stackoom
  简体   繁体   中英

Certificate pinning using HttpOK

 原文  2016-10-05 21:03:17       java/ android/ okhttp

Question

Hi there I am trying to implement certificate pinning using HttpOk: https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html

Can anyone give me an idea of where I am meant to put the following code in order to get the certificate pinning exception? 

 String hostname = "publicobject.com";
 CertificatePinner certificatePinner = new CertificatePinner.Builder()
     .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
     .build();
 OkHttpClient client = OkHttpClient.Builder()
     .certificatePinner(certificatePinner)
     .build();

 Request request = new Request.Builder()
     .url("https://" + hostname)
     .build();
 client.newCall(request).execute();

Thanks :)

2 answers

solution1
 0  2016-10-05 21:14:16

It is supposed to go wherever you are creating client for your web service calls. Remember you have to replace there public key with your server's public key.

solution2
 0  2016-10-06 07:42:53

You should add it whereever you are currently building an OkHttpClient. Specifically the only lines you should be adding to the existing code is 

 CertificatePinner certificatePinner = new CertificatePinner.Builder()
     .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
     .build();

 ...builder.certificatePinner(certificatePinner)...

The NetworkOnMainThreadException is probably because you are also making a call at this point. You don't want to make an additional HTTP call, you just want this applied to all existing calls hitting publicobject.com

If you are on a Mac you can test with oksocial 

$ brew install yschimke/tap/oksocial
$ oksocial --certificatePin publicobject.com:sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  https://publicobject.com/robots.txt
request failed
javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!
  Peer certificate chain:
    sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL, OU=Domain Control Validated
    sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
    sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Pinned certificates for publicobject.com:
    sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
    at okhttp3.CertificatePinner.check(CertificatePinner.java:187)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Certificate Pinning on Android with Robospice How to prevent root device to bypass certificate pinning in Android? Heroku: Spring Boot Gradle app with https tomcat server and certificate pinning Add multiple SSL certificate pinning to Android KeyStore doesn't work. (from Resource file) Pinning a Java application using Launch4j to the Windows 7 taskbar Client Certificate using Weblogic using Certificate in https Using ssl certificate with feign mutual authentication using certificate Using AWS as certificate store
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM