SSLHandshakeException：证书未知（Java Spring 引导和 Android）

Question

我有一个 Spring 启动 API 在本地运行，带有自签名证书，使用 HTTPS 协议。 显然，当我从浏览器发送GET请求时，我收到io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown错误在服务器端，这是正常的，因为自我-signed 不受浏览器信任。 Postman 适用于GET和POST 。

However, I want to send GET requests from an Android client to the Spring API but, even I've used a function to allow all SSL traffic (yes, I know it's not recommended), I still can't send requests to the API ，接收如下output：

I/STATUS: 405
I/MSG: Method Not Allowed

我认为我的allowAllSSL() function （ HttpsTrustManager类）会解决这个问题，因为如果我删除 function 调用，我会收到以下错误，这似乎与服务器端的错误相匹配：

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
    at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:239)

现在，您可能认为 Spring 中的GET请求没有正确实现，但事实并非如此，因为相同的GET请求在 Postman 中也可以正常工作。 我相信问题仍然与证书有关，但我无法弄清楚我需要更改什么。 这是我的代码：

Spring 启动 Rest Controller

@RestController
@RequestMapping("/post")


public class PostRequest {
    @GetMapping("")
    public String string(@RequestBody ImageRequest newEmployee){
....

ImageRequest class 仅包含三个私有String成员。

HttpsTrustManager class（允许所有 SSL）

package com.example.androidclient;

import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsTrustManager implements X509TrustManager {
    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

    @Override
    public void checkClientTrusted(
            X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    @Override
    public void checkServerTrusted(
            X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    public boolean isClientTrusted(X509Certificate[] chain) {
        return true;
    }

    public boolean isServerTrusted(X509Certificate[] chain) {
        return true;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return _AcceptedIssuers;
    }

    public static void allowAllSSL() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }

        });

        SSLContext context = null;
        if (trustManagers == null) {
            trustManagers = new TrustManager[]{new HttpsTrustManager()};
        }

        try {
            context = SSLContext.getInstance("TLS");
            context.init(null, trustManagers, new SecureRandom());
        } catch (NoSuchAlgorithmException | KeyManagementException e) {
            e.printStackTrace();
        }

        HttpsURLConnection.setDefaultSSLSocketFactory(context != null ? context.getSocketFactory() : null);
    }
}

Android 请求

        HttpsTrustManager.allowAllSSL();
        URL url = new URL("https://192.168.1.106:8443/post");
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
        conn.setRequestMethod("GET");
        conn.setRequestProperty("Content-Type", "application/json;charset=UTF-8");
        conn.setRequestProperty("Accept", "application/json");
        conn.setDoOutput(true);
        conn.setDoInput(true);

        JSONObject jsonParam = new JSONObject();
        jsonParam.put("location", "Somewhere");
        jsonParam.put("date", "22.05.2020");
        jsonParam.put("imageBytes", strings[0]);


        Log.i("JSON", jsonParam.toString());
        DataOutputStream os = new DataOutputStream(conn.getOutputStream());
        //os.writeBytes(URLEncoder.encode(jsonParam.toString(), "UTF-8"));
        os.writeBytes(jsonParam.toString());

        os.flush();
        os.close();

        Log.i("STATUS", String.valueOf(conn.getResponseCode()));
        Log.i("MSG", conn.getResponseMessage());

        conn.disconnect();
    } catch (Exception e) {
        e.printStackTrace();
    }
    return "ok";
}

Answer 1

在您的 android 应用程序中使用此 function。

请注意，这将允许所有 ssl 证书无需验证。 我鼓励您在处理此处概述的自签名证书时遵循推荐的方法： https://developer.android.com/training/articles/security-ssl#java

// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}

@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}

@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
};

// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

Answer 2

我自己找到了解决方案。 显然， Connection.setDoOutput(true)方法仅适用于POST和PUT请求，但不适用于GET 。

因此，我已将我的RequestMapping更改为在POST上工作，例如：

@RequestMapping(
    value = "/post",
    produces = "application/json",
    method = RequestMethod.POST)

现在我收到200 OK 。

SSLHandshakeException：证书未知（Java Spring 引导和 Android）

问题描述

2 个解决方案

解决方案1
0 2020-05-23 17:55:42

解决方案2
0 已采纳 2020-05-24 19:02:17

SSLHandshakeException：证书未知（Java Spring 引导和 Android）

问题描述

2 个解决方案

解决方案1 0 2020-05-23 17:55:42

解决方案2 0 已采纳 2020-05-24 19:02:17

解决方案1
0 2020-05-23 17:55:42

解决方案2
0 已采纳 2020-05-24 19:02:17