Android:无法通过HTTPS访问本地网站
[英]Android: Unable to access a local website over HTTPS
问题描述
I am trying to access a locally hosted website and get its HTML source to parse. 
我正在尝试访问本地托管的网站,并获取其HTML源进行解析。 I have few questions: 我有几个问题:
1) Can I use "https://An IP ADDRESS HERE" as a valid URL to try and access. 1)我可以使用“ https://这里的IP地址”作为有效的URL尝试访问。 I do not want to make changes in the /etc/hosts file so I want to do it this way. 我不想在/ etc / hosts文件中进行更改,所以我想用这种方式。
2) I cannot get the html, since it is giving me Handshake exceptions and Certificate issues. 2)我无法获取html,因为它给了我握手异常和证书问题。 I have tried a lot of help available over the web , but am not successful. 我已经尝试了很多可通过网络获得的帮助,但是并不成功。
Here is the code I am using: 这是我正在使用的代码:
public class MainActivity extends Activity {
private TextView textView;
String response = "";
String finalresponse="";
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
textView = (TextView) findViewById(R.id.TextView01);
System.setProperty("javax.net.ssl.trustStore","C:\\User\\*" );
System.setProperty("javax.net.ssl.trustStorePassword", "" );
}
private class DownloadWebPageTask extends AsyncTask<String, Void, String> {
@Override
protected String doInBackground(String... urls) {
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
}
try {
URL url = new URL("https://172.27.224.133");
HttpsURLConnection con =(HttpsURLConnection)url.openConnection();
con.setHostnameVerifier(new AllowAllHostnameVerifier());
finalresponse=readStream(con.getInputStream());
} catch (Exception e) {
e.printStackTrace();
}
return finalresponse;
}
private String readStream(InputStream in) {
BufferedReader reader = null;
try {
reader = new BufferedReader(new InputStreamReader(in));
String line = "";
while ((line = reader.readLine()) != null) {
response+=line;
}
} catch (IOException e) {
e.printStackTrace();
} finally {
if (reader != null) {
try {
reader.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return response;
}
@Override
protected void onPostExecute(String result) {
textView.setText(finalresponse);
}
}
public void readWebpage(View view) {
DownloadWebPageTask task = new DownloadWebPageTask();
task.execute(new String[] { "https://172.27.224.133" });
}
}
1 个解决方案
解决方案1
3 已采纳 2012-07-08 20:58:56
The problem with using https://local-ip-address to access an SSL protected web page is that this will most likely lead to an issue with the browser trusting the web site's SSL certificate. 使用https://local-ip-address访问受SSL保护的网页的问题在于,这很可能导致浏览器信任该网站的SSL证书。
This is because the browser will attempt to validate the SSL certificate by checking that the host name being used in the HTTPS URL matches the CN= host name contained inside the SSL certificate. 这是因为浏览器将通过检查HTTPS URL中使用的主机名是否与SSL证书中包含的CN=主机名匹配来尝试验证SSL证书。
Updated to remove reference to localhost (I originally thought that locally hosted web site meant on the same server as the browser, which with Android is obviously not the case) : 更新以删除对本地主机的引用(我最初认为本地托管的网站与浏览器位于同一服务器上,而Android显然不是这种情况):
You can avoid this validate error by changing your local host table to include the fully qualified host name contained in the SSL certificate and associating that name with the specific IP address you want to use. 通过更改本地主机表以包括SSL证书中包含的标准主机名,并将该名称与您要使用的特定IP地址相关联,可以避免此验证错误。
Alternatives to hard-coding IP address in /etc/hosts 在/ etc / hosts中对IP地址进行硬编码的替代方法
If you have control over how the SSL certificate is created you can add additional host names and even IP addresses to your certificate using Subject Alternate Names or SAN. 如果您可以控制SSL证书的创建方式,则可以使用“ Subject Alternate Names或“ SAN”向证书添加其他主机名,甚至IP地址。 This may be a viable option if you are using a self-signed certificate. 如果您使用的是自签名证书,这可能是一个可行的选择。
However, if your locally hosted web site is also accessed from the Internet you are more than likely using a purchased SSL certificate and hard-coding IP addresses into such a certificate will most likely lead to a support issue over time as internal IP address can change over time requiring repurchasing an SSL certificate. 但是,如果还可以从Internet访问本地托管的网站,则很有可能使用购买的SSL证书,并且随着时间的推移,内部IP地址可能会更改,因此将IP地址硬编码到此类证书中很可能会导致支持问题随着时间的流逝,需要重新购买SSL证书。
Another option might be to hard-code your internal IP address into the DNS server that the mobile device is using if you have control over that server. 如果您可以控制移动服务器使用的内部IP地址,则另一种选择是将其内部IP地址硬编码到移动设备正在使用的DNS服务器中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.