我的问题是,我是否必须在每个 Get/Post 请求之前单独请求检查 SSL Pinning
OkHttpClient client = new OkHttpClient.Builder().certificatePinner(
new CertificatePinner.Builder()
.add(pinningUrl, "sha256/invalidPIN")
.build()).build();
Request request = new Request.Builder()
.url(pinningUrl)
.build();
Response response = client.newCall(request).execute();
或者我可以用这样的每个 Get/Post 来检查它吗
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(pinningUrl, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") .build();
OkHttpClient client = new OkHttpClient().newBuilder().certificatePinner(certificatePinner).build();
Request request = new Request.Builder() .url(getResources().getString(R.string.server_url_user_mgmt_services))
.addHeader("Content-Type", "application).post(body)
.build();
client.newCall(request)
.enqueue(new Callback() {
@Override
public void onFailure(Call call, IOException e) {
pd.dismiss();
Toast.makeText(LoginActivity.this, "Some error occured!\nTry Again", Toast.LENGTH_SHORT).show();
}
@Override
public void onResponse(Call call, Response response) throws IOException {
String str = response.body().toString();
}
});
如果我在每个请求上检查它,请求已执行但它不检查证书帮助我解决这个问题。
最佳答案
根据您的第一个代码示例,您似乎在尝试使用 URL 而不是主机名或通配符来固定。
你应该在你的 OkHttpClient 上配置一次 per host 然后就可以发出你的正常请求了。您定义的引脚应该以主机为键,而不是 url。
https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html
String hostname = "publicobject.com";
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
Request request = new Request.Builder()
.url("https://" + hostname)
.build();
client.newCall(request).execute();
关于同一请求中的 SSL 固定,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42361321/