我有一个使用webview的android应用程序,并使用网络安全配置XML文件固定了SSL证书。
我无法连接到相应的服务器,因为该服务器配置了TSL 1.2和1.3,并且我的应用发送了TSL 1.1请求
有什么方法可以启用TSL 1.2或其他功能吗?
....
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add("abc.xyz.com", "sha256/AAAAABBBBBCCCCCC=")
.build();
try {
tlsSocketFactory = new TLSSocketFactory();
okHttp = new OkHttpClient.Builder().sslSocketFactory(tlsSocketFactory, tlsSocketFactory.getTrustManager()).certificatePinner(certificatePinner).build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
mWebView.setWebViewClient(new WebViewClient() {
@Override
public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
String url = request.getUrl().toString();
Request okHttpRequest = new Request.Builder().url(url)
.build();
try {
Response response = okHttp.newCall(okHttpRequest).execute();
return new WebResourceResponse(response.header("content-type"), "", response.body().byteStream());
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
......
添加以上代码,将得到纯JSP文本。
最佳答案
您是否尝试过通过设置okhttp客户端启用tls 1.2,否则请按照以下步骤操作
WebViewClient client = null;
try {
client = new WebViewClient() {
TLSSocketFactory tlsSocketFactory = new TLSSocketFactory();
private OkHttpClient okHttp = new OkHttpClient.Builder().sslSocketFactory(tlsSocketFactory, tlsSocketFactory.getTrustManager()).build();
@Override
public WebResourceResponse shouldInterceptRequest(WebView view, String url) {
Request okHttpRequest = new Request.Builder().url(url).build();
try {
Response response = okHttp.newCall(okHttpRequest).execute();
return new WebResourceResponse("",response.body().byteStream());
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
};
} catch (Exception e) {
e.printStackTrace();
}
webView.setWebViewClient(client);
现在创建一个新的TLSSocketFactory.java文件,如下所示
public class TLSSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private TrustManager[] trustManagers;
public TLSSocketFactory() throws KeyStoreException, KeyManagementException, NoSuchAlgorithmException {
generateTrustManagers();
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, null);
delegate = context.getSocketFactory();
}
private void generateTrustManagers() throws KeyStoreException, NoSuchAlgorithmException {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
this.trustManagers = trustManagers;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
@Override
public Socket createSocket() throws IOException {
return enableTLSOnSocket(delegate.createSocket());
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTLSOnSocket(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
return enableTLSOnSocket(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
return enableTLSOnSocket(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTLSOnSocket(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTLSOnSocket(delegate.createSocket(address, port, localAddress, localPort));
}
private Socket enableTLSOnSocket(Socket socket) {
if (socket instanceof SSLSocket) {
((SSLSocket) socket).setEnabledProtocols(new String[]{"TLSv1.1", "TLSv1.2"});
}
return socket;
}
@Nullable
public X509TrustManager getTrustManager() {
return (X509TrustManager) trustManagers[0];
}
}
关于android - 为Android Webview启用TSL1.2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58302563/