[英]Android Client certificate 403
我正在嘗試使用帶有客戶端證書的 ssl 在 android 設備和 Web 服務之間建立連接(服務器檢查需要客戶端證書),服務器上的證書由 CA(go-daddy)簽名我也有一個客戶端證書(* .pfx),我放棄了本教程以附加客戶端證書文件,我正在使用 ksoap2 調用 Web 服務,我不斷收到錯誤 403,但是從設備(或 PC)Web 瀏覽器它工作正常(安裝證書后)。 .. 我對客戶端證書不太了解,但在我看來,連接沒有以正確的方式使用我的證書。
當我使用自簽名證書進行測試時,一切正常。
任何想法我做錯了什么? 我的 ksoap2 kod:
public void GetUser(String user_name, String password, boolean isSchedule,
boolean writeTostatistic) throws Exception {
Log.d(GlobalUtil.TAG_LOG, "Calling GetUser() web service");
String METHOD_NAME = "GetUser";
globalUtil.user = new User();
User us = new User();
HttpsTransportSE httpTransport = new KeepAliveHttpsTransportSE(host,
port, file, timeout);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(
SoapEnvelope.VER12);
SoapObject Request = new SoapObject(NAMESPACE, METHOD_NAME);
httpTransport.debug = true;
envelope.dotNet = true;
envelope.headerOut = new Element[1];
envelope.headerOut[0] = elementHeaders;
Request.addProperty("user_name", user_name);
Request.addProperty("password", password);
Request.addProperty("isSchedule", isSchedule);
Request.addProperty("writeTostatistic", writeTostatistic);
envelope.implicitTypes = true;
envelope.setOutputSoapObject(Request); // prepare request
envelope.addMapping(NAMESPACE, "User", new User().getClass());
if (useCertificate) {
try {
((HttpsServiceConnectionSE) httpTransport
.getServiceConnection())
.setSSLSocketFactory(sSLContext);
} catch (IOException e) {
e.printStackTrace();
}
} else
allowAllSSL();
List<HeaderProperty> httpHeaders = null;
try {
httpHeaders = httpTransport.call(SOAP_ACTION + METHOD_NAME,
envelope, null);
SoapObject response = (SoapObject) envelope.getResponse();
if (response == null)
return;
us.Id = Integer.parseInt(response.getProperty("Id").toString());
if (!response.getProperty("User_Name").toString()
.equals("anyType{}"))
us.User_Name = response.getProperty("User_Name").toString();
if (!response.getProperty("Password").toString()
.equals("anyType{}"))
us.Password = response.getProperty("Password").toString();
if (!response.getProperty("USER_HEBREW_FIRSTNAME").toString()
.equals("anyType{}"))
us.USER_HEBREW_FIRSTNAME = response.getProperty(
"USER_HEBREW_FIRSTNAME").toString();
if (!response.getProperty("USER_HEBREW_LASTNAME").toString()
.equals("anyType{}"))
us.USER_HEBREW_LASTNAME = response.getProperty(
"USER_HEBREW_LASTNAME").toString();
us.Merhav = Integer.parseInt(response.getProperty("Merhav")
.toString());
us.Yaam = Integer.parseInt(response.getProperty("Yaam").toString());
us.Tat_Mifal = Integer.parseInt(response.getProperty("Tat_Mifal")
.toString());
us.Ezor = Integer.parseInt(response.getProperty("Ezor").toString());
us.EzorLahatz = Integer.parseInt(response.getProperty("EzorLahatz")
.toString());
/*
* us.PasswordExpirationDate=(Date)
* response.getProperty("PasswordExpirationDate");
*/
us.PasswordExpirationDate = User
.ParsePasswordExpirationDate((response
.getProperty("PasswordExpirationDate").toString()));
us.Password = password;
globalUtil.user = us;
SetSessionCookie(httpHeaders);
Log.d(GlobalUtil.TAG_LOG, "Finish calling GetUser() web service");
} catch (IOException | XmlPullParserException e1) {
if(e1!=null)
{
Log.e(GlobalUtil.TAG_LOG, e1.getMessage());
throw e1;
}
Log.e(GlobalUtil.TAG_LOG, "Error in Login web service.");
Log.e(GlobalUtil.TAG_LOG, "requestDump: "
+ httpTransport.requestDump);
Log.e(GlobalUtil.TAG_LOG, "responseDump: "
+ httpTransport.responseDump);
}
對你來說可能為時已晚,但我處於類似的情況......
舊版本的 Android(和 1.7 之前的 Java)在 SSL 中(缺少)SNI 存在問題。 據說這已經從 2.3 開始修復,但我相信我已經設法在我的 5.0 Android 模擬器中模仿了這個錯誤。 (可能通過使用自定義套接字上下文工廠。)在瀏覽器中,我可以使用相同的密鑰庫/信任庫訪問 URL,從 Android 我得到 403。
是什么讓我相信確實缺乏服務器名稱指示是原因......
openssl s_client -tls1_2 -connect myhost.domain.com:443 -state -cert client.crt -key client.key -pass pass:******** -CAfile server.cer -servername myhost.domain.com
...最后省略 -servername 參數會導致 403,這正是我的 Android 代碼實現的。 :D
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.