所以我一直试图通宵让它工作,但似乎没有什么诀窍...我一直得到信任锚没有找到认证路径。没有找到与okhttp认证路径的信任锚点
这里是我是如何建立okhttpClient(我跟着https://medium.com/@sreekumar_av/certificate-public-key-pinning-in-android-using-retrofit-2-0-74140800025b)
fun provideOkHttpClient(): OkHttpClient {
val httpClientBuilder = OkHttpClient()
.newBuilder()
val logging = HttpLoggingInterceptor()
logging.level = if (BuildConfig.DEBUG)
HttpLoggingInterceptor.Level.BODY
else
HttpLoggingInterceptor.Level.NONE
val certificatePinner = CertificatePinner.Builder()
.add(HOST, SHA)
.build()
val connectionSpec = ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
connectionSpec.tlsVersions(TlsVersion.TLS_1_2).build()
val tlsSocketFactory = TLSSocketFactory()
return httpClientBuilder
.certificatePinner(certificatePinner)
.addNetworkInterceptor(logging)
.sslSocketFactory(tlsSocketFactory, tlsSocketFactory.systemDefaultTrustManager())
.connectionSpecs(Collections.singletonList(connectionSpec.build()))
.build()
}
我得到了这样的SHA:OpenSSL的的s_client.First -connect主机:端口| openssl x509 -pubkey -noout | openssl rsa -pubin -outform der | openssl dgst -sha256 -binary | OpenSSL的ENC -base64
这里是TLSFacotry:https://gist.github.com/pollux-/fbcc74984e110bb49497faa2d0ed5ee1#file-tlssocketfactory-java
我真的不明白为什么它不会在这一点上工作..
任何帮助将不胜感激!
IIRC,完整的LogCat输出将显示OkHttp遇到的内容,因此您可以将它与'certificatePinner'中的内容进行比较。我不知道为什么你有'sslSocketFactory()'调用。 – CommonsWare
我没有真正的logcat更多的信息,但这里是完整的日志: https://gist.github.com/NeoDigi/60abbcdd1f650897f600afda9268837b –
它不会在堆栈跟踪,但在行前或之后。 – CommonsWare