在Android上使用Volley网络库进行SSL固定

时间:2015-01-28 11:23:50

标签: android ssl ssl-certificate android-volley pinning

我想在排球网络库中使用SSL Pinning。有没有办法用凌空实现SSL固定? volley是否为安全性改进提供了这种支持?

4 个答案:

答案 0 :(得分:9)

我刚刚按照此处所述实现了它:http://blog.ostorlab.co/2016/05/ssl-pinning-in-android-networking.html

以下是排球实现所需的代码:

CertificateFactory cf = CertificateFactory.getInstance("X.509");

// Generate the certificate using the certificate file under res/raw/cert.cer
InputStream caInput = new BufferedInputStream(getResources().openRawResource(R.raw.cert));
Certificate ca = cf.generateCertificate(caInput);
caInput.close();

// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore trusted = KeyStore.getInstance(keyStoreType);
trusted.load(null, null);
trusted.setCertificateEntry("ca", ca);

// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(trusted);

// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);

SSLSocketFactory sf = context.getSocketFactory();
mRequestQueue = Volley.newRequestQueue(mCtx.getApplicationContext(), new HurlStack(null, sf));

似乎工作!

答案 1 :(得分:0)

我正在实施同样的事情。我发现了一篇博文,希望对你有所帮助

http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificate/

答案 2 :(得分:0)

您可以使用公钥固定而不是证书固定:

Public Key Pinning with Volley Library

答案 3 :(得分:0)

我刚刚研究了我正在研究的项目。然而,我所处的位置可能与你不同。

我正在使用Volley和OKHttp网络堆栈(https://gist.github.com/JakeWharton/5616899):

将这些添加到您的Gradle Build:1 

compile "com.squareup.okhttp:okhttp:2.7.5"
compile "com.squareup.okhttp:okhttp-urlconnection:2.7.5"

添加OKHttpStack类; 

public class OKHttpStack extends HurlStack {
    private final OkUrlFactory okUrlFactory;
    public OKHttpStack() {

        this(new OkUrlFactory( 
            new OkHttpClient.Builder()
                    .certificatePinner(
                        new CertificatePinner.Builder()
                            .add("example.com", "sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=") //This is the cert
                            .build())
                    .build();
        ));
    }
    public OKHttpStack(OkUrlFactory okUrlFactory) {
        if (okUrlFactory == null) {
            throw new NullPointerException("Client must not be null.");
        }
        this.okUrlFactory = okUrlFactory;
    }

    @Override
    protected HttpURLConnection createConnection(URL url) throws IOException {
        return okUrlFactory.open(url);
    }
}

然后在创建RequestQueue时执行以下操作:

Network network = new BasicNetwork(new OKHttpStack());
File cacheDir = new File(context.getCacheDir(), "volley");
int threads = 4;
mRequestQueue = new RequestQueue(new DiskBasedCache(cacheDir), network, threads);

请注意我还没有测试过,我们正在考虑固定。

祝你好运! GAV

参考文献:

https://gist.github.com/JakeWharton/5616899 https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CertificatePinning.java

相关问题
最新问题