17

我想在 volley 网络库中使用 SSL Pinning。有什么方法可以通过 volley 实现 SSL pinning?volley 是否为安全改进提供这种支持?

4

5 回答 5

13

我只是像这里描述的那样实现了它:http: //blog.ostorlab.co/2016/05/ssl-pinning-in-android-networking.html

这是凌空实现所需的代码:

CertificateFactory cf = CertificateFactory.getInstance("X.509");

// Generate the certificate using the certificate file under res/raw/cert.cer
InputStream caInput = new BufferedInputStream(getResources().openRawResource(R.raw.cert));
Certificate ca = cf.generateCertificate(caInput);
caInput.close();

// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore trusted = KeyStore.getInstance(keyStoreType);
trusted.load(null, null);
trusted.setCertificateEntry("ca", ca);

// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(trusted);

// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);

SSLSocketFactory sf = context.getSocketFactory();
mRequestQueue = Volley.newRequestQueue(mCtx.getApplicationContext(), new HurlStack(null, sf));

似乎工作!

于 2017-04-26T12:50:27.010 回答
2

我只是为我正在从事的项目研究了同样的事情。但是,我所处的位置可能与您不同。

我正在使用带有 OKHttp 网络堆栈的 Volley ( https://gist.github.com/JakeWharton/5616899 ):

将这些添加到您的 Gradle Build:1

compile "com.squareup.okhttp:okhttp:2.7.5"
compile "com.squareup.okhttp:okhttp-urlconnection:2.7.5"

添加一个OKHttpStack类;

public class OKHttpStack extends HurlStack {
    private final OkUrlFactory okUrlFactory;
    public OKHttpStack() {

        this(new OkUrlFactory( 
            new OkHttpClient.Builder()
                    .certificatePinner(
                        new CertificatePinner.Builder()
                            .add("example.com", "sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=") //This is the cert
                            .build())
                    .build();
        ));
    }
    public OKHttpStack(OkUrlFactory okUrlFactory) {
        if (okUrlFactory == null) {
            throw new NullPointerException("Client must not be null.");
        }
        this.okUrlFactory = okUrlFactory;
    }

    @Override
    protected HttpURLConnection createConnection(URL url) throws IOException {
        return okUrlFactory.open(url);
    }
}

然后,当您创建 RequestQueue 时,请执行以下操作:

Network network = new BasicNetwork(new OKHttpStack());
File cacheDir = new File(context.getCacheDir(), "volley");
int threads = 4;
mRequestQueue = new RequestQueue(new DiskBasedCache(cacheDir), network, threads);

请注意,我尚未对此进行测试,我们目前正在考虑固定。

祝你好运!加夫

参考:

https://gist.github.com/JakeWharton/5616899 https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CertificatePinning.java

于 2017-04-05T00:32:16.743 回答
1

您可以使用公钥固定而不是证书固定:

使用 Volley 库的公钥固定

于 2016-02-04T13:21:39.857 回答
0

我正在实施同样的事情。我找到了一篇博文,希望对你有所帮助

http://ogrelab.ikratko.com/using-android-volley-with-self-signed-certificate/

于 2015-02-03T01:50:01.433 回答
0

您可以使用network_security_config.xml更多信息:https ://developer.android.com/training/articles/security-config

于 2022-01-17T16:36:08.380 回答