[英]OkHttp3, Retrofit and certificate pinning: how to give an expiration to the pinning
In my Android application, I need to use certificate pinning.在我的 Android 应用程序中,我需要使用证书固定。 I'm using
Retrofit
and OkHttp3
to consume web service and I already define the pinning on hashcode of the certificate.我正在使用
Retrofit
和OkHttp3
来使用 web 服务,并且我已经定义了证书哈希码的固定。
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add("dummy.com", "sha256/xxxxxxxxxx=")
.build();
OkHttpClient httpClient = new OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.callTimeout(240, TimeUnit.SECONDS)
.readTimeout(240, TimeUnit.SECONDS)
.retryOnConnectionFailure(true)
.build();
Retrofit retrofitKripton = new Retrofit.Builder()
.baseUrl(baseUrl)
.addConverterFactory(KriptonBinderConverterFactory.create())
.addConverterFactory(ScalarsConverterFactory.create())
.client(httpClient).build();
I want to force certificate pinning until the certificate expiration, after this I want simply to avoid certificate pinning (this is due the fact I want to avoid that application stop to work after certificate expiration).我想强制证书固定直到证书到期,之后我只想避免证书固定(这是因为我想避免该应用程序在证书到期后停止工作)。 Is there a method to tell
OkHpttp3/Retrofit
to have the desired behaviour?有没有一种方法可以告诉
OkHpttp3/Retrofit
具有所需的行为?
Thanks in advance提前致谢
The feature that you are looking for is still not available in OKHTTP according to the below enhancement.根据以下增强功能,您正在寻找的功能在 OKHTTP 中仍然不可用。
https://github.com/square/okhttp/issues/3010 https://github.com/square/okhttp/issues/3010
Is there a method to tell OkHpttp3/Retrofit to have the desired behaviour?
有没有一种方法可以告诉 OkHpttp3/Retrofit 具有所需的行为?
You can do that yourself:你可以自己做:
OkHttpClient.Builder = new OkHttpClient.Builder();
if (applyPins()) {
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add("dummy.com", "sha256/xxxxxxxxxx=")
.build();
builder..certificatePinner(certificatePinner);
}
OkHttpClient httpClient = builder
.callTimeout(240, TimeUnit.SECONDS)
.readTimeout(240, TimeUnit.SECONDS)
.retryOnConnectionFailure(true)
.build();
Retrofit retrofitKripton = new Retrofit.Builder()
.baseUrl(baseUrl)
.addConverterFactory(KriptonBinderConverterFactory.create())
.addConverterFactory(ScalarsConverterFactory.create())
.client(httpClient).build();
Implement applyPins()
as a method that returns true
if you want to apply the pins, false
otherwise. applyPins()
实现为一个方法,如果要应用引脚,则返回true
,否则返回false
。 For example, you might use your proposed date comparison.例如,您可以使用建议的日期比较。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.