据说这两天腾讯的服务器出了问题,认证的时候报这样的错:
- Java 代码复制内容到剪贴板
- oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: Not trusted server certificate
- Caused by: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
- oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: Nopeer certificate
这是因为Https认证被截获导致,Client认为安全失效,很久之前就出现了这个问题了,那时候在WebView上加上下面的代码就可以解决了
- Java 代码复制内容到剪贴板
- public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
- handler.proceed();
- }
没想到又出现这个问题,于是一翻研究,在stackoverflow.com上找到答案,写了一个自定义类继承SSLSocketFactory,
- Java 代码复制内容到剪贴板
- public class SSLSocketFactoryEx extends SSLSocketFactory {
- SSLContext sslContext = SSLContext.getInstance("TLS");
- public SSLSocketFactoryEx(KeyStore truststore)
- throws NoSuchAlgorithmException, KeyManagementException,
- KeyStoreException, UnrecoverableKeyException {
- super(truststore);
- TrustManager tm = new X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- @Override
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- }
- @Override
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] chain, String authType)
- throws java.security.cert.CertificateException {
- }
- };
- sslContext.init(null, new TrustManager[] { tm }, null);
- }
- @Override
- public Socket createSocket(Socket socket, String host, int port,
- boolean autoClose) throws IOException, UnknownHostException {
- return sslContext.getSocketFactory().createSocket(socket, host, port,
- autoClose);
- }
- @Override
- public Socket createSocket() throws IOException {
- return sslContext.getSocketFactory().createSocket();
- }
- }
调用方法,只要用认证返回的HttpCilent即可。代码:
- Java 代码复制内容到剪贴板
- public HttpClient getNewHttpClient() {
- try {
- KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- trustStore.load(null, null);
- SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
- sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
- HttpParams params = new BasicHttpParams();
- HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
- HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
- SchemeRegistry registry = new SchemeRegistry();
- registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
- registry.register(new Scheme("https", sf, 443));
- ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
- return new DefaultHttpClient(ccm, params);
- } catch (Exception e) {
- return new DefaultHttpClient();
- }
- }
这样就解决了问题,有网友说把腾讯认证的地址https去掉改成http,那是不可取的做法。
我已经把代码集成到signpost中,如果有需要的同学可自行下载,有不明白或者不好的地方给我评论留言。
源码下载:
2011-12-11日更新了oauth-signpost-1211.jar包,把原来打jar包时也一起打的commons-codec.jar去掉了。
好吧,把源码也传上来了,供大家下载:
不过还是推荐使用OAuth2.0,方便很多。而且新浪也不推荐使用OAuth1.0了。