个人中心
gpt4 book ai didi

android - 如何在 Android 中实现叶/中间证书固定?

转载 作者:塔克拉玛干 更新时间:2023-11-02 08:42:59 24 4
gpt4 key购买 nike

我已经在我的项目中实现了叶证书,它运行良好。请检查下面的代码,现在的问题是叶证书将在我的服务器中一年后过期,所以我想验证叶证书以便在它过期/无效时我可以使用中间证书?

有实现中间证书的例子吗?

请帮帮我!

代码:-

SSLContext sslContext = null;
        try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream caInput = context.getResources().openRawResource(certRawRef);
            Certificate ca;
            try {
                ca = cf.generateCertificate(caInput);
            } finally {
                caInput.close();
            }
            // Create a KeyStore containing our trusted CAs
            String keyStoreType = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", ca);
            // Create a TrustManager that trusts the CAs in our KeyStore
            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(keyStore);
            // Create an SSLContext that uses our TrustManager

            sslContext = SSLContext.getInstance("TLSv1.2");
            sslContext.init(null, tmf.getTrustManagers(), null);
            return sslContext;
        } catch (Exception e) {
            Log.e("EXCEPTION",e.toString());
            //Print here right certificate failure issue
        }

最佳答案

终于找到答案了:-

try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream caInputLeaf = context.getResources().openRawResource(leafCert);
            InputStream caInputInter = context.getResources().openRawResource(interCert);
            try {
                if (cf != null) {
                    ca = cf.generateCertificate(caInputLeaf);

                    URL url = new URL(URL);
                    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
                    conn.setRequestMethod("GET");
                    conn.connect();

                    chain = conn.getServerCertificates();
                    if(chain!=null && chain[0].equals(ca)) {           //Return Leaf certificate
                        return ca;
                    }
                    else{                                   //Return Intermediate certificate
                        ca = cf.generateCertificate(caInputInter);
                        return ca;
                    }
                }
            } catch (Exception cee) {
                ca = cf.generateCertificate(caInputInter);
                return ca;
            }
        } catch (Exception e) {
            Log.e("EXCEPTION", e.toString());
        }

关于android - 如何在 Android 中实现叶/中间证书固定?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43602877/

24 4 0
文章推荐: objective-c - ld : library not found for -lIOKit. clang xcode
文章推荐: java - joda datetime 处理首字母缩略词和显式时区
文章推荐: java - 在 LibGDX 中添加多个窗口?
文章推荐: java - android.app.RemoteServiceException : at android. app.ActivityThread$H.handleMessage 发送通知时
塔克拉玛干
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com