Square okHTTP certificate pinning - sslSocketFactory error
Question
I am trying to import my own BKS file, which contains my self signed certificate but I am running into trouble with okHTTP. I want to do this with the bks file, I also got it working via the sha512/.
I ve got this code from several tutorials and I know there the problem is, but cant fix it.
import android.content.Context;
import android.util.Log;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
public class Pinning
{
Context context;
public static String TRUST_STORE_PASSWORD = "your_secret";
private static final String ENDPOINT = "https://api.yourdomain.com/";
public Pinning(Context c) {
this.context = c;
}
private SSLSocketFactory getPinnedCertSslSocketFactory(Context context) {
try {
KeyStore trusted = KeyStore.getInstance("BKS");
InputStream in = context.getResources().openRawResource(R.raw.mytruststore);
trusted.load(in, "mypass".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trusted);
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
return sslContext.getSocketFactory();
} catch (Exception e) {
Log.e("MyApp", e.getMessage(), e);
}
return null;
}
public void makeRequest() {
try {
OkHttpClient client = new OkHttpClient().sslSocketFactory(getPinnedCertSslSocketFactory(this.context));
Request request = new Request.Builder()
.url(ENDPOINT)
.build();
Response response = client.newCall(request).execute();
Log.d("MyApp", response.body().string());
} catch (Exception e) {
Log.e("MyApp", e.getMessage(), e);
}
}
}
Now I am getting the following error within the following line:
OkHttpClient client = new OkHttpClient().sslSocketFactory(getPinnedCertSslSocketFactory(this.context)).;
ERROR:
SSLSocketFactory in okHTTPClient cannt be applied to javax.net.SSLSocketFactory.
If you look within the imports you see the following 3 from javax.
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
So i got a missmatch. Seems like I need an okHTTP - sslSocketFactory with my bks file. But I cant find a working explanation to that. I am also using okHTTP 3.3.1
compile 'com.squareup.okhttp3:okhttp:3.3.1'
I found that explanation/solution here: How can I pin a certificate with Square OKHTTP? . As mentioned before. I want to use the bks file, not the sha512/ method.
Therefore I need to know, how to parse that javax.ssl.Factory into the okHTTP-sslFactory or how to create an okHTTPsslFactory with the generate bks file.
Furthermore the method setSSLSocketFactory is not available anymore in okHTTP 3.1.1.
I really appreciate your help and thanks for taking the time to get through this question!
1 answers
solution1
0 ACCPTED 2016-06-10 01:22:11
You should use the following syntax instead
OkHttpClient client = new OkHttpClient.Builder()
.sslSocketFactory(getPinnedCertSslSocketFactory(this.context))
.build();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.