堆棧內存溢出
  簡體   English   中英

android中websockets的證書固定

[英]Certificate pinning for websockets in android

 原文  2019-12-30 07:47:11       android/ ssl-certificate/ pinning/ certificate-pinning/ public-key-pinning

問題描述

我們在我的一個 Android 應用程序中使用 websockets。 使用第 3 方庫“ https://github.com/TakahikoKawasaki/nv-websocket-client ”。

現在我們想為 websockets 啟用 ssl pinning。 我們應該怎么做?

謝謝

1 個解決方案

解決方案1
 0  2019-12-31 04:56:47

We can enable ssl pinning for web sockets using sslContext. 

This is my working code.



----------
val sslContext =  SSLContext.getInstance("TLS")
        sslContext.init(null, arrayOf(CustomTrustManager(null)), SecureRandom())
        mSocketFactory.sslContext = sslContext
        val ws = mSocketFactory.createSocket(presentEndpoint)



class CustomTrustManager(keyStore: KeyStore?) : X509TrustManager {

    private val tag = CustomTrustManager::class.java.canonicalName

    init {
        val factory: TrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
        factory.init(keyStore)
        val trustmanagers: Array<TrustManager> = factory.trustManagers
        if (trustmanagers.isEmpty()) {
            throw NoSuchAlgorithmException("no trust manager found")
        }
    }

    override fun checkClientTrusted(chain: Array<out X509Certificate>?, authType: String?) {

    }

    override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
        for (certificate in chain!!) {
            if (isValidPin(certificate)) {
                return
            }
        }
        throw  CertificateException("No valid pins found in chain!")
    }

    override fun getAcceptedIssuers(): Array<X509Certificate>? {

        return null
    }

    private fun isValidPin(certificate: X509Certificate): Boolean {
        return try {
            val md = MessageDigest.getInstance("SHA-256")
            val publicKey = certificate.publicKey.encoded
            md.update(publicKey, 0, publicKey.size)
            val pin = Base64.encodeToString(md.digest(), Base64.NO_WRAP)
            val validPins = Collections.singleton(Constants.PK)
            if (validPins.contains("sha256/$pin")) {
                return true
            }
            false
        } catch (ex: NoSuchAlgorithmException) {
            throw CertificateException(ex)
        }
    }

}

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Android Webview 中的證書固定 使用 Retrofit 固定 Android 的證書 將證書固定在Android上 Android 操作系統證書固定 Android SSL 證書固定 Android和iOS中的證書固定 使用Robospice在Android上固定證書 Android SSL證書固定與改造 使用OKHTTP的Android證書固定 避免禁用證書固定Android
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM