美文网首页Network
Retrofit/OkHttp 设置 SSL Pinning

Retrofit/OkHttp 设置 SSL Pinning

作者: FelixLiuu | 来源:发表于2017-10-18 17:54 被阅读0次

    简介

    众所周知,网络访问如果不做加密的话,请求数据很容易被抓包工具获取,从而造成安全隐患。所以,这里我们用到了 SSL Pining

    使用

    #方法一

    OkHttp提供了一个 CertificatePinner 类可以方便的设置 SSL Pinning。

    OkHttp

    OkHttpClient mOkHttpClient = new OkHttpClient.Builder()
                .addNetworkInterceptor(new HttpLoggingInterceptor())
                .addInterceptor(intertor)
                .certificatePinner(pinner)
                .build();

    getCertificataPinner

    /**
 * SSL Pinning 获取证书
 * @return certificata
 */
public static CertificatePinner getCertificata() {

    Certificate ca = null;

    try {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream caInput = ZMApplication.getZMContext().getResources().openRawResource(R.raw.test);

        try {
            ca = cf.generateCertificate(caInput);
        } finally {
            caInput.close();
        }
    } catch (CertificateException | IOException e) {
        e.printStackTrace();
    }

    String certPin = "";
    if (ca != null) {
        certPin = CertificatePinner.pin(ca);
    }
    CertificatePinner certificatePinner = new CertificatePinner.Builder()
            .add(UrlConfig.RELEASE_BASE_URL, certPin)
            .build();

    return certificatePinner;
}

    #方法二

    创建一个只信任指定CA证书的 SSLSocketFactory 对象,注入到OkHttp中。这样OkHttp会使用注入的SSLSocketFactory去创建SSL Socket了

    OkHttp

    OkHttpClient mOkHttpClient = new OkHttpClient.Builder()
                .addNetworkInterceptor(new HttpLoggingInterceptor())
                .addInterceptor(intertor)
                .sslSocketFactory(sslFactory, trustManager)
                .build();

    getSSLSocketFactory

    SSLSocketFactory sslSocketFactory = null;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); 

InputStream caInput = context.getResources().openRawResource(R.raw.ca);
Certificate ca = null;
try {
    ca = certificateFactory.generateCertificate(caInput);
} catch (CertificateException e) {
    e.printStrackTrace();
} finally {
    caInput.close();
}

String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
if (ca == null) {
    return null;
}
keyStore.setCertificateEntry("ca", ca);

String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(algorithm);
trustManagerFactory.init(keyStore);

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);

sslSocketFactory = sslContext.getSocketFactory();
} catch (CertificateException|IOException|KeyStoreException|NoSuchAlgorithmException|KeyManagementException e) {
e.printStackTrace();
}

    参考

    SSL Pinning on Android

    相关文章

      网友评论

        本文标题:Retrofit/OkHttp 设置 SSL Pinning

        本文链接:https://www.haomeiwen.com/subject/nsyeuxtx.html

        延伸阅读

        深度阅读

        • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

        栏目导航

        热点阅读

        Network

        关于我们|服务条款|联系我们|Retrofit/OkHttp 设置 SSL Pinning|投稿指南|网站地图|RSS订阅|排版工具|手机版

        提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

        Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

        备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

        本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

        所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!