13

我通过提及我迄今为止尝试过的内容来开始我的问题:

我的应用程序中没有证书,我只使用 SHA256 密钥,互联网上的大多数答案都需要应用程序中的物理证书才能将其加载到密钥库中,我没有。

我收到以下错误:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

1) TrustKit它需要编译 SDK 24 及更高版本,但我有 23 个并且很多支持库与 SDK 23 同步,所以我无法更改所有这些,它可能会在某个时候使我的应用程序崩溃。

2) CWAC-NetSecurity我已经在我的代码中实现了这一点,而没有使用 Android N 安全设置,我也遵循了 git 页面上给出的指令,但无法从中将 sslSocketfactory 传递给 Volley,它有 OkHTTP 的示例。所以它也给出了上述错误。

我已经用 OKHttp 的 CertificatePinner 试过了,它也不适合我。同样的错误。我也尝试将 hostNameVerifier 和 sslSocketFactory 传递给 HttpsUrlConnection 但同样的错误。

JsonObjectRequestSolaire jsonRequest = new JsonObjectRequestSolaire(method, URL, object, headers, responseListener, errorListener);
    RetryPolicy policy = new DefaultRetryPolicy(TIMEOUT, DefaultRetryPolicy.DEFAULT_MAX_RETRIES, DefaultRetryPolicy.DEFAULT_BACKOFF_MULT);
    jsonRequest.setRetryPolicy(policy);
    jsonRequest.setShouldCache(false);

    OkHttpClient okHttpClient = new OkHttpClient.Builder()
            .certificatePinner(new CertificatePinner.Builder()
                    .add("my_domain", "sha256/shaKey")//example.com
                    .add("my_domain", "sha256/shaKey")//also tried *.example.com
                    .build())
            .build();

    //HttpsURLConnection.setDefaultHostnameVerifier(okHttpClient.hostnameVerifier());
    //HttpsURLConnection.setDefaultSSLSocketFactory(okHttpClient.sslSocketFactory());

    RequestQueue requestQueue = Volley.newRequestQueue(activity.getApplicationContext(), new HurlStack(null, okHttpClient.sslSocketFactory()));
    requestQueue.add(jsonRequest);

通过使用我们的 iOS 开发人员实现的 trustKit,它正在为他工作。

提前致谢。

请在这里分享您的宝贵意见,以便我理解这个 SSL 固定概念。

4

1 回答 1

5

使用这个 VolleySingleton:

public class VolleySingleton {


  private static VolleySingleton mInstance;
  private RequestQueue mRequestQueue;
  private static Context mCtx;

  private VolleySingleton(Context context) {
    mCtx = context;
    mRequestQueue = getRequestQueue();
  }

  public static synchronized VolleySingleton getInstance(Context context) {
    if (mInstance == null) {
      mInstance = new VolleySingleton(context);
    }
    return mInstance;
  }

  public RequestQueue getRequestQueue() {
    if (mRequestQueue == null) {
      // getApplicationContext() is key, it keeps you from leaking the
      // Activity or BroadcastReceiver if someone passes one in.
      mRequestQueue = Volley.newRequestQueue(mCtx.getApplicationContext(), new HurlStack(null, newSslSocketFactory()));
    }
    return mRequestQueue;
  }

  public <T> void addToRequestQueue(Request<T> req) {
    int socketTimeout = 90000;
    RetryPolicy policy = new DefaultRetryPolicy(socketTimeout,
        DefaultRetryPolicy.DEFAULT_MAX_RETRIES,
        DefaultRetryPolicy.DEFAULT_BACKOFF_MULT);
    req.setRetryPolicy(policy);
    getRequestQueue().add(req);
  }

  private SSLSocketFactory newSslSocketFactory() {
    try {
      // Get an instance of the Bouncy Castle KeyStore format
      KeyStore trusted = KeyStore.getInstance("BKS");
      // Get the raw resource, which contains the keystore with
      // your trusted certificates (root and any intermediate certs)
      InputStream in = mCtx.getApplicationContext().getResources().openRawResource(R.raw.trusted);
      try {
        // Initialize the keystore with the provided trusted certificates
        // Provide the password of the keystore
        trusted.load(in, mCtx.getString(R.string.KEYSTORE_PASS).toCharArray());
      } finally {
        in.close();
      }

      String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
      TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
      tmf.init(trusted);

      SSLContext context = SSLContext.getInstance("TLSv1.2");
      context.init(null, tmf.getTrustManagers(), null);

      HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
          Log.i("Volley","Verifing host:"+hostname);
          return true;
        }
      });

      SSLSocketFactory sf = context.getSocketFactory();
      return sf;
    } catch (Exception e) {
      throw new AssertionError(e);
    }
  }
}
于 2017-08-16T18:46:31.587 回答