0

我在 Fabric 上遇到以下异常:

Non-fatal Exception: javax.net.ssl.SSLPeerUnverifiedException: Hostname assets.domain.com not verified:
    certificate: sha256/6NEXAaHJ2CAMKUOkWhMCwH9biv2QtAFsYMl0WqkocgM=
    DN: CN=apc.aptilo.com,OU=Domain Control Validated - RapidSSL(R),OU=See www.rapidssl.com/resources/cps (c)13,OU=GT19785026,2.5.4.5=#13204456444273427335456d62337a6151706e6e6d356744615556354b6a63696c44
    subjectAltNames: [apc.aptilo.com]
       at okhttp3.internal.connection.RealConnection.connectTls(SourceFile:250)
       at okhttp3.internal.connection.RealConnection.establishProtocol(SourceFile:198)
       at okhttp3.internal.connection.RealConnection.buildConnection(SourceFile:174)
       at okhttp3.internal.connection.RealConnection.connect(SourceFile:114)
       at okhttp3.internal.connection.StreamAllocation.findConnection(SourceFile:193)
       at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(SourceFile:129)
       at okhttp3.internal.connection.StreamAllocation.newStream(SourceFile:98)
       at okhttp3.internal.connection.ConnectInterceptor.intercept(SourceFile:42)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:92)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:67)
       at okhttp3.internal.cache.CacheInterceptor.intercept(SourceFile:109)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:92)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:67)
       at okhttp3.internal.http.BridgeInterceptor.intercept(SourceFile:93)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:92)
       at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(SourceFile:124)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:92)
       at okhttp3.internal.http.RealInterceptorChain.proceed(SourceFile:67)
       at okhttp3.RealCall.getResponseWithInterceptorChain(SourceFile:170)
       at okhttp3.RealCall.access$100(SourceFile:33)
       at okhttp3.RealCall$AsyncCall.execute(SourceFile:120)
       at okhttp3.internal.NamedRunnable.run(SourceFile:32)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588)
       at java.lang.Thread.run(Thread.java:818)

与安全团队一起,我们意识到这可能是用户打开我们的应用程序连接到某些酒店 Wi-Fi 并使用那些讨厌的登录页面打上烙印的情况。到目前为止,似乎只有 2 个用户受到影响,而且我们还有更多用户,所以这并不是真正的中间人攻击。

因此,我想验证异常的通用名称。如果它与我们的主机匹配assets.domain.com,则它是潜在的攻击,我想记录发生的情况。如果 CN 不同,那么我只想抑制错误。

我有哪些选择?我只能想到解析异常原因字符串并使用正则表达式提取CN=value部分。但是有没有更好的不易出错的解决方案?

tl;博士;

我想从中提取 CN 值SSLPeerUnverifiedException并将其与我们的有效主机名进行比较。实现这一目标的最佳方法是什么?

4

1 回答 1

1

使用您提供的有限样本,它是这样的

"(?s)SSLPeerUnverifiedException:.*?(?<!\\S)CN=([^\\s,]+)(?=,)"

其中捕获组 1 包含 CN 值。

输出: 

 **  Grp 0 -  ( pos 35 , len 165 ) 
SSLPeerUnverifiedException: Hostname assets.domain.com not verified:
    certificate: sha256/6NEXAaHJ2CAMKUOkWhMCwH9biv2QtAFsYMl0WqkocgM=
    DN: CN=apc.aptilo.com  
 **  Grp 1 -  ( pos 186 , len 14 ) 
apc.aptilo.com
于 2016-09-02T18:28:18.397 回答