Android 2.2でいくつかのテストを行った後、問題を解決したと思った後、どういうわけかこのエラーメッセージが再び表示されました. 私が以下で使用したものの隣に解決策がある人はいますか? または、問題が戻ってくることについての説明はありますか?
Android 2.3 では動作せず、次のエラーが表示されます。
07-26 19:48:12.580: W/System.err(1201): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
エラーメッセージ 2.2:
07-23 00:12:18.726: W/System.err(22569): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
07-23 00:12:18.730: W/System.err(22569): at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
07-23 00:12:18.730: W/System.err(22569): at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
07-23 00:12:18.730: W/System.err(22569): at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
編集:次のように次の問題を修正したと思いました:
Windows Web ブラウザからサードパーティのサーバーに HTTP リクエストを送信すると、XML が返されますが、Android アクティビティで同じことを行うと、次のエラーが発生します。
W/System.err(9471): javax.net.ssl.SSLException: Not trusted server certificate
.
.
.
W/System.err(7207): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
次のリクエストを使用します。
https://www.voipinfocenter.com/API/ Request.ashx?command=_&username= _&password=______&customer=__&customerpassword=___ &geocallcli=__&tariffrate=_
このセキュリティの問題を無視するのは賢明ではないようです。これを回避する方法はありますか?
編集:私はandroid-trusting-ssl-certificates の投稿を見つけ、SSLCertDownloader-Downloadで証明書をダウンロードすることができました
C:\ssl>SSLCertDownloader.exe www.server.com 443 c:\ssl\CAcert.cer
bcprov-jdk16-145.jarをダウンロードし、c:\sslフォルダに保存しました
keytool がc:\sslフォルダーにあることを確認しました
インポートされた証明書:
keytool -importcert -v -trustcacerts -file "CAcert.cer" -alias In
ermediateCA -keystore "mykeystore.bks" -provider org.bouncycastle.jce.provider.
ouncyCastleProvider -providerpath "bcprov-jdk16-145.jar" -storetype BKS -storep
ss Password
これで必要なすべての証明書がダウンロードされたかどうかを確認するにはどうすればよいですか? openssl client_s connect -showcerts により、次のことがわかります。
Loading 'screen' into random state - done
CONNECTED(000000D4)
depth=0 /C=LU/postalCode=2130/ST=NA/L=Luxembourg/streetAddress=Boulevard Charle
Marx 23/O=Dellmont Sarl/OU=Comodo InstantSSL/CN=77.72.173.130
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=LU/postalCode=2130/ST=NA/L=Luxembourg/streetAddress=Boulevard Charle
Marx 23/O=Dellmont Sarl/OU=Comodo InstantSSL/CN=77.72.173.130
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=LU/postalCode=2130/ST=NA/L=Luxembourg/streetAddress=Boulevard Charle
Marx 23/O=Dellmont Sarl/OU=Comodo InstantSSL/CN=77.72.173.130
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=LU/postalCode=2130/ST=NA/L=Luxembourg/streetAddress=Boulevard Charles M
rx 23/O=Dellmont Sarl/OU=Comodo InstantSSL/CN=77.72.173.130
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-A
surance Secure Server CA
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIQHXnQEnG/Ft0D1oCzycDFbDANBgkqhkiG9w0BAQUFADCB
iTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLzAtBgNV
BAMTJkNPTU9ETyBIaWdoLUFzc3VyYW5jZSBTZWN1cmUgU2VydmVyIENBMB4XDTEx
MDMzMTAwMDAwMFoXDTE0MDUwMjIzNTk1OVowga4xCzAJBgNVBAYTAkxVMQ0wCwYD
VQQREwQyMTMwMQswCQYDVQQIEwJOQTETMBEGA1UEBxMKTHV4ZW1ib3VyZzEiMCAG
