当我上传APK到下面的Play商店时,我收到了Google Play的安全警报。 您的应用正在使用HostnameVerifier接口的不安全实现。 我的代码在这里。
public class NukeSSLCerts {
protected static final String TAG = "NukeSSLCerts";
public static void nuke() {
try {
TrustManager[] trustManagerArr = new TrustManager[]{new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
}
public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}};
SSLContext instance = SSLContext.getInstance("SSL");
instance.init(null, trustManagerArr, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(instance.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String str, SSLSession sSLSession) {
return true;
}
});
} catch (Exception unused) {
}
}
}
答案 0 :(得分:3)
接受所有SSL证书通常不是理想的情况。更好的方法是仅使用此代码段接受特定的SSL证书。
final class CustomTrust {
private static InputStream trustedCertificatesInputStream() {
String certificate_one = "ADD_YOUR_CERTIFICATE";
String certificate_two = "ADD_YOUR_CERTIFICATE";
return new Buffer()
.writeUtf8(certificate_one)
.writeUtf8(certificate_two)
.inputStream();
}
public static X509TrustManager getTrustManagerForCertificates()
throws GeneralSecurityException {
InputStream in= trustedCertificatesInputStream();
CertificateFactory certificateFactory =
CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> certificates =
certificateFactory.generateCertificates(in);
if (certificates.isEmpty()) {
throw new IllegalArgumentException("expected non-empty set of trusted
certificates");
}
// Put the certificates a key store.
char[] password = "password".toCharArray(); // Any password will work.
KeyStore keyStore = newEmptyKeyStore(password);
int index = 0;
for (Certificate certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificate);
}
// Use it to build an X509 trust manager.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof
X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
return (X509TrustManager) trustManagers[0];
}
private static KeyStore newEmptyKeyStore(char[] password) throws
GeneralSecurityException {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null; // By convention, 'null' creates an empty key
store.
keyStore.load(in, password);
return keyStore;
} catch (IOException e) {
throw new AssertionError(e);
}
}}
在您的OKHttp客户端中将此CustomTrust用作。
public class MyOkHttpClient {
public static OkHttpClient get(Context context) {
try {
// Install the all-trusting trust manager
X509TrustManager trustManager =
CustomTrust.getTrustManagerForCertificates();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{trustManager}, null);
SSLSocketFactory sslSocketFactory =
sslContext.getSocketFactory();
OkHttpClient.Builder okHttpBuilder = new
OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, trustManager)
.hostnameVerifier((hostname, session) -> true)
.connectTimeout(30, TimeUnit.SECONDS)
.writeTimeout(30, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
return okHttpBuilder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
} }