如何在 Java *with Flutter* 中禁用证书验证?
How to disable certificate verification in Java *with Flutter*?
在全新安装 Flutter、JDK 和 Android Studio 3.5.3 时,Flutter 在尝试构建 Android 时总是 运行 出错] 应用程序。在 Gradle 任务“assembleDebug”期间,它 运行 进入 sslHandshakeException。我想知道如何禁用证书验证以便它仍然可以 运行 (假设我不关心这引发的安全问题)。我相信这需要经过 Java JDK.
其他上下文:
- MacBook Pro 运行宁 macOS Big Sur 11.4
- 颤振 2.2.3
flutter doctor -v 输出:
% flutter doctor -v
[✓] Flutter (Channel stable, 2.2.3, on macOS 11.4 20F71 darwin-x64, locale en)
• Flutter version 2.2.3 at /usr/local/Caskroom/flutter/2.2.3/flutter
• Framework revision f4abaa0735 (12 days ago), 2021-07-01 12:46:11 -0700
• Engine revision 241c87ad80
• Dart version 2.13.4
[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
• Android SDK at /Users/peternielsen/Library/Android/sdk
• Platform android-S, build-tools 30.0.3
• Java binary at: /Applications/Android
Studio.app/Contents/jre/jdk/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment (build
1.8.0_202-release-1483-b49-5587405)
• All Android licenses accepted.
[✓] Xcode - develop for iOS and macOS
• Xcode at /Applications/Xcode.app/Contents/Developer
• Xcode 12.5.1, Build version 12E507
• CocoaPods version 1.10.1
[✓] Chrome - develop for the web
• Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[✓] Android Studio (version 3.5)
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin version 44.0.1
• Dart plugin version 191.8593
• Java version OpenJDK Runtime Environment (build
1.8.0_202-release-1483-b49-5587405)
[✓] VS Code (version 1.57.1)
• VS Code at /Applications/Visual Studio Code.app/Contents
• Flutter extension version 3.24.0
[✓] Connected device (2 available)
• Android SDK built for x86 (mobile) • emulator-5554 • android-x86 •
Android 8.1.0 (API 27) (emulator)
• Chrome (web) • chrome • web-javascript •
Google Chrome 91.0.4472.114
• No issues found!
- 来自
flutter run 的错误输出:
% flutter run
Using hardware rendering with device Android SDK built for x86. If you notice
graphics artifacts, consider enabling software rendering with
"--enable-software-rendering".
Launching lib/main.dart on Android SDK built for x86 in debug mode...
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'android'.
> Could not resolve all artifacts for configuration ':classpath'.
> Could not resolve com.android.tools.build:gradle:4.1.0.
Required by:
project :
> Could not resolve com.android.tools.build:gradle:4.1.0.
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/4.1.0/gradle-4.1.0.pom'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/4.1.0/gradle-4.1.0.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 3s
Running Gradle task 'assembleDebug'...
Running Gradle task 'assembleDebug'... Done 4.3s
Exception: Gradle task assembleDebug failed with exit code 1
我不知道为什么会出错,我只是需要一种方法来禁用 Flutter 的 SSL 证书验证。
请注意 this question 类似,但是它询问如何在从服务器提取的 Flutter 代码中禁用它,我的问题需要在 Flutter 应用程序 运行.
