net 1.2.1 优化checkServerTrusted 漏洞问题，（参考 https://blog.csdn.net/kyzycyey/article/details/130065853）

644494f8 · zhengnw@sobot.com · e67e7fac · 644494f8 · 644494f8
Commit 644494f8 authored Nov 29, 2023 by zhengnw@sobot.com
Showing with 22 additions and 33 deletions

sobot-network-publish-mavencentral.gradle sobot_network/sobot-network-publish-mavencentral.gradle +1 -1

SobotOkHttpUtils.java ...rc/main/java/com/sobot/network/http/SobotOkHttpUtils.java +21 -32

No files found.
--- a/sobot_network/sobot-network-publish-mavencentral.gradle
+++ b/sobot_network/sobot-network-publish-mavencentral.gradle
@@ -12,7 +12,7 @@ task androidSourcesJar(type: Jar) {
 ext {
    PUBLISH_GROUP_ID = "com.sobot.library"        //项目包名
    PUBLISH_ARTIFACT_ID = 'net'            //项目名
-    PUBLISH_VERSION = '1.2.0'                    //版本号
+    PUBLISH_VERSION = '1.2.1'                    //版本号
 }



--- a/sobot_network/src/main/java/com/sobot/network/http/SobotOkHttpUtils.java
+++ b/sobot_network/src/main/java/com/sobot/network/http/SobotOkHttpUtils.java
 package com.sobot.network.http;

+import static okhttp3.internal.Util.assertionError;
+
 import android.annotation.SuppressLint;
 import android.os.Handler;
 import android.os.Looper;
@@ -14,13 +16,12 @@ import com.sobot.network.http.builder.PostStringBuilder;
 import com.sobot.network.http.callback.Callback;
 import com.sobot.network.http.callback.FileCallBack;
 import com.sobot.network.http.log.LoggerInterceptor;
-import com.sobot.network.http.log.SobotNetLogUtils;
 import com.sobot.network.http.request.RequestCall;

 import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
 import java.util.Arrays;
 import java.util.concurrent.TimeUnit;

@@ -49,15 +50,7 @@ public class SobotOkHttpUtils {
            okHttpClientBuilder.addInterceptor(new SobotInternetPermissionExceptionInterceptor());
            mDelivery = new Handler(Looper.getMainLooper());
            try {
-                //优化X509TrustManager安全警告问题
-                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-                trustManagerFactory.init((KeyStore) null);
-                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
-                if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
-                    SobotNetLogUtils.e("Unexpected default trust managers:"
-                            + Arrays.toString(trustManagers));
-                }
-                X509TrustManager manager = (X509TrustManager) trustManagers[0];
+                X509TrustManager manager =platformTrustManager();
                okHttpClientBuilder.sslSocketFactory(createSSLSocketFactory(manager), manager);
                mOkHttpClient = okHttpClientBuilder.build();
            } catch (Exception e) {
@@ -291,13 +284,13 @@ public class SobotOkHttpUtils {
     * @return
     */
    @SuppressLint("TrulyRandom")
-    private static SSLSocketFactory createSSLSocketFactory(X509TrustManager manager) {
+    private static SSLSocketFactory createSSLSocketFactory(X509TrustManager trustManager) {

        SSLSocketFactory sSLSocketFactory = null;

        try {
            SSLContext sc = SSLContext.getInstance("TLS");
-            sc.init(null, getTrustManager(),
+            sc.init(null, new TrustManager[]{trustManager},
                    new SecureRandom());
            sSLSocketFactory = sc.getSocketFactory();
        } catch (Exception e) {
@@ -307,25 +300,20 @@ public class SobotOkHttpUtils {
        return sSLSocketFactory;
    }

-    //获取TrustManager
-    private static TrustManager[] getTrustManager() {
-        TrustManager[] trustAllCerts = new TrustManager[]{
-                new X509TrustManager() {
-                    @Override
-                    public void checkClientTrusted(X509Certificate[] chain, String authType) {
-                    }
-
-                    @Override
-                    public void checkServerTrusted(X509Certificate[] chain, String authType) {
-                    }
-
-                    @Override
-                    public X509Certificate[] getAcceptedIssuers() {
-                        return new X509Certificate[]{};
-                    }
-                }
-        };
-        return trustAllCerts;
+    public static X509TrustManager platformTrustManager() {
+        try {
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
+                    TrustManagerFactory.getDefaultAlgorithm());
+            trustManagerFactory.init((KeyStore) null);
+            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
+                throw new IllegalStateException("Unexpected default trust managers:"
+                        + Arrays.toString(trustManagers));
+            }
+            return (X509TrustManager) trustManagers[0];
+        } catch (GeneralSecurityException e) {
+            throw assertionError("No System TLS", e); // The system has no TLS. Just give up.
+        }
    }

 }
\ No newline at end of file