by hard coded CA, and add to keystore
        String CN = "CN=" + ipAddressInCN;
        ks.load(null, null);
        GenerateCSR.AddCertToKeyStore(ks, ctpass, CN);

        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, ctpass);

        SSLContext sc = SSLContext.getInstance("TLS");

        TrustManager[] tm = new TrustManager[]{new X509TrustManager() {

            public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                return new java.security.cert.X509Certificate[0];
            }

            public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
                                           String authType) {
                System.out.println("abc");
                return;
            }

            public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
                                           String authType) {

                return;
            }

        }};

        sc.init(kmf.getKeyManagers(), tm, null);
        server.makeSecure(sc.getServerSocketFactory(), null);

I try to set break point to my custom trust manager functions but they are never called. 我尝试为我的自定义信任管理器功能设置断点,但从未调用过它们。

1 个解决方案

解决方案1
 0  2017-08-15 01:43:28

But it will trust all certificate and accept SSL connection from all client. 但是它将信任所有证书并接受来自所有客户端的SSL连接。

Not true. 不对。 It will only accept SSL connections from clients with trusted certificates, unless you have installed some brain-dead trust-all-certificates garbage, in which case you should remove them. 除非您安装了一些令人讨厌的信任所有证书的垃圾,否则它将只接受带有受信任证书的客户端的SSL连接,在这种情况下,您应该删除它们。

I want to limit the access from specific client only. 我只想限制来自特定客户端的访问。

You should do that via authorization, which you have to implement yourself in NanoHTTPD. 您应该通过授权来实现,您必须在NanoHTTPD中实现自己。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用Apache客户端和KeyChain API从Android 4.1进行客户端证书身份验证 - How to make client certificate authentication from Android 4.1 with Apache client and the KeyChain API 客户端证书无法在Android上运行-如何调试? - Client Certificate not working from Android - How to debug? 如何与 Smack 客户端 Android 建立 Ejabberd 连接? - How to make Ejabberd connection with Smack client Android? 与Android应用程序中的客户端证书的HTTPS连接 - HTTPS connection with client certificate in an android app 当我在客户端发布数组变量时,如何使用Android中的NanoHTTPD在服务器端检索数组? - How to retrieve the array in server side using NanoHTTPD in Android when I post a array var in client side? 如何在Apache客户端上接受过期的ssl证书? - How do I accept an expired ssl certificate with Apache client? 来自客户端的Android TCP连接 - Android tcp connection from client 带有客户端证书的android webview - android webview with client certificate 客户端证书Android Https - Client Certificate Android Https Android 客户端证书 403 - Android Client certificate 403
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM