Deaktivieren SSL-Zertifikat-Prüfung in Retrofit-Bibliothek

Ich benutze Retrofit in Android, um mit dem Server zu verbinden.Deaktivieren SSL-Zertifikat-Prüfung in Retrofit-Bibliothek

public class ApiClient { 
    public static final String BASE_URL = "https://example.com/"; 
    private static Retrofit retrofit = null; 

    public static Retrofit getClient() { 
     if (retrofit==null) { 
      retrofit = new Retrofit.Builder() 
        .baseUrl(BASE_URL) 
        .addConverterFactory(GsonConverterFactory.create()) 
        .build(); 
     } 
     return retrofit; 
    } 
}

Das ist mein Entwickler. Server und ich möchte die Zertifikatsüberprüfung deaktivieren. Wie kann ich diesen Code implementieren?

ERROR: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Quelle

2016-06-07 Ronak Patel

Wenn Sie kein ssl-Zertifikat auf Ihrem dev-Server haben, warum verbinden Sie es mit https? – njzk2

@ njzk2: Es ist ein selbstsigniertes Zertifikat. Und URL aoti-Redirects zu 'https'. –

Warum fügen Sie es nicht Ihren vertrauenswürdigen Zertifikaten hinzu? Zumindest bis du die Entwicklungsarbeit machst. –

ich entmutigen stark dieses

Kurze Antwort tun - Unterklasse HostNameVerifier, over-ride() überprüfen, um immer true zurück.

Dies hat bessere Möglichkeiten

Lange Antwort - überprüfen Sie meine (ziemlich Altwerden) Blog hier: Making Android and SSL Work Together

Vielleicht die beste Option für Ihr Szenario

Drop the https http Für Ihren Testserver muss sich die Logik nicht ändern.

HTH

Quelle

2016-06-07 18:38:49

Implementierung solchen Problemumgehung in Code ist auch für Testzwecke eine schlechte Praxis.

Sie können:

Ihre CA. generieren
Signieren Sie Ihr Zertifikat mit CA.
Fügen Sie Ihre CA als vertrauenswürdig hinzu.

Einige Links, die nützlich sein können:

Quelle

2016-06-07 19:03:42 mwo

IMO, können Sie Google's documentation - Security with HTTPS and SSL lesen.

Über Beispielcode für die Verwendung von Retrofit mit Ihrem selbstsignierten Zertifikat, bitte versuchen Sie Folgendes, hoffe es hilft!

... 
@Override 
protected void onCreate(Bundle savedInstanceState) { 
    super.onCreate(savedInstanceState); 
    setContentView(R.layout.activity_main); 

    try{ 
     OkHttpClient client = new OkHttpClient.Builder() 
       .sslSocketFactory(getSSLSocketFactory()) 
       .hostnameVerifier(getHostnameVerifier()) 
       .build(); 

     Retrofit retrofit = new Retrofit.Builder() 
       .baseUrl(API_URL_BASE) 
       .addConverterFactory(GsonConverterFactory.create()) 
       .client(client) 
       .build(); 

     WebAPIService service = retrofit.create(WebAPIService.class); 

     Call<JsonObject> jsonObjectCall = service.getData(...); 
     ... 
    } catch (Exception e) { 
     e.printStackTrace(); 
    } 
} 

// for SSL...  
// Read more at https://developer.android.com/training/articles/security-ssl.html#CommonHostnameProbs 
private HostnameVerifier getHostnameVerifier() { 
    return new HostnameVerifier() { 
     @Override 
     public boolean verify(String hostname, SSLSession session) { 
      return true; // verify always returns true, which could cause insecure network traffic due to trusting TLS/SSL server certificates for wrong hostnames 
      //HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier(); 
      //return hv.verify("localhost", session); 
     } 
    }; 
}   

private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) { 
    final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0]; 
    return new TrustManager[]{ 
      new X509TrustManager() { 
       public X509Certificate[] getAcceptedIssuers() { 
        return originalTrustManager.getAcceptedIssuers(); 
       } 

