私は自分のアプリで以下のコードを持っていました -
public class MySSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
public static HttpClient getNewHttpClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}
}
しかし、Google Playストアはこれで私のアプリを拒否しました。理由の特定 -
あなたのアプリは、Apache HTTP クライアントで X509TrustManager インターフェースの安全でない実装を使用しているため、セキュリティ上の脆弱性が生じています。脆弱性の修正期限など、詳細については、この Google ヘルプ センターの記事を参照してください。
だから、これを取り除くために。私はウェブサイトから証明書をダウンロードしようとし、以下のコードでそれを使用しようとしましたinstead of the above one-
public class MyHttpClient extends DefaultHttpClient {
private static Context context;
public static void setContext(Context context) {
MyHttpClient.context = context;
}
public MyHttpClient(HttpParams params) {
super(params);
}
public MyHttpClient(Context ctx) {
context = ctx;
}
public MyHttpClient(ClientConnectionManager httpConnectionManager, HttpParams params) {
super(httpConnectionManager, params);
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
try {
registry.register(new Scheme("https", getSSLSocketFactory(), 443));
} catch (CertificateException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
}
return new SingleClientConnManager(getParams(), registry);
}
public static org.apache.http.conn.ssl.SSLSocketFactory getSSLSocketFactory()
throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = context.getResources().openRawResource(R.raw.dummy_certificate); // this cert file stored in \app\src\main\res\raw folder path
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
getWrappedTrustManagers(tmf.getTrustManagers());
org.apache.http.conn.ssl.SSLSocketFactory sf=new SSLSocketFactory(keyStore);
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
}
public static TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0) {
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0) {
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
}
そしてそれを次のように呼びました-
DefaultHttpClient client = new MyHttpClient(App.getContext());
しかし、今例外を取得しています -
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104) [gralloc_lock]: new usage 0x933 at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93) at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:388) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) at com.example.http.HTTPPost.executeRequest(HTTPPost.java:336) at com.example.http.HTTPPost.callHttpRequest(HTTPPost.java:301) 11-17 18:19:57.788 7548-7548/com.savelife I/brcm-gr: [gralloc_lock]: new usage 0x933 at com.example.http.HTTPPost.doInBackground(HTTPPost.java:286) at com.example.http.HTTPPost.doInBackground(HTTPPost.java:67) at android.os.AsyncTask$2.call(AsyncTask.java:288) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) at java.lang.Thread.run(Thread.java:818)
アプリ Gradle ファイル
apply plugin: 'com.android.application'
android {
compileSdkVersion 22
buildToolsVersion '22.0.0'
defaultConfig {
applicationId "com.example"
minSdkVersion 11
targetSdkVersion 22
}
buildTypes {
release {
minifyEnabled false
// proguardFiles getDefaultProguardFile('proguard-android.txt')
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.txt'
}
}
}
dependencies {
compile files('libs/gson-1.7.1.jar')
compile files('libs/universal-image-loader-1.9.1.jar')
compile files('libs/libGoogleAnalyticsServices.jar')
compile 'com.android.support:appcompat-v7:22.2.0'
compile 'com.android.support:recyclerview-v7:22.0.+'
compile files('libs/volley.jar')
compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.2'
}
原因は私のgradleファイルまたは下位バージョンの依存関係である可能性があります。
ここで私が間違っていることを誰か教えてください。何か不足していますか?
同様の投稿された質問がたくさん見つかりましたが、残念ながらまだ回答がありません。