我使用NanoHTTPD在Android設備上製作Web服務。但它會信任所有證書並接受來自所有客戶端的SSL連接。我只想限制來自特定客戶端的訪問。如何使Android上的NanoHTTPD接受客戶端與專用客戶端證書的連接
更新: 我嘗試着這樣工作:
String KEYSTOREPASS = "test";
char[]ctpass = KEYSTOREPASS.toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
//Directly load cert from Resources
//ks.load(ctx.getResources().openRawResource(R.raw.cayan_cert),kspass);
//Or dynamically generate a cert and use it
ipAddressInCN = MainApplication.getIPAddress();
//Use the current IP Address to generate a cert that signed by hard coded CA, and add to keystore
String CN = "CN=" + ipAddressInCN;
ks.load(null, null);
GenerateCSR.AddCertToKeyStore(ks, ctpass, CN);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, ctpass);
SSLContext sc = SSLContext.getInstance("TLS");
TrustManager[] tm = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
String authType) {
System.out.println("abc");
return;
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
String authType) {
return;
}
}};
sc.init(kmf.getKeyManagers(), tm, null);
server.makeSecure(sc.getServerSocketFactory(), null);
我嘗試斷點設置爲我的自定義信任管理器的功能,但他們永遠不會被調用。
服務器端是什麼?您是否在尋找['SSLServerSocket.setNeedClientAuth()'](https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLServerSocket.html#setNeedClientAuth-boolean-)? – EJP
對不起,我已經提出了更具體的問題。 –