我正在尝试在Android中实现客户端认证的TLS握手。
我的测试网站是:
我已经下载了客户端证书,并为Android应用实现了以下逻辑:
class Retrofit {
companion object {
fun getSSLContext(): SSLContext? {
MainActivity.appContext?.let {
val badssl = it.resources!!.openRawResource(R.raw.badssl)
val baddsslPassword = "badssl.com".toCharArray()
val keyStore = KeyStore.getInstance("PKCS12")
keyStore.load(badssl, baddsslPassword)
val keyManagerFactory = KeyManagerFactory.getInstance("X509")
keyManagerFactory.init(keyStore, baddsslPassword)
val keyManagers = keyManagerFactory.keyManagers
val sslContext = SSLContext.getInstance("TLS")
sslContext.init(keyManagers, null, null)
return sslContext
}
return null
}
fun get(): Api {
val httpLoggingInterceptor = HttpLoggingInterceptor()
httpLoggingInterceptor.level = HttpLoggingInterceptor.Level.BODY
val okHttpClientBuilder = OkHttpClient.Builder()
.connectTimeout(1, TimeUnit.MINUTES)
.readTimeout(1, TimeUnit.MINUTES)
.writeTimeout(1, TimeUnit.MINUTES)
.addInterceptor(httpLoggingInterceptor)
getSSLContext()?.let {
okHttpClientBuilder.sslSocketFactory(it.socketFactory)
}
val okHttpClient = okHttpClientBuilder.build()
val retrofit = Retrofit.Builder()
.baseUrl("https://client.badssl.com/")
.addConverterFactory(GsonConverterFactory.create())
.addCallAdapterFactory(RxJava2CallAdapterFactory.create())
.client(okHttpClient)
.build()
return retrofit.create(Api::class.java)
}
}
}
interface Api {
@GET("/")
fun get(): Single<ResponseBody>
}
没有SSLContext逻辑,我收到以下响应:
400错误的请求
使用我的SSLContext逻辑,我收到以下响应:
200好
此网站需要客户端认证的TLS握手
如何正确实施client-authenticated TLS handshake并避免出现此警告?