最近开始收到谷歌关于我的Android应用程序的电子邮件通知,建议如下若要正确处理SSL证书验证,请在自定义X509TrustManager接口的checkServerTrusted方法中更改代码,以便在服务器提供的证书不符合您的期望时引发CertificateException或IllegalArgumentException。您可以参考帮助中心的这篇文章来获得更多的指导
SSL socketfactory.javav文件如下所示
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SimpleSSLSocketFactory extends org.apache.http.conn.ssl.SSLSocketFactory {
private SSLSocketFactory sslFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
public SimpleSSLSocketFactory(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(null);
try {
SSLContext context = SSLContext.getInstance("TLS");
// Create a trust manager that does not validate certificate chains and simply accept all type of certificates
X509TrustManager[] trustAllCerts = new X509TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
}};
// Initialize the socket factory
context.init(null, trustAllCerts, new SecureRandom());
sslFactory = context.getSocketFactory();
} catch (Exception e) {
e.printStackTrace();
}
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return sslFactory.createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslFactory.createSocket();
}
}
我阅读了2016年的各种文章,其中提出了一些措施,但似乎没有一篇在这里奏效。有人能挺过来吗?电子邮件还设置了一个截止日期,如果漏洞未修复,则从播放商店中删除该应用程序
面对同样的问题,我们使用的恒温器有html url,我们不能更改,所以我们只想通过一些代码更改来解决这个问题。这个帖子上的回答也可以帮助我们。