Android 通配符 SSL 验证

Question

我需要一些帮助来验证我的 Android 应用程序中的通配符 SSL。现在我使用的代码是验证而不检查任何东西：

public void UseHttpsConnection(String url, String charset, String query) {

    try {
        final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted( final X509Certificate[] chain, final String authType ) {
            }
            @Override
            public void checkServerTrusted( final X509Certificate[] chain, final String authType ) {
            }
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        } };

        // Install the all-trusting trust manager
        final SSLContext sslContext = SSLContext.getInstance( "TLS" );
        sslContext.init( null, trustAllCerts, new java.security.SecureRandom() );
        // Create an ssl socket factory with our all-trusting manager
        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();



        System.setProperty("http.keepAlive", "false");
        HttpsURLConnection connection = (HttpsURLConnection) new URL(url)
                .openConnection();
        connection.setSSLSocketFactory( sslSocketFactory );
        connection.setDoOutput(true);
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Charset", charset);
        connection.setRequestProperty("Content-Type",
                "application/x-www-form-urlencoded;charset=" + charset);
        OutputStream output = null;
        try {
            output = connection.getOutputStream();
            output.write(query.getBytes(charset));
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            if (output != null)
                try {
                    output.close();
                } catch (IOException logOrIgnore) {
                    logOrIgnore.printStackTrace();
                }
        }

        int status = ((HttpsURLConnection) connection).getResponseCode();
        Log.i("", "Status : " + status);

        for (Entry<String, List<String>> header : connection
                .getHeaderFields().entrySet()) {
            Log.i("Headers",
                    "Headers : " + header.getKey() + "="
                            + header.getValue());
        }

        InputStream response = new BufferedInputStream(
                connection.getInputStream());

        int bytesRead = -1;
        byte[] buffer = new byte[30 * 1024];
        while ((bytesRead = response.read(buffer)) > 0) {
            byte[] buffer2 = new byte[bytesRead];
            System.arraycopy(buffer, 0, buffer2, 0, bytesRead);
            handleDataFromSync(buffer2);
        }
        connection.disconnect();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

当我通过互联网阅读时，我发现 Android 中存在验证 WildCard（例如：*.mydomain.com）证书的错误，我没有找到任何示例或建议如何做到这一点。我想要实现的是：通过名称验证证书并检查它是否过期。欢迎任何好的建议/示例，因为这是我第一次尝试使用 SSL，我对它并不熟悉。

提前致谢！

Answer 1

foursquare 文档建议遵循in this SO question 的可用答案

Answer 2

此代码可以提供帮助吗？ https://github.com/mixare/mixare/blob/master/src/org/mixare/MixContext.java

我正在添加更多上下文，我真的相信这段代码部分完成了您想要实现的目标：

        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }});
    SSLContext context = SSLContext.getInstance("TLS");
    context.init(null, new X509TrustManager[]{new X509TrustManager(){
        public void checkClientTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {}
        public void checkServerTrusted(X509Certificate[] chain,
                String authType) throws CertificateException {}
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }}}, new SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(
            context.getSocketFactory());

此代码在 mixare 中用于接受自签名证书。