iT邦幫忙

0

android 如何處理雙向驗證

android studio authentication
star0720 2020-07-22 08:52:202336 瀏覽

  • 分享至 

  • twitterImage

目前有個需求是要實作雙向驗證,但是了好多方法都不行,請求android高手出手相救~

我目前有.p12檔案,而下面的.bks檔案是我用.p12檔轉成.cer,再用KeyStore Explorer轉成bks,請問這樣會有問題嗎?!

下面是我目前驗證的代碼

HttpsURLConnection httpsConn;
//setting
URL targetUrl = new URL("url");
httpsConn = (HttpsURLConnection) targetUrl.openConnection();

HostnameVerifier allHostVerifier = new HostnameVerifier() {
    @Override
    public boolean verify(String hostname, SSLSession session) {
        SLog.i("GC", "HostnameVerifier.verify:" + hostname);
        return true;
    }
};
httpsConn.setHostnameVerifier(allHostVerifier);

try {
    //服務器驗證客戶端證書
    KeyStore keyStore = KeyStore.getInstance("BKS");

    //讀取證書
    InputStream ksIn = Application.getContext().getResources().getAssets().open("certificate.bks");

    //加載證書
    keyStore.load(ksIn, "AAA".toCharArray());

    ksIn.close();
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
    keyManagerFactory.init(keyStore, "AAA".toCharArray());


    //客戶端信任服務器證書
    KeyStore trustStore = KeyStore.getInstance("BKS");
    InputStream tsIn = Application.getContext().getResources().getAssets().open("certificate.bks");
    trustStore.load(tsIn, "AAA".toCharArray());
    tsIn.close();
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(trustStore);

    //初始化SSLContext
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

    httpsConn.setSSLSocketFactory(sslContext.getSocketFactory());

    connection(httpsConn, request);

下面是我執行後給我的錯誤訊息

W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err:     at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
W/System.err:     at com.android.okhttp.Connection.connectTls(Connection.java:235)
        at com.android.okhttp.Connection.connectSocket(Connection.java:199)
        at com.android.okhttp.Connection.connect(Connection.java:172)
        at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
        at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
        at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
        at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
        at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:457)
        at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:126)
        at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getOutputStream(HttpURLConnectionImpl.java:257)
        at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getOutputStream(DelegatingHttpsURLConnection.java:218)
登入發表討論
圖片
  直播研討會
圖片
{{ item.channelVendor }} {{ item.webinarstarted }} |
{{ formatDate(item.duration) }}
直播中

1 個回答

0
海綿寶寶
iT邦大神 1 級 ‧ 2020-07-22 09:26:12

這麼高難度的問題
我只能 Google 這篇提供參考

等真正的高手出手相救

登入發表回應

我要發表回答

立即登入回答
iThome鐵人賽
參賽組數
1123
團體組數
52
累計文章數
23096
完賽人數
656
iT+看影片追技術 看影片追技術 看更多
熱門tag 看更多
15th鐵人賽 13th鐵人賽 14th鐵人賽 12th鐵人賽 11th鐵人賽 鐵人賽 2019鐵人賽 2018鐵人賽 javascript 2017鐵人賽 python windows php c# windows server linux css 程式設計 react vue.js
熱門問題
熱門回答
熱門文章
IT邦幫忙