Android证书信任问题与大表哥

Web Console:The page displayed insecure content! 

class bv   implements X509TrustManager {   bv(bu parambu) {}    public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) {// Do nothing -> accept any certificates}    public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString) {// Do nothing -> accept any certificates}    public X509Certificate[] getAcceptedIssuers()   {     return null;   } } 

public static HttpClient getNewHttpClient() {       try {           //获得密匙库         KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());           trustStore.load(null, null);            SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);          //信任所有主机名          sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);            HttpParams params = new BasicHttpParams();           HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);           HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);            SchemeRegistry registry = new SchemeRegistry();           registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));           registry.register(new Scheme("https", sf, 443));            ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);            return new DefaultHttpClient(ccm, params);       } catch (Exception e) {           return new DefaultHttpClient();       }   }   

HostnameVerifier hv = new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { // Always return true -> Accespt any host names return true; } }; 

    myWebView.setWebViewClient(new WebViewClient(){          @Override         public void onReceivedError(WebView view, int errorCode,                 String description, String failingUrl) {             // TODO Auto-generated method stub             super.onReceivedError(view, errorCode, description, failingUrl);         }          @Override         public void onReceivedSslError(WebView view,                 SslErrorHandler handler, SslError error) {             // TODO Auto-generated method stub             handler.proceed();         }}); 

java public class SecureSocketFactory extends SSLSocketFactory {      private static final String LOG_TAG = "SecureSocketFactory";      private final SSLContext sslCtx;     private final X509Certificate[] acceptedIssuers;      /**      * Instantiate a new secured factory pertaining to the passed store. Be sure to initialize the      * store with the password using {@link java.security.KeyStore#load(java.io.InputStream,      * char[])} method.      *      * @param store The key store holding the certificate details      * @param alias The alias of the certificate to use      */     public SecureSocketFactory(KeyStore store, String alias)             throws             CertificateException,             NoSuchAlgorithmException,             KeyManagementException,             KeyStoreException,             UnrecoverableKeyException {          super(store);          // Loading the CA certificate from store.         final Certificate rootca = store.getCertificate(alias);          // Turn it to X509 format.         InputStream is = new ByteArrayInputStream(rootca.getEncoded());         X509Certificate x509ca = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);         AsyncHttpClient.silentCloseInputStream(is);          if (null == x509ca) {             throw new CertificateException("Embedded SSL certificate has expired.");         }          // Check the CA's validity.         x509ca.checkValidity();          // Accepted CA is only the one installed in the store.         acceptedIssuers = new X509Certificate[]{x509ca};          sslCtx = SSLContext.getInstance("TLS");         sslCtx.init(                 null,                 new TrustManager[]{                         new X509TrustManager() {                             @Override                             public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {                             }                              @Override                             public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {                                 Exception error = null;                                  if (null == chain || 0 == chain.length) {                                     error = new CertificateException("Certificate chain is invalid.");                                 } else if (null == authType || 0 == authType.length()) {                                     error = new CertificateException("Authentication type is invalid.");                                 } else {                                     Log.i(LOG_TAG, "Chain includes " + chain.length + " certificates.");                                     try {                                         for (X509Certificate cert : chain) {                                             Log.i(LOG_TAG, "Server Certificate Details:");                                             Log.i(LOG_TAG, "---------------------------");                                             Log.i(LOG_TAG, "IssuerDN: " + cert.getIssuerDN().toString());                                             Log.i(LOG_TAG, "SubjectDN: " + cert.getSubjectDN().toString());                                             Log.i(LOG_TAG, "Serial Number: " + cert.getSerialNumber());                                             Log.i(LOG_TAG, "Version: " + cert.getVersion());                                             Log.i(LOG_TAG, "Not before: " + cert.getNotBefore().toString());                                             Log.i(LOG_TAG, "Not after: " + cert.getNotAfter().toString());                                             Log.i(LOG_TAG, "---------------------------");                                              // Make sure that it hasn't expired.                                             cert.checkValidity();                                              // Verify the certificate's public key chain.                                             cert.verify(rootca.getPublicKey());                                         }                                     } catch (InvalidKeyException e) {                                         error = e;                                     } catch (NoSuchAlgorithmException e) {                                         error = e;                                     } catch (NoSuchProviderException e) {                                         error = e;                                     } catch (SignatureException e) {                                         error = e;                                     }                                 }                                 if (null != error) {                                     Log.e(LOG_TAG, "Certificate error", error);                                     throw new CertificateException(error);                                 }                             }                              @Override                             public X509Certificate[] getAcceptedIssuers() {                                 return acceptedIssuers;                             }                         }                 },                 null         );          setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);     }      @Override     public Socket createSocket(Socket socket, String host, int port, boolean autoClose)             throws IOException {          injectHostname(socket, host);         Socket sslSocket = sslCtx.getSocketFactory().createSocket(socket, host, port, autoClose);          // throw an exception if the hostname does not match the certificate         getHostnameVerifier().verify(host, (SSLSocket) sslSocket);          return sslSocket;     }      @Override     public Socket createSocket() throws IOException {         return sslCtx.getSocketFactory().createSocket();     }      /**      * Pre-ICS Android had a bug resolving HTTPS addresses. This workaround fixes that bug.      *      * @param socket The socket to alter      * @param host   Hostname to connect to      * @see <a href="https://code.google.com/p/android/issues/detail?id=13117#c14">https://code.google.com/p/android/issues/detail?id=13117#c14</a>      */     private void injectHostname(Socket socket, String host) {         try {             if (Integer.valueOf(Build.VERSION.SDK) >= 4) {                 Field field = InetAddress.class.getDeclaredField("hostName");                 field.setAccessible(true);                 field.set(socket.getInetAddress(), host);             }         } catch (Exception ignored) {         }     }   }