我通过提及到目前为止我所尝试的内容来开始我的问题:
我的应用程序中没有证书,我只使用 SHA256 密钥,互联网上的大多数答案都需要应用程序中的物理证书才能将其加载到密钥库中,我没有。
我收到以下错误:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
1(TrustKit 它需要编译 SDK 24 及更高版本,但我有 23 个,并且很多支持库都与 SDK 23 同步,所以我无法更改所有这些库,它可能会在某个时候使我的应用程序崩溃。
2(CWAC-NetSecurity 我已经在我的代码中实现了这个,没有使用 Android N 安全设置,我也遵循了 git 页面上给出的说明,但无法从中将 sslSocketfactory 传递给 Volley,它有 OkHTTP 的例子。所以它也给出了上述错误。
我已经用OKHttp的证书平纳尝试过这个,它也对我不起作用。同样的错误。我也尝试将hostNameVerifier和sslSocketFactory传递给HttpsUrlConnection,但同样的错误。
JsonObjectRequestSolaire jsonRequest = new JsonObjectRequestSolaire(method, URL, object, headers, responseListener, errorListener);
RetryPolicy policy = new DefaultRetryPolicy(TIMEOUT, DefaultRetryPolicy.DEFAULT_MAX_RETRIES, DefaultRetryPolicy.DEFAULT_BACKOFF_MULT);
jsonRequest.setRetryPolicy(policy);
jsonRequest.setShouldCache(false);
OkHttpClient okHttpClient = new OkHttpClient.Builder()
.certificatePinner(new CertificatePinner.Builder()
.add("my_domain", "sha256/shaKey")//example.com
.add("my_domain", "sha256/shaKey")//also tried *.example.com
.build())
.build();
//HttpsURLConnection.setDefaultHostnameVerifier(okHttpClient.hostnameVerifier());
//HttpsURLConnection.setDefaultSSLSocketFactory(okHttpClient.sslSocketFactory());
RequestQueue requestQueue = Volley.newRequestQueue(activity.getApplicationContext(), new HurlStack(null, okHttpClient.sslSocketFactory()));
requestQueue.add(jsonRequest);
通过使用 trustKit 我们的 iOS 家伙实现了它,它正在为他工作。
提前谢谢。
请在这里分享您的宝贵意见,以便我理解这个SSL固定概念。
使用此 VolleySingleton:
public class VolleySingleton {
private static VolleySingleton mInstance;
private RequestQueue mRequestQueue;
private static Context mCtx;
private VolleySingleton(Context context) {
mCtx = context;
mRequestQueue = getRequestQueue();
}
public static synchronized VolleySingleton getInstance(Context context) {
if (mInstance == null) {
mInstance = new VolleySingleton(context);
}
return mInstance;
}
public RequestQueue getRequestQueue() {
if (mRequestQueue == null) {
// getApplicationContext() is key, it keeps you from leaking the
// Activity or BroadcastReceiver if someone passes one in.
mRequestQueue = Volley.newRequestQueue(mCtx.getApplicationContext(), new HurlStack(null, newSslSocketFactory()));
}
return mRequestQueue;
}
public <T> void addToRequestQueue(Request<T> req) {
int socketTimeout = 90000;
RetryPolicy policy = new DefaultRetryPolicy(socketTimeout,
DefaultRetryPolicy.DEFAULT_MAX_RETRIES,
DefaultRetryPolicy.DEFAULT_BACKOFF_MULT);
req.setRetryPolicy(policy);
getRequestQueue().add(req);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the keystore with
// your trusted certificates (root and any intermediate certs)
InputStream in = mCtx.getApplicationContext().getResources().openRawResource(R.raw.trusted);
try {
// Initialize the keystore with the provided trusted certificates
// Provide the password of the keystore
trusted.load(in, mCtx.getString(R.string.KEYSTORE_PASS).toCharArray());
} finally {
in.close();
}
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(trusted);
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
Log.i("Volley","Verifing host:"+hostname);
return true;
}
});
SSLSocketFactory sf = context.getSocketFactory();
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}