我试图将 SSL 固定到我的本机 android 应用程序,我正在使用下面的代码实现它。我在下面的代码中使用了 DER Encoded X.509 CERTIFICATE。也尝试使用 base 64 编码证书,仍然面临同样的问题。
public abstract class BaseWebService {
public static final int TIMEOUT_LB_DEFAULT = 60;
private static final String TAG = BaseWebService.class.getSimpleName();
private static int connectTimeOut = TIMEOUT_LB_DEFAULT;
public static final int WEB_SERVICE_SUCCESS = 0;
public static final int WEB_SERVICE_FAILURE = 1;
private Handler callback;
static OkHttpClient.Builder builder;
private static boolean enableLog = true;
public static OkHttpClient.Builder getBuilder() throws KeyStoreException, NoSuchAlgorithmException {
if (builder == null) {
builder = new OkHttpClient.Builder();
// builder.sslSocketFactory(SSLSocketFactory,)
'builder.sslSocketFactory(Utility.getSSLContext(Utility.getTrustManager()).getSocketFactory()).build();'
builder.followRedirects(true);
builder.followSslRedirects(true);
builder.retryOnConnectionFailure(true);
builder.cache(null);
}
builder.readTimeout(connectTimeOut, TimeUnit.SECONDS);
builder.writeTimeout(connectTimeOut, TimeUnit.SECONDS);
builder.connectTimeout(connectTimeOut, TimeUnit.SECONDS);
return builder;
}
实用程序类:
public class Utility {
private static Context appContext = null;
public static Context getAppContext() {
return appContext;
}
public static void setAppContext(Context AppContext) {
appContext = AppContext;
}
public static SSLContext getSSLContext(TrustManagerFactory tmf) {
SSLContext context = null;
try {
context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
} catch (Exception e) {
logError(TAG, "Certificate Exception : " + e);
}
return context;
}
public static KeyStore getSSLKeyStore() {
KeyStore keyStore = null;
try {
// Load CAs from an InputStream
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getCertificateFile();
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
} catch (final CertificateException e) {
logError(TAG, "CertificateException : " + e);
} catch (final IOException e) {
logError(TAG, "IOException : " + e);
} catch (Exception e) {
logError(TAG, "Certificate Exception : " + e);
}
return keyStore;
}
public static InputStream getCertificateFile() {
if (appContext != null) {
return appContext.getResources().openRawResource(R.raw.cert_172);
} else {
return null;
}
}
public static TrustManagerFactory getTrustManager() throws KeyStoreException, NoSuchAlgorithmException {
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(Utility.getSSLKeyStore());
return tmf;
}
}
我们如何解决错误java.security.cert.CertPathValidatorException: Trust anchor for certification path not found。