       public void checkClientTrusted(X509Certificate[] certs, String authType) { 
        try { 
         if (certs != null && certs.length > 0){ 
          certs[0].checkValidity(); 
         } else { 
          originalTrustManager.checkClientTrusted(certs, authType); 
         } 
        } catch (CertificateException e) { 
         Log.w("checkClientTrusted", e.toString()); 
        } 
       } 

       public void checkServerTrusted(X509Certificate[] certs, String authType) { 
        try { 
         if (certs != null && certs.length > 0){ 
          certs[0].checkValidity(); 
         } else { 
          originalTrustManager.checkServerTrusted(certs, authType); 
         } 
        } catch (CertificateException e) { 
         Log.w("checkServerTrusted", e.toString()); 
        } 
       } 
      } 
    }; 
} 

private SSLSocketFactory getSSLSocketFactory() 
     throws CertificateException, KeyStoreException, IOException, 
     NoSuchAlgorithmException, KeyManagementException { 
    CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
    InputStream caInput = getResources().openRawResource(R.raw.your_cert); // File path: app\src\main\res\raw\your_cert.cer 
    Certificate ca = cf.generateCertificate(caInput); 
    caInput.close(); 
    KeyStore keyStore = KeyStore.getInstance("BKS"); 
    keyStore.load(null, null); 
    keyStore.setCertificateEntry("ca", ca); 
    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); 
    tmf.init(keyStore); 
    TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers()); 
    SSLContext sslContext = SSLContext.getInstance("TLS"); 
    sslContext.init(null, wrappedTrustManagers, null); 
    return sslContext.getSocketFactory(); 
} 
...

Quelle

2016-06-08 07:06:04 BNK

Verwenden Sie diese Klasse, um eine unsichere Retrofit-Instanz zu erhalten. Ich habe Importe aufgenommen, um Verwirrung zu vermeiden.

import java.security.cert.CertificateException; 

import javax.net.ssl.HostnameVerifier; 
import javax.net.ssl.SSLContext; 
import javax.net.ssl.SSLSession; 
import javax.net.ssl.SSLSocketFactory; 
import javax.net.ssl.TrustManager; 
import javax.net.ssl.X509TrustManager; 

import okhttp3.OkHttpClient; 
import retrofit2.Retrofit; 
import retrofit2.converter.gson.GsonConverterFactory; 
import view.utils.AppConstants; 

/** 
* Created by Hitesh.Sahu on 11/23/2016. 
*/ 

public class NetworkHandler { 

    public static Retrofit getRetrofit() { 

     return new Retrofit.Builder() 
       .baseUrl(AppConstants.BASE_URL) 
       .addConverterFactory(GsonConverterFactory.create()) 
       .client(getUnsafeOkHttpClient()) 
       .build(); 
    } 


    private static OkHttpClient getUnsafeOkHttpClient() { 
     try { 
      // Create a trust manager that does not validate certificate chains 
      final TrustManager[] trustAllCerts = new TrustManager[] { 
        new X509TrustManager() { 
         @Override 
         public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { 
         } 

         @Override 
         public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { 
         } 

         @Override 
         public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
          return new java.security.cert.X509Certificate[]{}; 
         } 
        } 
      }; 

      // Install the all-trusting trust manager 
      final SSLContext sslContext = SSLContext.getInstance("SSL"); 
      sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); 
      // Create an ssl socket factory with our all-trusting manager 
      final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); 

      OkHttpClient.Builder builder = new OkHttpClient.Builder(); 
      builder.sslSocketFactory(sslSocketFactory); 
      builder.hostnameVerifier(new HostnameVerifier() { 
       @Override 
       public boolean verify(String hostname, SSLSession session) { 
        return true; 
       } 
      }); 

      OkHttpClient okHttpClient = builder.build(); 
      return okHttpClient; 
     } catch (Exception e) { 
      throw new RuntimeException(e); 
     } 
    } 
}