提前致谢。
编辑:
% keytool -importcert -file ~/Downloads/google.cer -alias google -keystore $JAVA_HOME/jre/lib/security/cacerts
Enter keystore password:
Re-enter new password:
Owner: CN=*.google.com
Issuer: CN=Qustodio Protection CA, OU=Qustodio, O=Qustodio LLC, L=Barcelona, ST=Barcelona, C=ES
Serial number: cd639bb2
Valid from: Tue Jun 22 06:37:09 PDT 2021 until: Tue Sep 14 06:37:08 PDT 2021
Certificate fingerprints:
SHA1: B3:A2:BF:28:62:78:E3:EE:2F:6D:1A:04:C8:3F:83:E2:EA:A8:C0:95
SHA256: A4:CC:97:CC:FB:2B:67:40:F4:17:EC:D2:78:5D:AA:CB:1F:ED:C8:E7:01:85:3E:8A:9F:09:05:51:2A:25:F0:E4
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
#3: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.google.com
DNSName: *.appengine.google.com
DNSName: *.bdn.dev
DNSName: *.cloud.google.com
DNSName: *.crowdsource.google.com
DNSName: *.datacompute.google.com
DNSName: *.google.ca
DNSName: *.google.cl
DNSName: *.google.co.in
DNSName: *.google.co.jp
DNSName: *.google.co.uk
DNSName: *.google.com.ar
DNSName: *.google.com.au
DNSName: *.google.com.br
DNSName: *.google.com.co
DNSName: *.google.com.mx
DNSName: *.google.com.tr
DNSName: *.google.com.vn
DNSName: *.google.de
DNSName: *.google.es
DNSName: *.google.fr
DNSName: *.google.hu
DNSName: *.google.it
DNSName: *.google.nl
DNSName: *.google.pl
DNSName: *.google.pt
DNSName: *.googleadapis.com
DNSName: *.googleapis.cn
DNSName: *.googlevideo.com
DNSName: *.gstatic.cn
DNSName: *.gstaticcnapps.cn
DNSName: googlecnapps.cn
DNSName: *.googlecnapps.cn
DNSName: gkecnapps.cn
DNSName: *.gkecnapps.cn
DNSName: googledownloads.cn
DNSName: *.googledownloads.cn
DNSName: recaptcha.net.cn
DNSName: *.recaptcha.net.cn
DNSName: widevine.cn
DNSName: *.widevine.cn
DNSName: ampproject.org.cn
DNSName: *.ampproject.org.cn
DNSName: ampproject.net.cn
DNSName: *.ampproject.net.cn
DNSName: google-analytics-cn.com
DNSName: *.google-analytics-cn.com
DNSName: googleadservices-cn.com
DNSName: *.googleadservices-cn.com
DNSName: googlevads-cn.com
DNSName: *.googlevads-cn.com
DNSName: googleapis-cn.com
DNSName: *.googleapis-cn.com
DNSName: googleoptimize-cn.com
DNSName: *.googleoptimize-cn.com
DNSName: doubleclick-cn.net
DNSName: *.doubleclick-cn.net
DNSName: *.fls.doubleclick-cn.net
DNSName: *.g.doubleclick-cn.net
DNSName: dartsearch-cn.net
DNSName: *.dartsearch-cn.net
DNSName: googletraveladservices-cn.com
DNSName: *.googletraveladservices-cn.com
DNSName: googletagservices-cn.com
DNSName: *.googletagservices-cn.com
DNSName: googletagmanager-cn.com
DNSName: *.googletagmanager-cn.com
DNSName: googlesyndication-cn.com
DNSName: *.googlesyndication-cn.com
DNSName: *.safeframe.googlesyndication-cn.com
DNSName: app-measurement-cn.com
DNSName: *.app-measurement-cn.com
DNSName: gvt1-cn.com
DNSName: *.gvt1-cn.com
DNSName: gvt2-cn.com
DNSName: *.gvt2-cn.com
DNSName: 2mdn-cn.net
DNSName: *.2mdn-cn.net
DNSName: googleflights-cn.net
DNSName: *.googleflights-cn.net
DNSName: admob-cn.com
DNSName: *.admob-cn.com
DNSName: *.gstatic.com
DNSName: *.metric.gstatic.com
DNSName: *.gvt1.com
DNSName: *.gcpcdn.gvt1.com
DNSName: *.gvt2.com
DNSName: *.gcp.gvt2.com
DNSName: *.url.google.com
DNSName: *.youtube-nocookie.com
DNSName: *.ytimg.com
DNSName: android.com
