我已经从Square's own github Readme:中获取了代码
@Throws(Exception::class)
fun run() {
val client = OkHttpClient.Builder()
.certificatePinner(CertificatePinner.Builder()
.add("mijn.beterdichtbij.nl", "sha256/x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=")
.build())
.build()
val request = Request.Builder()
.url("https://mijn.beterdichtbij.nl")
.build()
try {
val response = client.newCall(request).execute()
if (!response.isSuccessful) {
Log.i("TestCode","is Not Successful")
throw IOException("Unexpected code $response")
} else {
Log.i("TestCode","is Successful")
}
for (certificate in response.handshake()!!.peerCertificates()) {
println(CertificatePinner.pin(certificate))
}
} catch (e: SSLHandshakeException) {
e.printStackTrace()
}
}
使用Chrome转到该网站时,它可以正常工作,表明该应用在特定手机上具有Comodo CA证书。对于SHA256引脚值,我使用了to this site。 this excellent walkthrough中也提到了此站点。
我使用了这些库的最新版本:
implementation "com.squareup.retrofit2:retrofit:2.5.0"
implementation "com.squareup.retrofit2:converter-moshi:2.5.0"
implementation "com.squareup.okhttp3:okhttp:3.14.1"
这是日志记录:
E/Conscrypt: ------------------Untrusted chain: ----------------------
E/Conscrypt: == Chain0 ==
Version: 3
E/Conscrypt: Serial Number: a628ae0d70cef71c99f75aafcfeb58e4
E/Conscrypt: SubjectDN: CN=*.beterdichtbij.nl, OU=PremiumSSL Wildcard, OU=IT, O=BeterDichtbij B.V., STREET=Oudlaan 4, L=Utrecht, ST=Utrecht, OID.2.5.4.17=3515GA, C=NL
E/Conscrypt: IssuerDN: CN=Sectigo RSA Organization Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
E/Conscrypt: Get not before: Mon May 06 02:00:00 GMT+02:00 2019
E/Conscrypt: Get not after: Mon Jul 05 01:59:59 GMT+02:00 2021
E/Conscrypt: Sig ALG name: SHA256withRSA
E/Conscrypt: Signature: 7461bfd058a956d73f85e923e3fe346946a392ad44ae1c293a060c95f495a7150610bc98bcbcfb8cef80d4b64745e18d76c32ca06e0a068e111a7b31678c4f5de6deacc7e64f35a322268947fa1f4765b90f2f7509e45283ae3ffd55ad39db9ffb9d094ccfcf79e81ed54e3034eefec4d518e5aed9991ed8b4d608edcdfbb73eb16b56500ddff7c1354ecb66f7a7234a46596dca7c0b45112ac19d889de2d35dcf96180a1089b426acdb4d27015c7ff2f63672947f6ecd3120e8f736f2208d950825a8d99e2b60a43103399cc22ee3d1de9eaf09d21b64c42117afd5b2cf00dc760eb7587c6fd97f4c62339d5308a94fb085afda92d7a4871af8e9d698e60936
E/Conscrypt: Public key:
30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03
82 01 0f 00 30 82 01 0a 02 82 01 01 00 e7 f7 69 13 1e 71 6a
c2 6f df 54 fa cc 12 66 d2 0e c3 e6 bd c4 a5 f2 d9 d3 21 f1
9b 43 ba 4f 14 15 74 d6 9f 91 41 75 14 e3 48 01 da 73 08 da
c2 f0 0f ab dd bb c3 72 72 b4 a2 57 50 71 53 f9 5f 63 1e 43
00 59 c3 f4 bb 23 8e 55 93 ad 10 a0 12 4b ca 6b 1e f8 cd c4
c3 d9 2f ec 49 e8 85 5c 3d 62 bc 90 f3 23 8a 54 6f 5d c6 3d
d4 b2 ea 1c 49 d5 43 53 80 bf 40 48 ca 09 96 fd a3 de a4 fa
92 df 0e 55 c4 b4 a8 98 d5 7d 33 0f 1e c3 9c e1 61 7d e2 86
58 60 73 4d 86 75 0e f6 be a9 9c 61 dd 92 7c c0 18 78 91 bb
ce f9 8e ce 75 1a 79 93 cd 0c 16 90 06 8b f4 f1 44 84 10 ec
f7 6a 3c 25 e4 f2 15 d2 3d 58 1c fd b7 a7 6b 9d d6 d5 a9 94
fd 41 67 71 57 12 27 e7 ad b9 17 52 9a bb c9 48 7e 0e 73 c1
54 27 12 4f b6 92 f8 f1 00 56 e7 71 b2 68 8e 87 f6 93 2e 15
80 f8 fd 74 38 fb 7f 40 8b 02 03 01 00 01
W/System.err: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
W/System.err: at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:336)
W/System.err: at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:300)
W/System.err: at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:185)
W/System.err: at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.java:224)
W/System.err: at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.java:107)
W/System.err: at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.java:87)
W/System.err: at okhttp3.internal.connection.Transmitter.newExchange(Transmitter.java:169)
W/System.err: at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:41)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
W/System.err: at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:94)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
W/System.err: at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
W/System.err: at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:88)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:142)
W/System.err: at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:117)
W/System.err: at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:221)
W/System.err: at okhttp3.RealCall.execute(RealCall.java:81)