四大微博OAuth认证

四大微博OAuth认证  

作品 ,  评论(32) ,  引用(0) ,  阅读(2581)    大 |  中 |  小   

据说这两天腾讯的服务器出了问题，认证的时候报这样的错：

Java 代码 复制内容到剪贴板

oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: Not trusted server certificate
Caused by: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: Nopeer certificate

这是因为Https认证被截获导致，Client认为安全失效，很久之前就出现了这个问题了，那时候在WebView上加上下面的代码就可以解决了

Java 代码 复制内容到剪贴板

public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
     handler.proceed();
}

没想到又出现这个问题，于是一翻研究，在stackoverflow.com上找到答案，写了一个自定义类继承SSLSocketFactory，

Java 代码 复制内容到剪贴板

public class SSLSocketFactoryEx extends SSLSocketFactory {

    SSLContext sslContext = SSLContext.getInstance("TLS");

    public SSLSocketFactoryEx(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);

        TrustManager tm = new X509TrustManager() {

            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws java.security.cert.CertificateException {

            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws java.security.cert.CertificateException {

            }
        };

        sslContext.init(null, new TrustManager[] { tm }, null);
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,
            boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host, port,
                autoClose);
    }

    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

调用方法，只要用认证返回的HttpCilent即可。代码：

Java 代码 复制内容到剪贴板

public HttpClient getNewHttpClient() {
        try {
            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            trustStore.load(null, null);

            SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            HttpParams params = new BasicHttpParams();
            HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
            HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

            SchemeRegistry registry = new SchemeRegistry();
            registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
            registry.register(new Scheme("https", sf, 443));

            ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);

            return new DefaultHttpClient(ccm, params);
        } catch (Exception e) {
            return new DefaultHttpClient();
        }
    }

这样就解决了问题，有网友说把腾讯认证的地址https去掉改成http，那是不可取的做法。

我已经把代码集成到signpost中，如果有需要的同学可自行下载，有不明白或者不好的地方给我评论留言。

源码下载：

下载文件

点击这里下载文件

2011-12-11日更新了oauth-signpost-1211.jar包，把原来打jar包时也一起打的commons-codec.jar去掉了。