当前位置: 文江博客话题详情

Android 安全警报对话框

发布于 2024-11-02 19:43:19 字数 238 浏览 2 评论 0原文

当与损坏的服务器建立 HTTPS 连接时,您可能会遇到麻烦,因为 Android 的默认行为是首先抛出 SSLException

所以,我想知道是否有一个标准的安全提示对话框,要求用户对无效证书采取操作,就像 WebView 那样(带有“继续”、“查看证书”和“取消”选项)?

例如,黑莓会自动显示此类对话框,并在引发错误之前等待代表用户执行的操作。我可以在 Android 中做同样的事情吗?

原文

When making HTTPS connections to a broken server you can run into trouble since the default behavior of Android is to throw SSLException in the first place.

So, I'm wondering is there a standard security prompt dialog that asks user to take an action on invalid certificate like the one WebView has (with 'Continue', 'View certificate' and 'Cancel' options)?

For example BlackBerry shows such dialog automatically and waits for an action on behalf of a user before raising error. Can I do the same thing in Android?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

小傻瓜 2024-11-09 19:43:19

我想没有这样的事情 - 浏览器使用自定义对话框并且不会将其公开给第三方应用程序。至少我找不到任何关于所需行为的提及。顺便说一句,iOS 的行为与 Android 完全相同。

I suppose there's no such thing - browsers use custom dialogs and do not expose it to third-party apps. At least I couldn't find any mentions of the desired behavior. BTW, iOS behaves exactly like Android.

回复 原文
笑,眼淚并存 2024-11-09 19:43:19

没有这样的标准对话框,事实上 HttpClient 的默认行为是只接受属于 android 受信任证书存储的证书。

您可以通过构建自己的信任管理器,然后将其与 HttpClient 实例关联来实现此目的。这看起来像这样:

public class PromptUserTrustManager implements X509TrustManager
{
    private AcceptUserSelectedCertsTrustManager(ValidateCertificateCallback callback) throws NoSuchAlgorithmException, KeyStoreException
    {
        KeyStore keyStore = null;
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(keyStore);
        TrustManager [] trustmanagers = factory.getTrustManagers();
        m_standardTrustManager = (X509TrustManager) trustmanagers[0];
    }

    @Override
    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
    {
    }

    // This is where you check the server cert and make the determination
    @Override
    public void checkServerTrusted(X509Certificate[] certChain, String authType)throws CertificateException
    {
        try
        {
            m_standardTrustManager.checkServerTrusted(certChain,authType);
        }
        catch(CertificateException e)
        {
            // Cert isn't trusted - popup the error here. You'll need to 
            // make sure you switch to the UI thread since here you're on a network thread
            if(!userAcceptsCert(certChain))
            {
                throw e;
            }
        }
    }
}

所以本质上你所做的就是在 checkServerTrusted 回调中询问平台是否信任该证书。如果不存在,则对信任管理器的调用将引发异常。然后您可以提示用户他们想要做什么。

可以在 WebView 中使用 onReceivedSslError() 完成相同的操作,此时您可以显示等效的警告,允许用户根据需要继续操作。

There is no standard dialog as such, and in fact the default behaviour of HttpClient will be to only accept certificates that are part of the android trusted certificate store.

You can do this by building your own trust manager that you then associate with your HttpClient instance. This would look something like this:

public class PromptUserTrustManager implements X509TrustManager
{
    private AcceptUserSelectedCertsTrustManager(ValidateCertificateCallback callback) throws NoSuchAlgorithmException, KeyStoreException
    {
        KeyStore keyStore = null;
        TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(keyStore);
        TrustManager [] trustmanagers = factory.getTrustManagers();
        m_standardTrustManager = (X509TrustManager) trustmanagers[0];
    }

    @Override
    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
    {
    }

    // This is where you check the server cert and make the determination
    @Override
    public void checkServerTrusted(X509Certificate[] certChain, String authType)throws CertificateException
    {
        try
        {
            m_standardTrustManager.checkServerTrusted(certChain,authType);
        }
        catch(CertificateException e)
        {
            // Cert isn't trusted - popup the error here. You'll need to 
            // make sure you switch to the UI thread since here you're on a network thread
            if(!userAcceptsCert(certChain))
            {
                throw e;
            }
        }
    }
}

So essentially what you do is in the checkServerTrusted callback you ask the platform whether it trusts the cert. If it doesn't then the call to the trust manager throws the exception. You can then prompt the user what they want to do.

The same thing can be done in WebView using onReceivedSslError() at which point you can display an equivalent warning allowing the user to proceed if they wish.

回复 原文
~没有更多了~

关于作者

说不完的你爱

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

lorenzathorton8

文章 0 评论 0

Zero

文章 0 评论 0

萧瑟寒风

文章 0 评论 0

mylayout

文章 0 评论 0

tkewei

文章 0 评论 0

17818769742

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文