问题描述
我收到了来自 Google 的关于 SSL 错误处理程序、TrustManager、HostnameVerifier 漏洞的邮件。我在我的项目中添加了 https 请求的所有证书。我使用 Retrofit 并使用 OkHttpClient 固定我的证书。
收到邮件说发现您的应用使用了包含用户安全漏洞的软件。存在这些漏洞的应用可能会泄露用户信息或损坏用户设备,并可能被视为违反我们的恶意行为政策。
以下是在您最近提交的文件中检测到的问题和相应 APK 版本的列表。请尽快迁移您的应用以使用更新后的软件,并增加升级后的 APK 的版本号。
链接是:
- https://support.google.com/faqs/answer/6346016
- https://support.google.com/faqs/answer/7071387
- https://support.google.com/faqs/answer/7188426
这是我的代码:
OkHttpCertificatePinner.java
import okhttp3.OkHttpClient;
public interface OkHttpCertificatePinner {
OkHttpClient.Builder pinCertificate(okhttp3.OkHttpClient.Builder okhttpBuilder);
}
RawCertificatePinner.java
import android.content.Context;
import android.util.Log;
import androidx.annotation.NonNull;
import androidx.annotation.RawRes;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.x509trustmanager;
import okhttp3.OkHttpClient;
public final class RawCertificatePinner implements OkHttpCertificatePinner {
private static final String CERTIFICATE_TYPE = "BKS";
private static final String DEFAULT_TLS_VERSION = "TLSv1.2";
private final Context context;
@RawRes
private final int certificate;
private final String certificatePassword;
public RawCertificatePinner(@NonNull Context context,@RawRes int certificate,@NonNull String certificatePassword) {
this.context = context.getApplicationContext();
this.certificate = certificate;
this.certificatePassword = certificatePassword;
}
@Override
public OkHttpClient.Builder pinCertificate(OkHttpClient.Builder okhttpBuilder) {
final KeyStore trustedCertificate = getTrustedCertificate();
final TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustedCertificate);
final SSLContext sslContext = getSSLContext(trustManagerFactory);
x509trustmanager trustManager = getx509trustmanager(trustManagerFactory);
okhttpBuilder.sslSocketFactory(sslContext.getSocketFactory(),trustManager);
return okhttpBuilder;
}
private KeyStore getTrustedCertificate() {
KeyStore trusted = null;
InputStream in = null;
try {
trusted = KeyStore.getInstance(CERTIFICATE_TYPE);
in = context.getResources().openRawResource(certificate);
trusted.load(in,certificatePassword.tochararray());
} catch (Exception e) {
e.printstacktrace();
}finally {
if(in != null){
try {
in.close();
} catch (IOException e) {
e.printstacktrace();
}
}
}
return trusted;
}
private TrustManagerFactory getTrustManagerFactory(KeyStore trustedCertificate) {
TrustManagerFactory trustManagerFactory = null;
try {
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustedCertificate);
} catch (NoSuchAlgorithmException e) {
e.printstacktrace();
} catch (KeyStoreException e) {
e.printstacktrace();
}
return trustManagerFactory;
}
private SSLContext getSSLContext(TrustManagerFactory trustManagerFactory) {
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance(DEFAULT_TLS_VERSION);
sslContext.init(null,trustManagerFactory.getTrustManagers(),null);
} catch (NoSuchAlgorithmException e) {
e.printstacktrace();
} catch (KeyManagementException e) {
e.printstacktrace();
}
return sslContext;
}
private x509trustmanager getx509trustmanager(TrustManagerFactory trustManagerFactory) {
final TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers == null
|| trustManagers.length != 1
|| !(trustManagers[0] instanceof x509trustmanager)) {
final IllegalStateException e = new IllegalStateException("Wrong trust manager: " + Arrays.toString(trustManagers));
Log.d("ThrowableReporter",e.getMessage());
throw e;
}
return (x509trustmanager) trustManagers[0];
}
}
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)