我正在尝试进行证书固定。我公司使用的网络库不支持固定。所以我必须手动完成。
这是我使用的代码
protected Void doInBackground(Void... params) {
String actualKey = "OpenSSLRSAPublicKey{modulus=ccf0883ebc511bb86f7f6e360385cf3a" +
"8720fa0d9f3367278baf2fd43d29c21b4384f09ae14207beeb429563639d4388aca65a3" +
"a5f5d2c902bf33e6df904598e6a5a1c037add731bdce606c664368cbc4bb7e269bbda82" +
"ff20bd9ca484f5bd660d5628bca4a8f376acf1cab07f0d9476df283ef44d3bf52d4b730" +
"3187cf587cbb2ce981e01b6cb32ba4f9b197b60013ff19215abb7d2ca9608007df82641" +
"b05127ec9557927e8bd68ff183f8b72720f93152f207f89b446e38fc7aa3db4928f5fb7" +
"92f33898381e7bc5ddb612d2e3a3191854797add8e0d47ed9f7da709e55a89aa7369620" +
"2d90275ada9d43fb462a16839787b6ea3c83df66a1d6e528a38d0d,publicExponent=1" +
"0001}";
try {
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket("prisonvoicemail.com", 443);
socket.startHandshake();
Certificate[] certs = socket.getSession().getPeerCertificates();
Certificate cert = certs[0];
String key = cert.getPublicKey().toString();
Log.d(LOG_TAG, key);
if(key.equals(actualKey)){
Log.d(LOG_TAG, "Success");
} else {
Log.d(LOG_TAG, "Failure");
}
} catch (IOException e){
e.printStackTrace();
}
return null;
但由于某种原因,它不起作用。当我正常连接时它会成功,当我通过代理(mitmproxy)连接以测试模拟中间人攻击的不同证书时,我也获得成功。这就像它完全绕过代理并直接进入普通证书一样。我不知道这是为什么。