android 证书管理,[转]Android 根证书管理与证书验证（2）

最新推荐文章于 2024-03-26 09:54:57 发布

郑丰彧

最新推荐文章于 2024-03-26 09:54:57 发布

阅读量680

点赞数

文章标签： android 证书管理

OpenSSLSocketImpl 的 verifyCertificateChain() 从 sslParameters 获得 X509TrustManager，然后在 Platform.checkServerTrusted() (com.android.org.conscrypt.Platform，位于 external/conscrypt/src/compat/java/org/conscrypt/Platform.java)中执行服务端证书合法有效性的检查：

public static void checkServerTrusted(X509TrustManager tm, X509Certificate[] chain,

String authType, OpenSSLSocketImpl socket) throws CertificateException {

if (!checkTrusted("checkServerTrusted", tm, chain, authType, Socket.class, socket)

&& !checkTrusted("checkServerTrusted", tm, chain, authType, String.class,

socket.getHandshakeSession().getPeerHost())) {

tm.checkServerTrusted(chain, authType);

}

}

Platform.checkServerTrusted() 通过执行 X509TrustManager 的 checkServerTrusted() 方法执行证书有合法性检查。

X509TrustManager 来自于 OpenSSLSocketImpl 的 sslParameters，那 sslParameters 又来自于哪里呢？OpenSSLSocketImpl 的 sslParameters 由对象的创建者传入：

public class OpenSSLSocketImpl

extends javax.net.ssl.SSLSocket

implements NativeCrypto.SSLHandshakeCallbacks, SSLParametersImpl.AliasChooser,

SSLParametersImpl.PSKCallbacks {

. . . . . .

private final SSLParametersImpl sslParameters;

. . . . . .

protected OpenSSLSocketImpl(SSLParametersImpl sslParameters) throws IOException {

this.socket = this;

this.peerHostname = null;

this.peerPort = -1;

this.autoClose = false;

this.sslParameters = sslParameters;

}

protected OpenSSLSocketImpl(String hostname, int port, SSLParametersImpl sslParameters)

throws IOException {

super(hostname, port);

this.socket = this;

this.peerHostname = hostname;

this.peerPort = port;

this.autoClose = false;

this.sslParameters = sslParameters;

}

protected OpenSSLSocketImpl(InetAddress address, int port, SSLParametersImpl sslParameters)

throws IOException {

super(address, port);

this.socket = this;

this.peerHostname = null;

this.peerPort = -1;

this.autoClose = false;

this.sslParameters = sslParameters;

}

protected OpenSSLSocketImpl(String hostname, int port,

InetAddress clientAddress, int clientPort,

SSLParametersImpl sslParameters) throws IOException {

super(hostname, port, clientAddress, clientPort);

this.socket = this;

this.peerHostname = hostname;

this.peerPort = port;

this.autoClose = false;

this.sslParameters = sslParameters;

}

protected OpenSSLSocketImpl(InetAddress address, int port,

InetAddress clientAddress, int clientPort,

SSLParametersImpl sslParameters) throws IOException {

super(address, port, clientAddress, clientPort);

this.socket = this;

this.peerHostname = null;

this.peerPort = -1;

this.autoClose = false;

this.sslParameters = sslParameters;

}

/**

* Create an SSL socket that wraps another socket. Invoked by

* OpenSSLSocketImplWrapper constructor.

*/

protected OpenSSLSocketImpl(Socket socket, String hostname, int port,

boolean autoClose, SSLParametersImpl sslParameters) throws IOException {

this.socket = socket;

this.peerHostname = hostname;

this.peerPort = port;

this.autoClose = autoClose;

this.sslParameters = sslParameters;

// this.timeout is not set intentionally.

// OpenSSLSocketImplWrapper.getSoTimeout will delegate timeout

// to wrapped socket

}

也就是说，OpenSSLSocketImpl 的 sslParameters 来自于 javax.net.ssl.SSLSocketFactory，即 OpenSSLSocketFactoryImpl。OpenSSLSocketFacto

最低0.47元/天解锁文章

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
android 证书管理,[转]Android 根证书管理与证书验证（2）

OpenSSLSocketImpl 的 verifyCertificateChain() 从 sslParameters 获得 X509TrustManager，然后在 Platform.checkServerTrusted() (com.android.org.conscrypt.Platform，位于 external/conscrypt/src/compat/java/org/conscry...
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。