同一请求中的SSL固定
我的问题是,在每次同一请求中的SSL固定,ssl,okhttp3,Ssl,Okhttp3,我的问题是,在每次Get/Post请求之前,我是否必须单独请求检查SSL固定 OkHttpClient client = new OkHttpClient.Builder().certificatePinner( new CertificatePinner.Builder() .add(pinningUrl, "sha256/invalidPIN") .build())
Get/Post
请求之前,我是否必须单独请求检查SSL固定
OkHttpClient client = new OkHttpClient.Builder().certificatePinner(
new CertificatePinner.Builder()
.add(pinningUrl, "sha256/invalidPIN")
.build()).build();
Request request = new Request.Builder()
.url(pinningUrl)
.build();
Response response = client.newCall(request).execute();
或者我可以像这样用每个Get/Post
检查它吗
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(pinningUrl, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") .build();
OkHttpClient client = new OkHttpClient().newBuilder().certificatePinner(certificatePinner).build();
Request request = new Request.Builder() .url(getResources().getString(R.string.server_url_user_mgmt_services))
.addHeader("Content-Type", "application).post(body)
.build();
client.newCall(request)
.enqueue(new Callback() {
@Override
public void onFailure(Call call, IOException e) {
pd.dismiss();
Toast.makeText(LoginActivity.this, "Some error occured!\nTry Again", Toast.LENGTH_SHORT).show();
}
@Override
public void onResponse(Call call, Response response) throws IOException {
String str = response.body().toString();
}
});
如果我在每个请求上都检查它,那么请求将被执行,但它没有检查
证书
请帮助我。根据您的第一个代码示例,您似乎试图使用URL而不是主机名或通配符进行锁定
您应该在OkHttpClient上为每个主机配置一次,然后发出正常请求。您定义的PIN应该以主机作为键,而不是url
根据您的第一个代码示例,您似乎正在尝试使用URL而不是主机名或通配符进行锁定 您应该在OkHttpClient上为每个主机配置一次,然后发出正常请求。您定义的PIN应该以主机作为键,而不是url
String hostname = "publicobject.com";
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
Request request = new Request.Builder()
.url("https://" + hostname)
.build();
client.newCall(request).execute();