删除Android上的SSL固定

时间:2018-09-07 12:49:52

标签: android ssl ssl-certificate asynchttpclient sslsocketfactory

嗨,我遇到一种情况,想在SSL应用上删除pinning Android

这是我拥有的执行SSL pinning的代码。

private AsyncHttpClient m_asyncHttpClient;
m_asyncHttpClient.setSSLSocketFactory(getSSLSocketFactory());

private static SSLSocketFactory getSSLSocketFactory(){
    try {
        // Get an instance of the Bouncy Castle KeyStore format
        KeyStore trusted = KeyStore.getInstance("BKS");
        // Get the raw resource, which contains the pinnedcert with
        // your trusted certificates (root and any intermediate certs)
        InputStream in = DPApp.getInstance().getResources().openRawResource(R.raw.XXXXX);
        try {
            // Initialize the pinnedcert with the provided trusted certificates
            // Also provide the password of the pinnedcert
            trusted.load(in, "XXX".toCharArray());
            trusted.size();
        } finally {
            in.close();
        }
        // Pass the pinnedcert to the SSLSocketFactory. The factory is responsible
        // for the verification of the server certificate.
        SSLSocketFactory sf = new SSLSocketFactory(trusted);
        // Hostname verification from certificate
        // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        return sf;
    } catch (Exception e) {
        throw new AssertionError(e);
    }
}

我试图注释setSSLSocketFactory行,但这给了我一个错误

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

我知道服务器certificate已过期,但现在我只想从应用程序中删除SSL固定。

请从Android代码中找到有关最佳方法的任何建议。

0 个答案:

没有答案