您的位置:首页 > 理论基础 > 计算机网络

HTTPS,证书有效期与手机时间不符合时,如何让验证通过

2012-09-27 13:39 706 查看
情景:公司购买了三年verisign的证书使用期,但是手机本地时间如果设为这三年以外的,会发生证书过期CertificateExpiredException或者证书尚未生效CertificateNotYetValidException的异常,这样基于https的网络交互都将无法进行下去,还需要提醒用户取更改手机时间,再回来进行网络操作,影响到用户体验。

目的:对于证书有效期引起的这两个异常,让验证通过(trust),其他原因引起的异常,按正常的逻辑处理。

方案如下:

HttpURLConnection conn;

if (baseUrl.startsWith("https")) {

SSLContext sc = SSLContext.getInstance("TLS");

sc.init(null, new TrustManager[] {

new MyTrustManager()

}, new SecureRandom());

HttpsURLConnection

.setDefaultSSLSocketFactory(sc.getSocketFactory());

conn = (HttpsURLConnection) new URL(baseUrl)

.openConnection();

} else {

conn = (HttpURLConnection) new URL(baseUrl).openConnection();

}

class MyTrustManager implements X509TrustManager {

private X509TrustManager tm = null;

MyTrustManager() {

try {

//以下几步是关键,通过分析源码和异常栈而来。

KeyStore keyStore = KeyStore.getInstance("AndroidCAStore");

keyStore.load(null, null);

tm = new TrustManagerImpl(keyStore);

} catch (Exception e) {

e.printStackTrace();

}

}

@Override

public void checkClientTrusted(X509Certificate[] chain, String authType)

throws CertificateException {

tm.checkClientTrusted(chain, authType);

}

@Override

public void checkServerTrusted(X509Certificate[] chain, String authType)

throws CertificateException {

try {

tm.checkServerTrusted(chain, authType);

} catch (CertificateException e) {

e.printStackTrace();

Throwable t = e;

while (t != null) {

if (t instanceof CertificateExpiredException

|| t instanceof CertificateNotYetValidException)

return;

t = t.getCause();

}

throw e;

}

}

@Override

public X509Certificate[] getAcceptedIssuers() {

return tm.getAcceptedIssuers();

}

}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