堆栈内存溢出
  简体   繁体   English

OkHttp3、Retrofit 和证书固定:如何给固定过期

[英]OkHttp3, Retrofit and certificate pinning: how to give an expiration to the pinning

 原文  2019-10-15 10:35:39       android/ ssl/ okhttp/ certificate-pinning

问题描述

In my Android application, I need to use certificate pinning.在我的 Android 应用程序中,我需要使用证书固定。 I'm using Retrofit and OkHttp3 to consume web service and I already define the pinning on hashcode of the certificate.我正在使用RetrofitOkHttp3来使用 web 服务,并且我已经定义了证书哈希码的固定。

CertificatePinner certificatePinner = new CertificatePinner.Builder()
                .add("dummy.com", "sha256/xxxxxxxxxx=")
                .build();     

OkHttpClient httpClient = new OkHttpClient.Builder()
        .certificatePinner(certificatePinner)
        .callTimeout(240, TimeUnit.SECONDS)
        .readTimeout(240, TimeUnit.SECONDS)
        .retryOnConnectionFailure(true)
       .build();


Retrofit retrofitKripton = new Retrofit.Builder()
        .baseUrl(baseUrl)
        .addConverterFactory(KriptonBinderConverterFactory.create())
        .addConverterFactory(ScalarsConverterFactory.create())
        .client(httpClient).build();

I want to force certificate pinning until the certificate expiration, after this I want simply to avoid certificate pinning (this is due the fact I want to avoid that application stop to work after certificate expiration).我想强制证书固定直到证书到期,之后我只想避免证书固定(这是因为我想避免该应用程序在证书到期后停止工作)。 Is there a method to tell OkHpttp3/Retrofit to have the desired behaviour?有没有一种方法可以告诉OkHpttp3/Retrofit具有所需的行为?

Thanks in advance提前致谢

2 个解决方案

解决方案1
 2  2019-10-15 10:48:15

The feature that you are looking for is still not available in OKHTTP according to the below enhancement.根据以下增强功能,您正在寻找的功能在 OKHTTP 中仍然不可用。

https://github.com/square/okhttp/issues/3010 https://github.com/square/okhttp/issues/3010

解决方案2
 2 已采纳  2019-10-15 10:52:30

Is there a method to tell OkHpttp3/Retrofit to have the desired behaviour?有没有一种方法可以告诉 OkHpttp3/Retrofit 具有所需的行为?

You can do that yourself:你可以自己做:

OkHttpClient.Builder = new OkHttpClient.Builder();

if (applyPins()) {
    CertificatePinner certificatePinner = new CertificatePinner.Builder()
                    .add("dummy.com", "sha256/xxxxxxxxxx=")
                    .build();     

    builder..certificatePinner(certificatePinner);
}


OkHttpClient httpClient = builder
        .callTimeout(240, TimeUnit.SECONDS)
        .readTimeout(240, TimeUnit.SECONDS)
        .retryOnConnectionFailure(true)
       .build();

Retrofit retrofitKripton = new Retrofit.Builder()
        .baseUrl(baseUrl)
        .addConverterFactory(KriptonBinderConverterFactory.create())
        .addConverterFactory(ScalarsConverterFactory.create())
        .client(httpClient).build();

Implement applyPins() as a method that returns true if you want to apply the pins, false otherwise. applyPins()实现为一个方法,如果要应用引脚,则返回true ,否则返回false For example, you might use your proposed date comparison.例如,您可以使用建议的日期比较。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用OKHTTP3认证固定进行改造 - Retrofit with OKHTTP3 certification pinning Android-使用Retrofit 2.3和OkHTTP进行证书固定 - Android - Certificate Pinning with Retrofit 2.3 and OkHTTP OkHttp与证书固定 - OkHttp with Certificate Pinning 使用 okHttp 进行证书固定 - Certificate pinning with okHttp 使用 Retrofit 固定 Android 的证书 - Certificate pinning Android with Retrofit 有什么方法可以通过使用 OkHttp3 来防止 SSL 绕过绕过? - Is there any ways how to prevent SSL Pinning Bypass by using OkHttp3? Retrofit2 和证书固定 - Retrofit2 and certificate pinning 证书固定不适用于Android上的OkHttp - Certificate pinning not working with OkHttp on Android 使用OKHTTP的Android证书固定 - Certificate Pinning for android using OKHTTP Android SSL证书固定与改造 - Android SSL certificate pinning with retrofit
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM