Flutter 颤振:使用badCertificateCallback进行HTTPS证书验证
我正在我的颤振应用程序中使用软件包 我需要验证HTTPS证书,如中所示,但我不确定如何正确执行此操作。搜索了几个小时,但没有得到好结果 以下是我目前的情况:Flutter 颤振:使用badCertificateCallback进行HTTPS证书验证,flutter,dart,Flutter,Dart,我正在我的颤振应用程序中使用软件包 我需要验证HTTPS证书,如中所示,但我不确定如何正确执行此操作。搜索了几个小时,但没有得到好结果 以下是我目前的情况: //This should only run if the verification is a success testAPI() async { try { response = await dio.post('https://someAPI.com', data: requestBody);
//This should only run if the verification is a success
testAPI() async {
try {
response = await dio.post('https://someAPI.com', data: requestBody);
print(response);
} catch (e) {
print(e);
}
}
然后,https证书验证步骤:
verificationStep(){
String PEM="XXXXX";
(dio.httpClientAdapter as DefaultHttpClientAdapter).onHttpClientCreate = (client) {
client.badCertificateCallback=(X509Certificate cert, String host, int port){
if(cert.pem==PEM){ // Verify the certificate
//or run testAPI() here
return true;
}
return false;
};
};
}
如果我将任何API调用限制为https://someAPI.com
仅限,在处理任何API之前,我在何处/何时调用此验证步骤()
函数来验证收到的证书?我甚至不确定这样做是否正确
最后,我尝试添加网络安全性,因为应用程序只需要对特定端点进行API调用。因此,为了防止任何MITM攻击,我尝试添加一个证书验证阶段
到目前为止,这个验证步骤只是被忽略,或者永远不会到达if
语句
任何帮助都将不胜感激
谢谢 您可以使用HTTP默认库,也可以在异常情况下添加try-catch。我希望您在Android上测试时能够在那里检查您的证书
HttpClient httpClient = new HttpClient();
httpClient.badCertificateCallback = ((X509Certificate cert, String host, int port) {
if(cert.pem==PEM){ // Verify the certificate
//or run testAPI() here
return true;
}
return false;}
);
debugPrint("url: " + url + " Body:" + (body == null ? "" : body.toString()));
try {
httpClient.postUrl(Uri.parse(url)).then((request) {
if (headers != null) {
List<String> keys = headers.keys.toList();
for (int i = 0; i < keys.length; i++) {
request.headers.set(keys[i], headers[keys[i]]);
}
request.add(utf8.encode(json.encode(body)));
request.close().then((response) {
response.transform(utf8.decoder).join().then((body) {
if (response != null && response.statusCode == 200 && body != null) {
//Success
} else {
//fail
}
});
}).catchError((Object error) {
if (error != null && error.runtimeType == String) {
debugPrint("response: " + error ?? "");
}
}).whenComplete(() {
print("Api complete");
});
}
});
} on Function catch (e, _) {
if (e != null) {
}
callCompletion(null, false, completion);
debugPrint('catch callback');
}
HttpClient-HttpClient=new-HttpClient();
httpClient.badCertificateCallback=((X509证书证书,字符串主机,int端口){
如果(cert.pem==pem){//验证证书
//或者在此处运行testAPI()
返回true;
}
返回false;}
);
debugPrint(“url:+url+”Body:+(Body==null?”:Body.toString());
试一试{
httpClient.postrl(Uri.parse(url)).then((请求){
如果(标题!=null){
List keys=headers.keys.toList();
for(int i=0;i
您可以使用HTTP默认库,也可以在异常情况下添加try-catch。我希望您在Android上测试时能够在那里检查您的证书
HttpClient httpClient = new HttpClient();
httpClient.badCertificateCallback = ((X509Certificate cert, String host, int port) {
if(cert.pem==PEM){ // Verify the certificate
//or run testAPI() here
return true;
}
return false;}
);
debugPrint("url: " + url + " Body:" + (body == null ? "" : body.toString()));
try {
httpClient.postUrl(Uri.parse(url)).then((request) {
if (headers != null) {
List<String> keys = headers.keys.toList();
for (int i = 0; i < keys.length; i++) {
request.headers.set(keys[i], headers[keys[i]]);
}
request.add(utf8.encode(json.encode(body)));
request.close().then((response) {
response.transform(utf8.decoder).join().then((body) {
if (response != null && response.statusCode == 200 && body != null) {
//Success
} else {
//fail
}
});
}).catchError((Object error) {
if (error != null && error.runtimeType == String) {
debugPrint("response: " + error ?? "");
}
}).whenComplete(() {
print("Api complete");
});
}
});
} on Function catch (e, _) {
if (e != null) {
}
callCompletion(null, false, completion);
debugPrint('catch callback');
}
HttpClient-HttpClient=new-HttpClient();
httpClient.badCertificateCallback=((X509证书证书,字符串主机,int端口){
如果(cert.pem==pem){//验证证书
//或者在此处运行testAPI()
返回true;
}
返回false;}
);
debugPrint(“url:+url+”Body:+(Body==null?”:Body.toString());
试一试{
httpClient.postrl(Uri.parse(url)).then((请求){
如果(标题!=null){
List keys=headers.keys.toList();
for(int i=0;i
您正在哪个平台上测试?IOS还是Android?我在Androidy上测试你在哪个平台上测试?IOS还是Android?我正在Androidi上测试它。我有两个证书,abc.bks和abc.p12如何将它们添加到我的双向ssl请求中。我尝试了SecurityContext context=newSecurityContext()…setTrustedCertificates(“资产/证书/abc.bks”,密码:“123456”);但它不起作用我有两个证书,abc.bks和abc.p12如何将它们添加到我的双向ssl请求中。我尝试了SecurityContext context=newSecurityContext()…setTrustedCertificates(“资产/证书/abc.bks”,密码:“123456”);但它不起作用