Und dann einfach ssl-Check wie diese

private void postFeedbackOnServer() { 

     MyApiEndpointInterface apiService = 
       NetworkHandler.getRetrofit().create(MyApiEndpointInterface.class); 

     Call<ResponseBE> call = apiService.submitFeedbackToServer(requestObject); 

     Log.e(TAG , "Request is" + new Gson().toJson(requestObject).toString()); 

     call.enqueue(new Callback<ResponseBE>() { 
      @Override 
      public void onResponse(Call<ResponseBE> call, Response<ResponseBE> response) { 
       int statusCode = response.code(); 

       if (statusCode == HttpURLConnection.HTTP_OK) { 

       ...... 

       } else { 
        Toast.makeText(FeedbackActivity.this, "Failed to submit Data" + statusCode, Toast.LENGTH_SHORT).show(); 
       } 
      } 

      @Override 
      public void onFailure(Call<ResponseBE> call, Throwable t) { 

       // Log error here since request failed 
       Toast.makeText(FeedbackActivity.this, "Failure" + t.getLocalizedMessage(), Toast.LENGTH_SHORT).show(); 

      } 
     }); 
    }

Quelle

2017-02-10 09:24:24

private boolean bypassSSLVerification = true; 
private boolean privateCA = false; 



if(bypassSSLVerification) 
      { 
       IO.setDefaultSSLContext(SSLContextManager.getTrustAllSSLContext()); 
       IO.setDefaultHostnameVerifier(new HostnameVerifier() 
       { 
        @Override 
        public boolean verify(String s, SSLSession sslSession) 
        { 
         return true; 
        } 
       }); 
      } 
      else if(privateCA) 
      { 
       IO.setDefaultSSLContext(SSLContextManager.getSSLContext(context)); 
      }

SSLContextManager verwenden Nachrüstung ohne.java

public class SSLContextManager 
{ 
    public static SSLContext getSSLContext(Context context) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, KeyManagementException, NoSuchProviderException 
    { 
     // Load CAs from an InputStream 
     CertificateFactory cf = CertificateFactory.getInstance("X.509", "BC"); 
     InputStream cert = context.getResources().openRawResource(R.raw.my_cert); // Place your 'my_cert.crt' file in `res/raw` 
     Certificate ca; 
     try 
     { 
      ca = cf.generateCertificate(cert); 
     } 
     finally 
     { 
      cert.close(); 
     } 

     // Create a KeyStore containing our trusted CAs 
     String keyStoreType = KeyStore.getDefaultType(); 
     KeyStore keyStore = KeyStore.getInstance(keyStoreType); 
     keyStore.load(null, null); 
     keyStore.setCertificateEntry("ca", ca); 

     // Create a TrustManager that trusts the CAs in our KeyStore 
     String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); 
     TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); 
     tmf.init(keyStore); 

     // Create an SSLContext that uses our TrustManager 
     SSLContext sslContext = SSLContext.getInstance("TLS"); 
     sslContext.init(null, tmf.getTrustManagers(), null); 

     return sslContext; 
    } 

    public static SSLContext getTrustAllSSLContext() throws NoSuchAlgorithmException, KeyManagementException 
    { 
     // Create a trust manager that does not validate certificate chains 
     final TrustManager[] trustAllCerts = new TrustManager[] { 
       new X509TrustManager() { 
        @Override 
        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) { 
        } 

        @Override 
        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType){ 
        } 

        @Override 
        public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
         return new java.security.cert.X509Certificate[]{}; 
        } 
       } 
     }; 

     // Install the all-trusting trust manager 
     SSLContext sslContext = SSLContext.getInstance("TLS"); 
     sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); 

     return sslContext; 
    } 
}

Quelle

2017-10-27 07:36:55

Deaktivieren SSL-Zertifikat-Prüfung in Retrofit-Bibliothek

Antwort

Verwandte Themen