如何通过 Android 访问 SSL 连接?
我开始遵循一个与 Android 无关的教程,并得到了这个:
System.setProperty("javax.net.ssl.trustStore", "truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
try {
Socket s = ssf.createSocket("192.168.2.11", 6543);
PrintWriter out = new PrintWriter(s.getOutputStream());
while (true){
out.println("SSL TEST");
Log.d("DATA", "DATA SENT");
}
} catch (UnknownHostException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
我想这可以归结为几个问题:
我没有创建自己的信任存储,但是在网上搜索教程和东西,我没有确定如何创建一个。有没有办法创建或修改信任存储以在其中包含我需要的证书? (如果这有什么区别的话,我正在使用自签名证书)
如何使 SSL 握手顺利运行?现在,我收到的错误是:
javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:找不到证书路径的信任锚。
老实说,我不太明白这意味着什么。
我需要在 Android 设备上修改哪些设置或文件才能确保可以进行此连接?
I started following a tutorial that wasn't cased around Android and got this:
System.setProperty("javax.net.ssl.trustStore", "truststore");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
try {
Socket s = ssf.createSocket("192.168.2.11", 6543);
PrintWriter out = new PrintWriter(s.getOutputStream());
while (true){
out.println("SSL TEST");
Log.d("DATA", "DATA SENT");
}
} catch (UnknownHostException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
I guess this boils down to a few questions:
I do not have my own trust store created, but searching through tutorials and things online, I am not sure how to create one. Is there a way I can create or modify a trust store to have the certificates I need in it? (I am using a self-signed certificate if that makes any difference)
How do I make things with the SSL handshake run smoothly? Right now, the error I am getting is:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
Honestly, I don't really understand what that means.
What settings or files do I need to modify on my Android device to make sure this connection can happen?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
1)这要看情况。您在服务器端是否有自签名证书,并且您正在尝试向 Android 设备验证您的身份?或者您是否在 Android 端尝试向服务器验证您的身份?如果是前者,请参阅此链接: http://www.codeproject.com/ KB/android/SSLVerification_Android.aspx?display=Mobile
您要特别注意它生成 KeyStore 文件的位置。
2)您收到该错误的原因是因为它不信任您正在连接的服务器,因为您没有正确创建信任库,或者您正在连接到其证书尚未添加到信任库的服务器。您到底想连接到什么?
3) 确保您在manifest.xml 中有
编辑
抱歉,请参阅我对第一段所做的更改。
这是初始化密钥库和信任库的部分
1) It depends. Do you have a self signed cert on the server side and you are trying to validate your identity to the android device? Or are you on the android side trying to validate your idendity to the server? If it is the former , then please see this link: http://www.codeproject.com/KB/android/SSLVerification_Android.aspx?display=Mobile
You want to pay particular attention to where it makes the KeyStore file.
2) The reason you're getting that error is because it doesn't trust the server you are connecting either because you did not create the truststore correctly or you are connecting to a server whose certificate has not been added to the truststore. What exactly are you trying to connect to?
3) Make sure you have the
<uses-permission android:name="android.permission.INTERNET" />in the manifest.xml.Edit
My apologies, please see the changes I made to the first paragraph.
Here is the part to initialize your keystore and truststore
除非对等方使用自签名证书,否则您不需要自己的信任库。 JRE 附带了默认使用的信任库,该信任库信任所有主要 CA 颁发的证书。
You don't need your own truststore unless the peer is using self-signed certifictes. The JRE ships with a truststore that is used by default, which trusts certificates issued by all the major CAs.