我的代码有一个大问题,在https.androif.js中,我有:
"use strict";
var peer = {
enabled: false,
allowInvalidCertificates: false,
validatesDomainName: true,
};
function enableSSLPinning(options) {
if (!peer.host && !peer.certificate
) {
var certificate = void 0;
var InputSteram = void 0;
try {
var file = new java.io.file((options.certificate));
inputstream = new java.io.fileinputstream(file);
var x509certificate = java.security.cert.certificatefactory.getinstance('x509').generatecertificate(inputstream);
peer.x509certificate = x509certificate;
certificate = okhttp3.certificatepinner.pin(x509certificate);
inputstream.close();
}
catch (error) {
try {
if (inputStream) {
console.log('inputStream', inputStream)
inputStream.close();
}
}
catch (e) { }
console.error('nativescript-https > enableSSLPinning error', error);
return;
}
peer.host = options.host;
peer.certificate = certificate;
if (options.allowInvalidCertificates == true) {
peer.allowInvalidCertificates = true;
}
if (options.validatesDomainName == false) {
peer.validatesDomainName = false;
}
}
peer.enabled = true;
getClient(true);
console.log('nativescript-https > Enabled SSL pinning');
}
exports.enableSSLPinning = enableSSLPinning;
function disableSSLPinning() {
peer.enabled = false;
getClient(true);
console.log('nativescript-https > Disabled SSL pinning');
}
exports.disableSSLPinning = disableSSLPinning;
console.info('nativescript-https > Disabled SSL pinning by default');
var Client;
function getClient(reload) {
console.log(reload)
if (reload === void 0) { reload = false; }
if (Client && reload == false) {
return Client;
}
var client = new okhttp3.OkHttpClient.Builder();
if (peer.enabled == true) {
if (peer.host || peer.certificate) {
var spec = okhttp3.ConnectionSpec.MODERN_TLS;
client.connectionSpecs(java.util.Collections.singletonList(spec));
var pinner = new okhttp3.CertificatePinner.Builder();
pinner.add(peer.host, [peer.certificate]);
client.certificatePinner(pinner.build());
if (peer.allowInvalidCertificates == true) {
try {
var x509Certificate = peer.x509Certificate;
var keyStore = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry('CA', x509Certificate);
var keyManagerFactory = javax.net.ssl.KeyManagerFactory.getInstance('X509');
keyManagerFactory.init(keyStore, null);
var keyManagers = keyManagerFactory.getKeyManagers();
var trustManagerFactory = javax.net.ssl.TrustManagerFactory.getInstance(javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
var sslContext = javax.net.ssl.SSLContext.getInstance('TLS');
sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new java.security.SecureRandom());
client.sslSocketFactory(sslContext.getSocketFactory());
}
catch (error) {
console.error('nativescript-https > client.allowInvalidCertificates error', error);
}
}
if (peer.validatesDomainName == false) {
try {
client.hostnameVerifier(new javax.net.ssl.HostnameVerifier({
verify: function (hostname, session) {
var pp = session.getPeerPrincipal().getName();
var hv = javax.net.ssl.HttpsURLConnection.getDefaultHostnameVerifier();
return (hv.verify(peer.host, session) &&
peer.host == hostname &&
peer.host == session.getPeerHost() &&
pp.indexOf(peer.host) != -1);
},
}));
}
catch (error) {
console.error('nativescript-https > client.validatesDomainName error', error);
}
}
}
else {
console.warn('nativescript-https > Undefined host or certificate. SSL pinning NOT working!!!');
}
}
Client = client.build();
console.log('Client', Client)
return Client;
}
function request(opts) {
return new Promise(function (resolve, reject) {
try {
var client = getClient();
var request_1 = new okhttp3.Request.Builder();
request_1.url(opts.url);
var reqheads_1 = opts.headers;
Object.keys(reqheads_1).forEach(function (key) {
request_1.addHeader(key, reqheads_1[key]);
});
if (opts.method == 'GET') {
request_1.get();
}
else if (opts.method == 'POST') {
var type = okhttp3.MediaType.parse('application/json');
var body = okhttp3.RequestBody.create(type, opts.content);
request_1.post(body);
}
client.newCall(request_1.build()).enqueue(new okhttp3.Callback({
onResponse: function (task, response) {
var content;
try {
content = JSON.parse(response.body().string());
}
catch (error) {
return reject(error);
}
var statusCode = response.code();
var headers = {};
var heads = response.headers();
var i, len = heads.size();
for (i = 0; i < len; i++) {
var key = heads.name(i);
var value = heads.value(i);
headers[key] = value;
}
resolve({ content: content, statusCode: statusCode, headers: headers });
},
onFailure: function (task, error) {
reject(error);
},
}));
}
catch (error) {
reject(error);
}
});
}
exports.request = request;
在component.ts中,我使用了以下代码:
let dir = knownFolders.currentApp().getFolder('certificate')
let certificate = dir.getFile('certificate.pem').path
Https.enableSSLPinning({ host: 'XX.XXX.XX.XX', certificate, allowInvalidCertificates: true, validatesDomainName: false })
Https.request({
url: 'https://XX.XXX.XX.XX:3333/login',
method: 'GET',
headers: {
"Content-type": "application/x-www-form-urlencoded",
},
}).then(function (response) {
console.log('Https.request response', response);
}).catch(function (error) {
console.error('Https.request error', error);
})
我使用了从服务器生成的自签名证书。我想
allowInvalidCertificates: true,
validatesDomainName: false
从此代码中我得到错误:
JS: Https.request error javax.net.ssl.SSLPeerUnverifiedException: Hostname XX.XXX.XX.XX not verified:
JS: certificate: sha256/hfR9N2GN2WS1NQuHAAnOUc1gVQCf4f4HrhdlfXXP+Ko=
JS: DN: 1.2.840.113549.1.9.1=#16111315727473401578616d706c652e636f6d,CN=localhost,OU=techops,O=Example > Co,L=Boston,ST=MA,C=US
JS: subjectAltNames: []
我认为这部分代码存在问题:
... onFailure: function (task, error) {
console.log('test1', error)
reject(error);
},....
您能否问我任何想法,如何解决此错误?怎么了?
这是我使用的插件:https-nativescript
很多撒谎