java Google Play警告和“X509TrustManager的不安全实现”
我们收到了关于“您正在使用X509TrustManagfer的不安全实现”的邮件。 为了解决这个问题,我们应用了来自http://transoceanic.blogspot.in/2011/11/安卓-import-ssl-certificate-and-use.html的解决方案
在这里,我们已经生成了新的BKS密钥存储并通过了这个密钥存储SSLSocketFactory。该工厂负责验证服务器证书。我们已经有了现有的密钥库,但它不在。BKS甲酸盐。这就是为什么我们为HTTPS呼叫创建了一个新的。请查看我的以下代码:
DefaultHttpClient sslClient = new MyHttpClient(StartupActivity.activity);
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our keystore
// to the ConnectionManager
registry.register(new Scheme("https", newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(), registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = context.getResources().openRawResource(
R.raw.mykeystore);
try {
// Initialize the keystore with the provided trusted
// certificates
// Also provide the password of the keystore
trusted.load(in, "keystore_password".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory. The factory is
// responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
您能检查并确认我们的应用程序是否安全吗
如果您还有其他最佳解决方案,请告知我们
共 (0) 个答案