A1UECRMZQm91bGV2YXJkIENoYXJsZXMgTWFyeCAyMzEWMBQGA1UEChMNRGVsbG1v
bnQgU2FybDEaMBgGA1UECxMRQ29tb2RvIEluc3RhbnRTU0wxFjAUBgNVBAMTDTc3
LjcyLjE3My4xMzAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo5mTI
oNnf4NsNKq3tXxxszbBOs22UubyUzwExBQ5i220y/qcXF0iA6h+lc+41WIJkT4mI
IltTMdAs9L8BLMIu/bFQRBlL5M1y7GRnGTEr2IqgE83gOWq5Bpz6Mvmhu67HDkHv
0ZBK/IwKn4f1lW+fntGD6++RfQixGAY0Ei+XDxn09mHV++qgFPA+4WpeOwVy3+I+
bk9hf8MR3aUfWDyPwdDF0BpNJ8yyzXwUzL/8RwEIN90wBRQ5O8KjociAXC/uqnXk
f8/woZkhfwqtQ0yWbHDWJlBSIg+xs3HtB6UhagFRWuLLZiJz9AurGRfb0pfOmwjI
XWkU6jVhLRDndzzpAgMBAAGjggGuMIIBqjAfBgNVHSMEGDAWgBQ/1bXQ1kR5UEoX
o5uMSty4sCJkazAdBgNVHQ4EFgQUmIxbnFxciu12ZJ84pSL/aVMLVAcwDgYDVR0P
AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMEMCswKQYIKwYBBQUHAgEW
HWh0dHBzOi8vc2VjdXJlLmNvbW9kby5jb20vQ1BTME8GA1UdHwRIMEYwRKBCoECG
Pmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET0hpZ2gtQXNzdXJhbmNlU2Vj
dXJlU2VydmVyQ0EuY3JsMIGABggrBgEFBQcBAQR0MHIwSgYIKwYBBQUHMAKGPmh0
dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET0hpZ2gtQXNzdXJhbmNlU2VjdXJl
U2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5j
b20wDwYDVR0RBAgwBocETUitgjANBgkqhkiG9w0BAQUFAAOCAQEAH1jjfuwJxIac
s1uBibTiJyQKRVuyrb3MLo5A0D9mwQ+hew4GktAkJBc73AJ4gQgufADt06eJjzqc
SzpxkATx38W6WuRcis5odJRvkVrNv0yiJfAsQf6mB0laMXCrvt9+drGy8O/Xd4TC
4OU6A+s551SYKAhkAdlZuCCn4A0FgxL3nX/K/cXcvhHt+v2hDy/TraFlC3CQ73tp
SOxVNO9g8DZBu38c0W6SejQti40/xR2245t/U39GznSy9sgeMdQVU1JHpkwR2R9J
lXsRiev1PtTX1MZGLbyLhH1gSMn+n7gdBb7hZpaIZWicmp1NaRtC1oVQL49l7NdU
WcXYaeeuQA==
-----END CERTIFICATE-----
---
Server certificate
subject=/C=LU/postalCode=2130/ST=NA/L=Luxembourg/streetAddress=Boulevard Charle
Marx 23/O=Dellmont Sarl/OU=Comodo InstantSSL/CN=77.72.173.130
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High
Assurance Secure Server CA
---
No client certificate CA names sent
---
SSL handshake has read 1551 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: F724000041ACE5FC6871CF549CAE1BC0F076578433238D6FF8B1DF3F374627D
Session-ID-ctx:
Master-Key: ADB009A0D064383C492EA9FBBDCFA81C5D945C88F168ECC225BCDF2798B063C
814CDA4E1E29AFB91C75290C7C41CB66
Key-Arg : None
Start Time: 1374894544
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
アプリの res/raw フォルダーに mykeystore.bks を保存し、次のクラスを作成しました。
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = context.getResources().openRawResource(R.raw.mykeystore);
try {
// Initialize the keystore with the provided trusted certificates
// Also provide the password of the keystore
trusted.load(in, "Password".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
アクティビティでは:
// Instantiate the custom HttpClient
DefaultHttpClient client = new MyHttpClient(getApplicationContext());
HttpGet get = new HttpGet("https://www.mydomain.ch/rest/contacts/23");
// Execute the GET call and obtain the response
HttpResponse getResponse = client.execute(get);
HttpEntity responseEntity = getResponse.getEntity();
