Skip to content

S
Sobot_module_Dev
Commit 644494f8 by zhengnw@sobot.com
Options

net 1.2.1 优化checkServerTrusted 漏洞问题,(参考 https://blog.csdn.net/kyzycyey/article/details/130065853)

parent e67e7fac
Showing with 19 additions and 32 deletions
sobot_network/sobot-network-publish-mavencentral.gradle
...@@ -12,7 +12,7 @@ task androidSourcesJar(type: Jar) { ...@@ -12,7 +12,7 @@ task androidSourcesJar(type: Jar) {
ext { ext {
PUBLISH_GROUP_ID = "com.sobot.library" //项目包名 PUBLISH_GROUP_ID = "com.sobot.library" //项目包名
PUBLISH_ARTIFACT_ID = 'net' //项目名 PUBLISH_ARTIFACT_ID = 'net' //项目名
PUBLISH_VERSION = '1.2.0' //版本号 PUBLISH_VERSION = '1.2.1' //版本号
} }
......
sobot_network/src/main/java/com/sobot/network/http/SobotOkHttpUtils.java
package com.sobot.network.http; package com.sobot.network.http;
import static okhttp3.internal.Util.assertionError;
import android.annotation.SuppressLint; import android.annotation.SuppressLint;
import android.os.Handler; import android.os.Handler;
import android.os.Looper; import android.os.Looper;
...@@ -14,13 +16,12 @@ import com.sobot.network.http.builder.PostStringBuilder; ...@@ -14,13 +16,12 @@ import com.sobot.network.http.builder.PostStringBuilder;
import com.sobot.network.http.callback.Callback; import com.sobot.network.http.callback.Callback;
import com.sobot.network.http.callback.FileCallBack; import com.sobot.network.http.callback.FileCallBack;
import com.sobot.network.http.log.LoggerInterceptor; import com.sobot.network.http.log.LoggerInterceptor;
import com.sobot.network.http.log.SobotNetLogUtils;
import com.sobot.network.http.request.RequestCall; import com.sobot.network.http.request.RequestCall;
import java.io.IOException; import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays; import java.util.Arrays;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
...@@ -49,15 +50,7 @@ public class SobotOkHttpUtils { ...@@ -49,15 +50,7 @@ public class SobotOkHttpUtils {
okHttpClientBuilder.addInterceptor(new SobotInternetPermissionExceptionInterceptor()); okHttpClientBuilder.addInterceptor(new SobotInternetPermissionExceptionInterceptor());
mDelivery = new Handler(Looper.getMainLooper()); mDelivery = new Handler(Looper.getMainLooper());
try { try {
//优化X509TrustManager安全警告问题 X509TrustManager manager =platformTrustManager();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
SobotNetLogUtils.e("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
X509TrustManager manager = (X509TrustManager) trustManagers[0];
okHttpClientBuilder.sslSocketFactory(createSSLSocketFactory(manager), manager); okHttpClientBuilder.sslSocketFactory(createSSLSocketFactory(manager), manager);
mOkHttpClient = okHttpClientBuilder.build(); mOkHttpClient = okHttpClientBuilder.build();
} catch (Exception e) { } catch (Exception e) {
...@@ -291,13 +284,13 @@ public class SobotOkHttpUtils { ...@@ -291,13 +284,13 @@ public class SobotOkHttpUtils {
* @return * @return
*/ */
@SuppressLint("TrulyRandom") @SuppressLint("TrulyRandom")
private static SSLSocketFactory createSSLSocketFactory(X509TrustManager manager) { private static SSLSocketFactory createSSLSocketFactory(X509TrustManager trustManager) {
SSLSocketFactory sSLSocketFactory = null; SSLSocketFactory sSLSocketFactory = null;
try { try {
SSLContext sc = SSLContext.getInstance("TLS"); SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, getTrustManager(), sc.init(null, new TrustManager[]{trustManager},
new SecureRandom()); new SecureRandom());
sSLSocketFactory = sc.getSocketFactory(); sSLSocketFactory = sc.getSocketFactory();
} catch (Exception e) { } catch (Exception e) {
...@@ -307,25 +300,20 @@ public class SobotOkHttpUtils { ...@@ -307,25 +300,20 @@ public class SobotOkHttpUtils {
return sSLSocketFactory; return sSLSocketFactory;
} }
//获取TrustManager public static X509TrustManager platformTrustManager() {
private static TrustManager[] getTrustManager() { try {
TrustManager[] trustAllCerts = new TrustManager[]{ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
new X509TrustManager() { TrustManagerFactory.getDefaultAlgorithm());
@Override trustManagerFactory.init((KeyStore) null);
public void checkClientTrusted(X509Certificate[] chain, String authType) { TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
} if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
@Override + Arrays.toString(trustManagers));
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
} }
return (X509TrustManager) trustManagers[0];
} catch (GeneralSecurityException e) {
throw assertionError("No System TLS", e); // The system has no TLS. Just give up.
} }
};
return trustAllCerts;
} }
} }
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment