How can I set SignalR in Android Studio to ignore

2019-01-11 16:00发布

问题:

I have a site which uses SignalR. The code below (taken from SignalR-Chat example) connects to the production site with its verified SSL. It uses the jars from SignalR/java-client.

But for development I need to connect to a the VS project which is hosted on my computer with IIS Express and a local SSL which my Nexus can't and not supposed to verify, and I get the following errors:

08-17 16:13:55.540    2153-6860//System.out﹕ HubConnection: Error executing request: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
08-17 16:13:55.541    2153-6859//System.err﹕ java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

I already opened the relevant ports in the firewall and I can reach the IIS Express with Rest requests.

Here's the code:

public class gtSockets {

    public static final String URL = myUrl + "/signalr/hubs/";

    HubConnection connection;
    HubProxy hub;

    DemonThread thread;

    private Context context;

    private static gtSockets gtSockets;

    private gtSockets(Context context) {
        this.context = context;

        initConnection();
    }

    public static gtSockets newInstance(Context context) {
        if(gtSockets == null) {
            gtSockets = new gtSockets(context);
        }
        return gtSockets;
    }

    private void initConnection() {
        Platform.loadPlatformComponent(new AndroidPlatformComponent());


        connection = new HubConnection(URL, null, true, new Logger() {
            @Override
            public void log(String s, LogLevel logLevel) {

            }
        });


        hub = connection.createHubProxy("myHub");


        hub.on("broadcastMessage", new SubscriptionHandler2<String, String>() {
            @Override
            public void run(String msgType, String msg) {

            }
                }, String.class,String.class);

        thread = new DemonThread();
        thread.start();
    }

    public void destroy() {
        if(thread != null) {
            thread.cancel();
            thread = null;
        }

        if(connection != null) {
            connection.stop();
        }
    }


    private class MessageSendTask extends AsyncTask<String,String,String> {
        @Override
        protected String doInBackground(String... params) {
            hub.invoke("send","directory",params[1]);
            return "ok";
        }
    }

    private class DemonThread extends Thread {

        boolean isRunning = true;

        @Override
        public void run() {
            SignalRFuture<Void> awaitConnection = connection.start();
            while(isRunning) {
                try {
                    awaitConnection.get();
                } catch (InterruptedException | ExecutionException e){
                    e.printStackTrace();
                }
            }
            awaitConnection.cancel();
        }

        public void cancel() {
            if(isRunning) {
                isRunning = false;
            }
        }
    }
}

The questions is how can I set SignalR to ignore SSL issues for development?!

Thanks.

回答1:

If just for development, I think you can refer the following code (available in SO):

public class HttpsTrustManager implements X509TrustManager {
    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

@Override
public void checkClientTrusted(
        X509Certificate[] x509Certificates, String s)
        throws java.security.cert.CertificateException {
}

@Override
public void checkServerTrusted(
        X509Certificate[] x509Certificates, String s)
        throws java.security.cert.CertificateException {
}

public boolean isClientTrusted(X509Certificate[] chain) {
    return true;
}

public boolean isServerTrusted(X509Certificate[] chain) {
    return true;
}

@Override
public X509Certificate[] getAcceptedIssuers() {
    return _AcceptedIssuers;
}

public static void allowAllSSL() {
    HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

        @Override
        public boolean verify(String arg0, SSLSession arg1) {
            return true;
        }

    });

    SSLContext context = null;
    if (trustManagers == null) {
        trustManagers = new TrustManager[]{new HttpsTrustManager()};
    }

    try {
        context = SSLContext.getInstance("TLS");
        context.init(null, trustManagers, new SecureRandom());
    } catch (NoSuchAlgorithmException | KeyManagementException e) {
        e.printStackTrace();
    }

    HttpsURLConnection.setDefaultSSLSocketFactory(context != null ? context.getSocketFactory() : null);
}

}

Then in your Activity, call HttpsTrustManager.allowAllSSL(); before SignalR methods