使用Google Volley的SSL固定

我提到我到目前为止所尝试的是开始我的问题:

我没有在我的应用程序中的证书,我只使用SHA256密钥,大多数互联网上的答案需要在应用程序中的物理证书加载到密钥库中,我没有。

我收到以下错误:

javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 

1) TrustKit它需要编译SDK 24及以上,但我有23和许多支持库与SDK 23同步,所以我不能改变所有这些,它可能会在一段时间崩溃我的应用程序。

2) CWAC-NetSecurity我已经在我的代码中实现了这个function,而没有使用Android N安全设置,我也遵循了git页面给出的指令,但是不能从sslSocketfactory传递给Volley,它有OkHTTP的例子。 所以也出现以上错误。

我已经用OKHttp的CertificatePinner试过了,它也不适合我。 同样的错误。 我也试图将hostNameVerifier和sslSocketFactory传递给HttpsUrlConnection,但同样的错误。

 JsonObjectRequestSolaire jsonRequest = new JsonObjectRequestSolaire(method, URL, object, headers, responseListener, errorListener); RetryPolicy policy = new DefaultRetryPolicy(TIMEOUT, DefaultRetryPolicy.DEFAULT_MAX_RETRIES, DefaultRetryPolicy.DEFAULT_BACKOFF_MULT); jsonRequest.setRetryPolicy(policy); jsonRequest.setShouldCache(false); OkHttpClient okHttpClient = new OkHttpClient.Builder() .certificatePinner(new CertificatePinner.Builder() .add("my_domain", "sha256/shaKey")//example.com .add("my_domain", "sha256/shaKey")//also tried *.example.com .build()) .build(); //HttpsURLConnection.setDefaultHostnameVerifier(okHttpClient.hostnameVerifier()); //HttpsURLConnection.setDefaultSSLSocketFactory(okHttpClient.sslSocketFactory()); RequestQueue requestQueue = Volley.newRequestQueue(activity.getApplicationContext(), new HurlStack(null, okHttpClient.sslSocketFactory())); requestQueue.add(jsonRequest); 

通过使用trustKit我们的iOS人员实施,并为他工作。

提前致谢。

请在这里分享您的宝贵意见,以便我能理解这个SSL固定概念。

Solutions Collecting From Web of "使用Google Volley的SSL固定"

使用这个VolleySingleton:

 public class VolleySingleton { private static VolleySingleton mInstance; private RequestQueue mRequestQueue; private static Context mCtx; private VolleySingleton(Context context) { mCtx = context; mRequestQueue = getRequestQueue(); } public static synchronized VolleySingleton getInstance(Context context) { if (mInstance == null) { mInstance = new VolleySingleton(context); } return mInstance; } public RequestQueue getRequestQueue() { if (mRequestQueue == null) { // getApplicationContext() is key, it keeps you from leaking the // Activity or BroadcastReceiver if someone passes one in. mRequestQueue = Volley.newRequestQueue(mCtx.getApplicationContext(), new HurlStack(null, newSslSocketFactory())); } return mRequestQueue; } public <T> void addToRequestQueue(Request<T> req) { int socketTimeout = 90000; RetryPolicy policy = new DefaultRetryPolicy(socketTimeout, DefaultRetryPolicy.DEFAULT_MAX_RETRIES, DefaultRetryPolicy.DEFAULT_BACKOFF_MULT); req.setRetryPolicy(policy); getRequestQueue().add(req); } private SSLSocketFactory newSslSocketFactory() { try { // Get an instance of the Bouncy Castle KeyStore format KeyStore trusted = KeyStore.getInstance("BKS"); // Get the raw resource, which contains the keystore with // your trusted certificates (root and any intermediate certs) InputStream in = mCtx.getApplicationContext().getResources().openRawResource(R.raw.trusted); try { // Initialize the keystore with the provided trusted certificates // Provide the password of the keystore trusted.load(in, mCtx.getString(R.string.KEYSTORE_PASS).toCharArray()); } finally { in.close(); } String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(trusted); SSLContext context = SSLContext.getInstance("TLSv1.2"); context.init(null, tmf.getTrustManagers(), null); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { Log.i("Volley","Verifing host:"+hostname); return true; } }); SSLSocketFactory sf = context.getSocketFactory(); return sf; } catch (Exception e) { throw new AssertionError(e); } } }