如何在Android应用程序中绕过SSL证书验证?

e4eetjau  于 2022-11-14  发布在  Android
关注(0)|答案(3)|浏览(640)

我的Android应用程序应该能够与任何启用SSL的服务器通信。由于我的应用程序是演示应用程序,我的客户在登录时会在应用程序中添加自己的SSL服务器详细信息,因此我不知道我需要验证哪个SSL证书。
下面是我前面的代码。

public SSLSocketFactory getSSLSocketFactory(String hostname) {
        try {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new X509TrustManager[] { new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }

                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            } }, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
        } catch (Exception e) {
            e.printStackTrace();
        }
        return  HttpsURLConnection.getDefaultSSLSocketFactory();
    }

当我将我的更新到playstore时,它被拒绝了,原因如下

  • 若要正确处理SSL证书验证,请更改自定义X509 TrustManager接口的checkServerTrusted方法中的代码,以便在服务器提供的证书不符合您的期望时引发CertificateException或IllegalArgumentException。有关技术问题,您可以发布到Stack Overflow并使用标记“android-security”和“TrustManager "。*

我想更新我的代码类似于

public static HttpClient wrapClient(HttpClient base) {
try {
    SSLContext ctx = SSLContext.getInstance("TLS");
    X509TrustManager tm = new X509TrustManager() {
        public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { }

        public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };
    ctx.init(null, new TrustManager[]{tm}, null);
    SSLSocketFactory ssf = new SSLSocketFactory(ctx);
    ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
    ClientConnectionManager ccm = base.getConnectionManager();
    SchemeRegistry sr = ccm.getSchemeRegistry();
    sr.register(new Scheme("https", ssf, 443));
    return new DefaultHttpClient(ccm, base.getParams());
} catch (Exception ex) {
    return null;
}

}
playstore接受这个吗?有没有更好的方法来处理这个?
提前致谢。

ssl

3条答案

按热度按时间
abithluo

abithluo1#

引用以下解决方案:https://gist.github.com/aembleton/889392
下列程式码会停用任何新的HttppsUrlConnection执行严修的SSL凭证检查:

/**
 * Disables the SSL certificate checking for new instances of {@link HttpsURLConnection} This has been created to
 * aid testing on a local box, not for use on production.
 */
public static void disableSSLCertificateChecking() {
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            // Not implemented
        }

        @Override
        public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
            // Not implemented
        }
    } };

    try {
        SSLContext sc = SSLContext.getInstance("TLS");

        sc.init(null, trustAllCerts, new java.security.SecureRandom());

        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } });
    } catch (KeyManagementException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
}
赞(0)分享  回复(0)举报  2022-11-14
rryofs0p

rryofs0p2#

如果有人希望在NativeScript Android应用中禁用SSL证书检查,以下是如何将Elad's answer's代码转换为JavaScript:

const disableSSLCertificateCheckin = function () {
    const trustAllCerts = [new javax.net.ssl.X509TrustManager({
      getAcceptedIssuers: function () {
        return null
      },

      checkClientTrusted: function (arg0, arg1) {
        // Not implemented
      },

      checkServerTrusted: function (arg0, arg1) {
        // Not implemented
      },
    })]

    try {
      const sc = javax.net.ssl.SSLContext.getInstance('TLS')
      sc.init(null, trustAllCerts, new java.security.SecureRandom())

      javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory())
      javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
        new javax.net.ssl.HostnameVerifier({
          verify: function (hostname, session) {
            return true
          }
        })
      )
    } catch (e) {
      console.log('e :>> ', e);
    }
  }

  disableSSLCertificateCheckin()

感谢Elad!

赞(0)分享  回复(0)举报  2022-11-14
ffvjumwh

ffvjumwh3#

这是一个旧的帖子,但我希望它可以帮助其他人。问题是固定的netcipher版本2. 1. 0(SSLHandshakeException与v1. 2. 1)
文件app/build.gradle

...
dependencies {
    implementation 'info.guardianproject.netcipher:netcipher:2.1.0'
...
}
赞(0)分享  回复(0)举报  2022-11-14
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com