DNSName: *.android.com
DNSName: *.flash.android.com
DNSName: g.cn
DNSName: *.g.cn
DNSName: g.co
DNSName: *.g.co
DNSName: goo.gl
DNSName: www.goo.gl
DNSName: google-analytics.com
DNSName: *.google-analytics.com
DNSName: google.com
DNSName: googlecommerce.com
DNSName: *.googlecommerce.com
DNSName: ggpht.cn
DNSName: *.ggpht.cn
DNSName: urchin.com
DNSName: *.urchin.com
DNSName: youtu.be
DNSName: youtube.com
DNSName: *.youtube.com
DNSName: youtubeeducation.com
DNSName: *.youtubeeducation.com
DNSName: youtubekids.com
DNSName: *.youtubekids.com
DNSName: yt.be
DNSName: *.yt.be
DNSName: android.clients.google.com
DNSName: developer.android.google.cn
DNSName: developers.android.google.cn
DNSName: source.android.google.cn
]
Trust this certificate? [no]: yes
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /jre/lib/security/cacerts (No such file or directory)
- 在浏览器中转到
https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/4.1.0/:
- firefox - 单击 HTTPS 证书链(URL 地址旁边的锁图标)。单击
"more info" > "security" > "show certificate" > "details" > "export.."。选择名称并选择文件类型 example.cer
- chrome - 单击地址栏左侧的站点图标,select“证书”->“详细信息”->“导出”并以“Der-encoded binary”格式保存,单一证书”。
现在您有了带有密钥库的文件,您必须将它添加到您的 JVM。确定 cacerts 文件的位置,例如。
$JAVA_HOME/jre/lib/security/cacerts
接下来在命令行中将example.cer文件导入cacerts(可能需要管理员命令提示符):
keytool -importcert -file example.cer -alias example -keystore $JAVA_HOME/jre/lib/security/cacerts
输入密码:changeit(可以在Mac上更改)
重启你的JVM/PC.
source
在全新安装 Flutter、JDK 和 Android Studio 3.5.3 时,Flutter 在尝试构建 Android 时总是 运行 出错] 应用程序。在 Gradle 任务“assembleDebug”期间,它 运行 进入 sslHandshakeException。我想知道如何禁用证书验证以便它仍然可以 运行 (假设我不关心这引发的安全问题)。我相信这需要经过 Java JDK.
其他上下文:
- MacBook Pro 运行宁 macOS Big Sur 11.4
- 颤振 2.2.3
flutter doctor -v输出:
% flutter doctor -v
[✓] Flutter (Channel stable, 2.2.3, on macOS 11.4 20F71 darwin-x64, locale en)
• Flutter version 2.2.3 at /usr/local/Caskroom/flutter/2.2.3/flutter
• Framework revision f4abaa0735 (12 days ago), 2021-07-01 12:46:11 -0700
• Engine revision 241c87ad80
• Dart version 2.13.4
[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
• Android SDK at /Users/peternielsen/Library/Android/sdk
• Platform android-S, build-tools 30.0.3
• Java binary at: /Applications/Android
Studio.app/Contents/jre/jdk/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment (build
1.8.0_202-release-1483-b49-5587405)
• All Android licenses accepted.
[✓] Xcode - develop for iOS and macOS
• Xcode at /Applications/Xcode.app/Contents/Developer
• Xcode 12.5.1, Build version 12E507
• CocoaPods version 1.10.1
[✓] Chrome - develop for the web
• Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[✓] Android Studio (version 3.5)
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin version 44.0.1
• Dart plugin version 191.8593
• Java version OpenJDK Runtime Environment (build
1.8.0_202-release-1483-b49-5587405)
[✓] VS Code (version 1.57.1)
• VS Code at /Applications/Visual Studio Code.app/Contents
• Flutter extension version 3.24.0
[✓] Connected device (2 available)
• Android SDK built for x86 (mobile) • emulator-5554 • android-x86 •
Android 8.1.0 (API 27) (emulator)
• Chrome (web) • chrome • web-javascript •
Google Chrome 91.0.4472.114
• No issues found!
