|
Apache http client 由于从api23起被Android丢弃,因此行使率较低。今朝更多行使的是HttpURLConnection类或第三方库OKhttp3.0举办HTTPS通讯。个中OKhttp3.0的部门运用与HttpURLConnection沟通,客户端都可以通过实现X509TrustManager接口的checkServerTrusted要领,将处事器证书与APP预埋证书做比拟,来完成强校验。另外,也可以再通过实现HostnameVerifier接口的verify要领,校验处事器证书中的一样平常名称(CN)是否与域名符合。通过行使上述要领,完成客户端对处事端的证书强校验。
(2) 应用说明
因为这次是自编译的文件,就不通过APK反编译等要领查察代码了,直接看首要通讯类HttpClientSslHelper的源码。
- public class HttpClientSslHelper {
- public static boolean isServerTrusted1 = true; //强校验要害参数
- private static SSLContext sslContext = null;
- public static OkHttpClient getSslOkHttpClient(Context context) {
- OkHttpClient.Builder builder = new OkHttpClient.Builder();
- builder.sslSocketFactory(getSslContextByCustomTrustManager(context).getSocketFactory())
- .hostnameVerifier(new HostnameVerifier() {
- @Override //实现自界说的HostnameVerifier 工具的verify校验要领
- public boolean verify(String hostname, SSLSession session) {
- Log.d("HttpClientSslHelper", "hostname = " + hostname);
- if ("192.168.96.1".equals(hostname)) {
- //按照isServerTrusted1的值举办校验,若为True,则校验乐成,执行后续毗连
- return isServerTrusted1;
- } else {
- //因为是尝试情形,if语句总为真,不会执行else语句
- HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
- return hv.verify("localhost", session);
- }
- }
- });
- return builder.build();
- }
-
- public static SSLContext getSslContextByCustomTrustManager(Context context) {
- if (sslContext == null) {
- try {
- CertificateFactory cf = CertificateFactory.getInstance("X.509","BC");
- InputStream caInput = new BufferedInputStream(context.getResources().getAssets().open("server.cer"));
- final Certificate ca;
- try {
- ca = cf.generateCertificate(caInput);
- } finally {
- caInput.close();
- }
- sslContext = SSLContext.getInstance("TLS");
- //自界说X509TrustManager接口的checkClientTrusted、checkServerTrusted和getAcceptedIssuers要领
- sslContext.init(null, new X509TrustManager[]{new X509TrustManager() {
- public void checkClientTrusted(X509Certificate[] chain,
- String authType) throws CertificateException {
- Log.d("HttpClientSslHelper", "checkClientTrusted --> authType = " + authType);
- //校验客户端证书
- }
-
- public void checkServerTrusted(X509Certificate[] chain,
- String authType) throws CertificateException {
- Log.d("HttpClientSslHelper", "checkServerTrusted --> authType = " + authType);
- //校验处事器证书
- for (X509Certificate cert : chain) {
- cert.checkValidity();
- try {
- //要害点,用APP中内置的处事端证书server.cer来校验收集毗连中处事器揭晓的证书
- cert.verify(ca.getPublicKey());
- } catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchProviderException | SignatureException e) {
- e.printStackTrace();
- //校验失败,则变动isServerTrusted1值为false
- isServerTrusted1 = false;
- }
- }
- }
-
- public X509Certificate[] getAcceptedIssuers() {
- return new X509Certificate[0];
- }
- }}, null);
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- return sslContext;
- }
- }
由上可知,将HttpClientSslHelper类的getSslContextByCustomTrustManager要领重写,从头实现checkServerTrusted要领,让其不修改isServerTrusted1的值,即可绕过证书强校验。
(3) 开始Hook
从头实现checkServerTrusted要领 (编辑:湖南网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
