[英]Retrofit2 and certificate pinning
In my android app I want to use certificate pinning when communicating with the server.在我的 android 应用程序中,我想在与服务器通信时使用证书锁定。 I saw this code that uses the
keystore
that is stored in the raw
folder.我看到这段代码使用存储在
raw
文件夹中的keystore
。
OkClient client = new RetrofitClientBuilder()
.pinCertificates(getResources(), R.raw.keystore, STORE_PASS)
.build()
I'm using retrofit2
and OkHTTP3
and just saw this example:我使用
retrofit2
和OkHTTP3
和刚才看到这个例子:
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(new CertificatePinner.Builder()
.add("publicobject.com", "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=")
.add("publicobject.com", "sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=")
.add("publicobject.com", "sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=")
.add("publicobject.com", "sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=")
.build())
.build();
Retrofit retrofit = new Retrofit.Builder()
.baseUrl("http://api.nuuneoi.com/base/")
.addConverterFactory(GsonConverterFactory.create())
.client(client)
.build();
Does this later approach achieves the same result has the first one?这种后来的方法是否达到了与第一种方法相同的结果?
I can say that this approach worked wonderfully for me.我可以说这种方法对我来说非常有效。 Just make sure you add your endpoint correctly without the "https://" to the certificate pinner and it should work just fine.
只需确保在没有“https://”的情况下将端点正确添加到证书固定器,它应该可以正常工作。
您应该需要将sha1/
更改为sha256/
,它对我来说效果很好。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.