- 来自
flutter run的错误输出:
% flutter run
Using hardware rendering with device Android SDK built for x86. If you notice
graphics artifacts, consider enabling software rendering with
"--enable-software-rendering".
Launching lib/main.dart on Android SDK built for x86 in debug mode...
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'android'.
> Could not resolve all artifacts for configuration ':classpath'.
> Could not resolve com.android.tools.build:gradle:4.1.0.
Required by:
project :
> Could not resolve com.android.tools.build:gradle:4.1.0.
> Could not get resource 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/4.1.0/gradle-4.1.0.pom'.
> Could not GET 'https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/4.1.0/gradle-4.1.0.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 3s
Running Gradle task 'assembleDebug'...
Running Gradle task 'assembleDebug'... Done 4.3s
Exception: Gradle task assembleDebug failed with exit code 1
我不知道为什么会出错,我只是需要一种方法来禁用 Flutter 的 SSL 证书验证。
请注意 this question 类似,但是它询问如何在从服务器提取的 Flutter 代码中禁用它,我的问题需要在 Flutter 应用程序 运行.
提前致谢。
编辑:
% keytool -importcert -file ~/Downloads/google.cer -alias google -keystore $JAVA_HOME/jre/lib/security/cacerts
Enter keystore password:
Re-enter new password:
Owner: CN=*.google.com
Issuer: CN=Qustodio Protection CA, OU=Qustodio, O=Qustodio LLC, L=Barcelona, ST=Barcelona, C=ES
Serial number: cd639bb2
Valid from: Tue Jun 22 06:37:09 PDT 2021 until: Tue Sep 14 06:37:08 PDT 2021
Certificate fingerprints:
SHA1: B3:A2:BF:28:62:78:E3:EE:2F:6D:1A:04:C8:3F:83:E2:EA:A8:C0:95
SHA256: A4:CC:97:CC:FB:2B:67:40:F4:17:EC:D2:78:5D:AA:CB:1F:ED:C8:E7:01:85:3E:8A:9F:09:05:51:2A:25:F0:E4
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
]
#3: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: *.google.com
DNSName: *.appengine.google.com
DNSName: *.bdn.dev
DNSName: *.cloud.google.com
DNSName: *.crowdsource.google.com
DNSName: *.datacompute.google.com
DNSName: *.google.ca
DNSName: *.google.cl
DNSName: *.google.co.in
DNSName: *.google.co.jp
DNSName: *.google.co.uk
DNSName: *.google.com.ar
DNSName: *.google.com.au
DNSName: *.google.com.br
DNSName: *.google.com.co
DNSName: *.google.com.mx
DNSName: *.google.com.tr
DNSName: *.google.com.vn
DNSName: *.google.de
DNSName: *.google.es
DNSName: *.google.fr
DNSName: *.google.hu
DNSName: *.google.it
DNSName: *.google.nl
DNSName: *.google.pl
DNSName: *.google.pt
DNSName: *.googleadapis.com
DNSName: *.googleapis.cn
DNSName: *.googlevideo.com
DNSName: *.gstatic.cn
DNSName: *.gstaticcnapps.cn
DNSName: googlecnapps.cn
DNSName: *.googlecnapps.cn
DNSName: gkecnapps.cn
DNSName: *.gkecnapps.cn
DNSName: googledownloads.cn
DNSName: *.googledownloads.cn
DNSName: recaptcha.net.cn
DNSName: *.recaptcha.net.cn
DNSName: widevine.cn
DNSName: *.widevine.cn
DNSName: ampproject.org.cn
DNSName: *.ampproject.org.cn
DNSName: ampproject.net.cn
