我正在尝试使用HurlStack在截击中实现SSL Pinning。
在OkHttpStack类中,如何将mClient提供给库以创建连接?目前没有使用mClient,因此SSL Pinning无法工作。我应该将此mClient传递到哪里,以便库可以将其用于SSL Pinning?
我需要使用当前的体系结构来实现SSL Pinning。有办法吗?
public class OkHttpStack extends HurlStack {
private final OkHttpClient mClient;
public OkHttpStack(Context context) {
this(new OkHttpClient(), context);
}
public OkHttpStack(OkHttpClient client, Context context) {
if (client == null) {
throw new NullPointerException("Client must not be null.");
}
CertificatePinner pinner = new CertificatePinner.Builder()
.add("xyz.com", "sha256/XXXXXXXSKBC8dHnQYY6ncwwUtv2ydjxGAlXXXXXXXXs=").build();
mClient = client.newBuilder().certificatePinner(pinner).build();
}
@Override
protected HttpURLConnection createConnection(URL url) throws IOException {
return (HttpURLConnection) url.openConnection();
}
}
public class VolleyQueueUtils {
private static final String DEFAULT_CACHE_DIR = "volley";
private static final int DISK_CACHE_MAX_SIZE = 20 * 1024 * 1024;
private static RequestQueue sGeneralRequestQueue;
private static DiskBasedCache sDiskCache;
private static RequestQueue sImageQueue;
// private static ImageLoader sImageLoader;
private static RequestQueue sJobQueue;
private static RequestQueue sSingleThreadedRequestQueue;
static {
File cacheDir = new File(App.context.getCacheDir(), DEFAULT_CACHE_DIR);
sDiskCache = new DiskBasedCache(cacheDir, DISK_CACHE_MAX_SIZE);
ResponseDelivery delivery = new ExecutorDelivery(Executors.newFixedThreadPool(4));
ResponseDelivery deliverySingle = new ExecutorDelivery(Executors.newFixedThreadPool(1));
sGeneralRequestQueue =
new RequestQueue(sDiskCache, new BasicNetwork(new OkHttpStack(App.context)), 4, delivery);
// sGeneralRequestQueue = Volley.newRequestQueue(App.context, new OkHttpStack(App.context));
sGeneralRequestQueue.start();
sImageQueue = new RequestQueue(sDiskCache ,new BasicNetwork(new OkHttpStack(App.context)), 4, delivery);
sImageQueue.start();
sSingleThreadedRequestQueue = new RequestQueue(sDiskCache, new BasicNetwork(new OkHttpStack(App.context)), 1,
deliverySingle);
//sSingleThreadedRequestQueue.start();
// sImageLoader = new ImageLoader(sImageQueue, new LruBitmapCache());
// Job queue for background tasks
sJobQueue = new RequestQueue(new NoCache(), new BasicNetwork(new OkHttpStack(App.context)), 4, delivery);
sJobQueue.start();
}
public static ImageLoader getImageLoader() {
return BitmapQueueUtils.getLoaderInstance();
}
public static RequestQueue getGeneralRequestQueue() {
return sGeneralRequestQueue;
}
public static RequestQueue getSingleThreadedRequestQueue() {
return sSingleThreadedRequestQueue;
}
public static RequestQueue getJobQueue () {
return sJobQueue;
}
}
您做得不对的是,您使用指定的pinning配置创建了一个okhttp客户端,但没有使用它来创建真正的连接。
你有两个选项来修复它:
- 使用您配置的okhttp客户端,这意味着实现另一个httpstack而不是HurlStack,比如https://gist.github.com/arvi/f1a0d2a812650c546223642856afe1e9,并且您不能用okhttp3真正实现HurlStack,因为okhttp3使用okio来进行传输,并且它不会创建HttpURLConnection
- 使用正确的SSLContext/TrustManager创建HttpURLConnection,并使用证书固定,这是传统的方法。在这种情况下,您将需要证书数据