您好我在尝试使用HttpOk实现证书锁定:https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html
任何人都可以让我知道我打算将以下代码放在哪里以获取证书固定异常吗?
String hostname = "publicobject.com";
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
Request request = new Request.Builder()
.url("https://" + hostname)
.build();
client.newCall(request).execute();
谢谢:)
答案 0 :(得分:0)
它应该在您为Web服务调用创建客户端的任何地方。请记住,您必须使用服务器的公钥替换公钥。
答案 1 :(得分:0)
您应该在正在构建OkHttpClient时添加它。具体来说,您应该添加到现有代码的唯一行是
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
...builder.certificatePinner(certificatePinner)...
NetworkOnMainThreadException可能是因为您此时也在拨打电话。您不希望进行额外的HTTP呼叫,只是希望这适用于所有现有的呼叫,这些呼叫都会打到publicobject.com
如果您使用的是Mac,则可以使用oksocial进行测试
$ brew install yschimke/tap/oksocial
$ oksocial --certificatePin publicobject.com:sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA https://publicobject.com/robots.txt
request failed
javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!
Peer certificate chain:
sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL, OU=Domain Control Validated
sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Pinned certificates for publicobject.com:
sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
at okhttp3.CertificatePinner.check(CertificatePinner.java:187)