DNSName: *.ampproject.net.cn
DNSName: google-analytics-cn.com
DNSName: *.google-analytics-cn.com
DNSName: googleadservices-cn.com
DNSName: *.googleadservices-cn.com
DNSName: googlevads-cn.com
DNSName: *.googlevads-cn.com
DNSName: googleapis-cn.com
DNSName: *.googleapis-cn.com
DNSName: googleoptimize-cn.com
DNSName: *.googleoptimize-cn.com
DNSName: doubleclick-cn.net
DNSName: *.doubleclick-cn.net
DNSName: *.fls.doubleclick-cn.net
DNSName: *.g.doubleclick-cn.net
DNSName: dartsearch-cn.net
DNSName: *.dartsearch-cn.net
DNSName: googletraveladservices-cn.com
DNSName: *.googletraveladservices-cn.com
DNSName: googletagservices-cn.com
DNSName: *.googletagservices-cn.com
DNSName: googletagmanager-cn.com
DNSName: *.googletagmanager-cn.com
DNSName: googlesyndication-cn.com
DNSName: *.googlesyndication-cn.com
DNSName: *.safeframe.googlesyndication-cn.com
DNSName: app-measurement-cn.com
DNSName: *.app-measurement-cn.com
DNSName: gvt1-cn.com
DNSName: *.gvt1-cn.com
DNSName: gvt2-cn.com
DNSName: *.gvt2-cn.com
DNSName: 2mdn-cn.net
DNSName: *.2mdn-cn.net
DNSName: googleflights-cn.net
DNSName: *.googleflights-cn.net
DNSName: admob-cn.com
DNSName: *.admob-cn.com
DNSName: *.gstatic.com
DNSName: *.metric.gstatic.com
DNSName: *.gvt1.com
DNSName: *.gcpcdn.gvt1.com
DNSName: *.gvt2.com
DNSName: *.gcp.gvt2.com
DNSName: *.url.google.com
DNSName: *.youtube-nocookie.com
DNSName: *.ytimg.com
DNSName: android.com
DNSName: *.android.com
DNSName: *.flash.android.com
DNSName: g.cn
DNSName: *.g.cn
DNSName: g.co
DNSName: *.g.co
DNSName: goo.gl
DNSName: www.goo.gl
DNSName: google-analytics.com
DNSName: *.google-analytics.com
DNSName: google.com
DNSName: googlecommerce.com
DNSName: *.googlecommerce.com
DNSName: ggpht.cn
DNSName: *.ggpht.cn
DNSName: urchin.com
DNSName: *.urchin.com
DNSName: youtu.be
DNSName: youtube.com
DNSName: *.youtube.com
DNSName: youtubeeducation.com
DNSName: *.youtubeeducation.com
DNSName: youtubekids.com
DNSName: *.youtubekids.com
DNSName: yt.be
DNSName: *.yt.be
DNSName: android.clients.google.com
DNSName: developer.android.google.cn
DNSName: developers.android.google.cn
DNSName: source.android.google.cn
]
Trust this certificate? [no]: yes
Certificate was added to keystore
keytool error: java.io.FileNotFoundException: /jre/lib/security/cacerts (No such file or directory)
- 在浏览器中转到
https://dl.google.com/dl/android/maven2/com/android/tools/build/gradle/4.1.0/:
- firefox - 单击 HTTPS 证书链(URL 地址旁边的锁图标)。单击
"more info" > "security" > "show certificate" > "details" > "export.."。选择名称并选择文件类型 example.cer - chrome - 单击地址栏左侧的站点图标,select“证书”->“详细信息”->“导出”并以“Der-encoded binary”格式保存,单一证书”。
现在您有了带有密钥库的文件,您必须将它添加到您的 JVM。确定 cacerts 文件的位置,例如。
$JAVA_HOME/jre/lib/security/cacerts接下来在命令行中将
example.cer文件导入cacerts(可能需要管理员命令提示符):
keytool -importcert -file example.cer -alias example -keystore $JAVA_HOME/jre/lib/security/cacerts
输入密码:changeit(可以在Mac上更改)
重启你的JVM/PC.
source