でのX509TrustManagerインタフェースの危険な実装を使用している -アプリは、私は私のアプリでコードの下にこれを持っていたのApache HTTPクライアント
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
public static HttpClient getNewHttpClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
}
しかし、Googleのプレイストアは、このために私のアプリを拒否しました。 理由を指定する -
アプリは、セキュリティ 脆弱性で、その結果、ApacheのHTTPクライアントとのX509TrustManager インタフェースの危険な実装を使用しています。詳細はthis Google Help Centerを参照してください。 には、この脆弱性を修正する期限が含まれています。
だから、これを取り除くためです。私はウェブサイトから証明書をダウンロードしようとしましたし、コードの下にこれを通してそれを使ってみました、instead of the above one
-
public class MyHttpClient extends DefaultHttpClient {
private static Context context;
public static void setContext(Context context) {
MyHttpClient.context = context;
}
public MyHttpClient(HttpParams params) {
super(params);
}
public MyHttpClient(Context ctx) {
context = ctx;
}
public MyHttpClient(ClientConnectionManager httpConnectionManager, HttpParams params) {
super(httpConnectionManager, params);
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
try {
registry.register(new Scheme("https", getSSLSocketFactory(), 443));
} catch (CertificateException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
return new SingleClientConnManager(getParams(), registry);
}
public static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = context.getResources().openRawResource(R.raw.dummy_certificate); // this cert file stored in \app\src\main\res\raw folder path
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
getWrappedTrustManagers(tmf.getTrustManagers());
org.apache.http.conn.ssl.SSLSocketFactory sf=new SSLSocketFactory(keyStore);
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
}
public static TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0) {
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0) {
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
}
としてそれを呼ばれる -
DefaultHttpClient client = new MyHttpClient(App.getContext());
しかし、今の例外を取得 -
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104) [gralloc_lock]: new usage 0x933 at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93) at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:388) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) at com.example.http.HTTPPost.executeRequest(HTTPPost.java:336) at com.example.http.HTTPPost.callHttpRequest(HTTPPost.java:301) 11-17 18:19:57.788 7548-7548/com.savelife I/brcm-gr: [gralloc_lock]: new usage 0x933 at com.example.http.HTTPPost.doInBackground(HTTPPost.java:286) at com.example.http.HTTPPost.doInBackground(HTTPPost.java:67) at android.os.AsyncTask$2.call(AsyncTask.java:288) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) at java.lang.Thread.run(Thread.java:818)
Appグレードファイル
apply plugin: 'com.android.application'
android {
compileSdkVersion 22
buildToolsVersion '22.0.0'
defaultConfig {
applicationId "com.example"
minSdkVersion 11
targetSdkVersion 22
}
buildTypes {
release {
minifyEnabled false
// proguardFiles getDefaultProguardFile('proguard-android.txt')
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
}
}
}
dependencies {
compile files('libs/gson-1.7.1.jar')
compile files('libs/universal-image-loader-1.9.1.jar')
compile files('libs/libGoogleAnalyticsServices.jar')
compile 'com.android.support:appcompat-v7:22.2.0'
compile 'com.android.support:recyclerview-v7:22.0.+'
compile files('libs/volley.jar')
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.2'
}
私は確信していません、原因は私のgradleファイルまたは下のバージョンに依存している可能性があります。
誰でも教えてください。私はここで間違っていますか? 何かがありません。?
私は多くの同様の投稿された質問を見つけましたが、まだ不運にも、不運にも未回答です。
はHTTPClientはこの方法を含めるようにしてみてください-apache-http-client – nandsito