如何解决SSL固定即使证书过期也能正常工作
我们将以下代码用于SSL固定。但是,当我们尝试使用带有过期证书的HttpsURLConnection建立网络连接时,此类下的类不会引发异常。如果此代码有任何问题,请告诉我们。
import android.content.Context;
import java.io.BufferedInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
public class SslUtils {
private SslUtils() {
//Implementation not required
}
public static SSLContext getSslContextForCertificateFile(Context context,int fileName) {
try {
KeyStore keyStore = SslUtils.getKeyStore(context,fileName);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null,trustManagerFactory.getTrustManagers(),new SecureRandom());
return sslContext;
} catch (Exception e) {
String msg = "Error during creating SslContext for certificate from assets";
throw new RuntimeException(msg);
}
}
private static KeyStore getKeyStore(Context context,int fileName) {
KeyStore keyStore = null;
try {
try (InputStream caInput = new BufferedInputStream(context
.getResources().openRawResource(fileName))) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca;
ca = cf.generateCertificate(caInput);
TraceUtils.logE("SslUtils","SslUtils: no err: generateCertificate: ca=" + ((X509Certificate) ca).getSubjectDN());
String keyStoreType = KeyStore.getDefaultType();
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null,null);
keyStore.setCertificateEntry("ca",ca);
}
} catch (Exception e) {
TraceUtils.logE("SslUtils","SslUtils:getKeyStore: " + e);
}
return keyStore;
}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
