1. ev
  2. Soru-cevap
  3. System.err ﹕ javax.net.ssl.SSLPeerUnverifiedException: Akran sertifikası yok

System.err ﹕ javax.net.ssl.SSLPeerUnverifiedException: Akran sertifikası yok

2016-03-22 14 views
0

1) Android cep telefonundan HTTPS istekleri yapmaya çalışıyorum.
Yani yarattık filename.bks komutuSystem.err ﹕ javax.net.ssl.SSLPeerUnverifiedException: Akran sertifikası yok

Ben etmek "cert.pem" godaddy alınan ssl sertifikası "yük der.crt" yeniden adlandırmış

altına kullanarak dosya. Sonra Sonra bu kullandık aşağıda komutu

keytool -import -alias tomcat -file C:/Users/Masthan/Desktop/BKS/cert.pem -keypass password -keystore C:/Users/Masthan/Desktop/BKS/keystore.bks -storetype BKS -storepass 222222 -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath C:/Users/Masthan/Desktop/BKS/bcprov-ext-jdk15on-1.46.jar

2) bu dosyayı kullanılan 

public class MyHttpClient extends DefaultHttpClient { 
final Context context; 

public MyHttpClient(Context context) { 
    this.context = context; 
} 

@Override 
protected ClientConnectionManager createClientConnectionManager() { 
    SchemeRegistry registry = new SchemeRegistry(); 

    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 

    // Register for port 443 our SSLSocketFactory with our keystore to the ConnectionManager 
    registry.register(new Scheme("https", newSslSocketFactory(), 443)); 
    return new SingleClientConnManager(getParams(), registry); 
} 

private SSLSocketFactory newSslSocketFactory() { 
    try { 
     // Get an instance of the Bouncy Castle KeyStore format 
     KeyStore trusted = KeyStore.getInstance("BKS"); 

     // Get the raw resource, which contains the keystore with your trusted certificates (root and any intermediate certs) 
     InputStream in = context.getResources().openRawResource(R.raw.keystore); 
     try { 
      // Initialize the keystore with the provided trusted certificates. 
      // Also provide the password of the keystore 
      trusted.load(in, "222222".toCharArray()); 
     } finally { 
      in.close(); 
     } 

     // Pass the keystore to the SSLSocketFactory. The factory is responsible for the verification of the server certificate. 
     SSLSocketFactory sf = new SSLSocketFactory(trusted); 

     // Hostname verification from certificate 
     // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 
     sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 
     return sf; 
    } catch (Exception e) { 
     throw new AssertionError(e); 
    } 
}}

Sonra aşağıdaki gibi sunucuya istemek için MyHttpsClient sınıfının üstünde kullanılan kod aşağıda dosyasını BKS 

HttpClient httpClient = new MyHttpClient(getApplicationContext()); 
 
HttpPost httpPost = new HttpPost("https://xxxxx.co.in/"); 
 
HttpResponse httpResponse = httpClient.execute(httpPost);

3) iken exec deyim "HttpResponse httpResponse = httpClient.execute (httpPost);" Bu size hedefe ulaşmak için yardımcı olacaktır

03-22 15:13:56.178 30079-30173/com.revu.revu W/System.err﹕ javax.net.ssl.SSLPeerUnverifiedException: No peer certificate 
 
    03-22 15:13:56.230 30079-30173/com.revu.revu W/System.err﹕ at com.android.org.conscrypt.SSLNullSession.getPeerCertificates(SSLNullSession.java:104) 
 
    03-22 15:13:56.263 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:98) 
 
    03-22 15:13:56.312 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:393) 
 
    03-22 15:13:56.353 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:170) 
 
    03-22 15:13:56.388 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:169) 
 
    03-22 15:13:56.426 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:124) 
 
    03-22 15:13:56.469 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:379) 
 
    03-22 15:13:56.508 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:580) 
 
    03-22 15:13:56.545 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:503) 
 
    03-22 15:13:56.583 30079-30173/com.revu.revu W/System.err﹕ at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:481)

kaynak

2016-03-22 Masthan Vali Syed

+0

BKS'yi oluşturduğunuz sunucu tarafından kullanılan aynı sertifika mı? –

+0

Godaddy'den aldığım "load-der.crt" ssl sertifikasını "cert.pem" olarak değiştirdim. Sonra bu dosyayı BKS dosyası oluştururken kullandım. –

+0

Sorunu çözecek proje umudum için aşağıdaki kodu kullandım. –

cevap

0 
// Load CAs from an InputStream 
        // (could be from a resource or ByteArrayInputStream or ...) 
        CertificateFactory cf = CertificateFactory.getInstance("X.509"); 
        // From https://www.washington.edu/itconnect/security/ca/load-der.crt 
        AssetManager am = getAssets(); 
        InputStream caInput = new BufferedInputStream(am.open("your_cert.crt")); 
        Certificate ca; 
        try { 
         ca = cf.generateCertificate(caInput); 
         System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); 
        } finally { 
         caInput.close(); 
        } 
       // Create a KeyStore containing our trusted CAs 
       String keyStoreType = KeyStore.getDefaultType(); 
       KeyStore keyStore = KeyStore.getInstance(keyStoreType); 
       keyStore.load(null, null); 
       keyStore.setCertificateEntry("ca", ca); 

       TrustManager[] trustManagers = tmf.getTrustManagers(); 
final X509TrustManager origTrustmanager = (X509TrustManager)trustManagers[0]; 

TrustManager[] wrappedTrustManagers = new TrustManager[]{ 
    new X509TrustManager() { 
     public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
      return origTrustmanager.getAcceptedIssuers(); 
     } 

     public void checkClientTrusted(X509Certificate[] certs, String authType) { 
      origTrustmanager.checkClientTrusted(certs, authType); 
     } 

     public void checkServerTrusted(X509Certificate[] certs, String authType) { 
      try { 
       origTrustmanager.checkServerTrusted(certs, authType); 
      } catch (CertificateExpiredException e) {} 
     } 
    } 
}; 

SSLContext sc = SSLContext.getInstance("TLS"); 
sc.init(null, wrappedTrustManagers, null); 
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); 




       // Tell the URLConnection to use a SocketFactory from our SSLContext 
       AppLog.LogE(getClass().getName(), "Licensing Url is " + request.toString()); 
       URL url = new URL(request.toString()); 
       HttpsURLConnection urlConnection = 
         (HttpsURLConnection)url.openConnection(); 
       urlConnection.setSSLSocketFactory(context.getSocketFactory()); 
       InputStream in = urlConnection.getInputStream(); 
       String line = ""; 
       BufferedReader rd = new BufferedReader(new InputStreamReader(in)); 
       while ((line = rd.readLine()) != null) { 
        strResponse += line; 
       }

Hope:

bu hata var.

kaynak

2016-03-22 10:12:00

+0

"your_cert.crt" eklentisini eklemek ve BufferedInputStream'de kullanmak istiyorum. Mümkün mü. Sunucuda "your_cert.crt" dosyasını saklıyorum. –

+0

bu dosyayı varlığınıza kopyalayın ve kodumu kullanıyorum –

+0

size yardımcı oldu mu? –

İlgili konular

 İlgili konular