使用HttpsURLConnection时如何覆盖Android发送到服务器的密码列表? [英] How to override the cipherlist sent to the server by Android when using HttpsURLConnection?
问题描述
在 TLS 协商期间,客户端向服务器发送支持的密码列表,服务器选择一个,然后开始加密.当我使用 HttpsURLConnection
进行通信时,我想更改这个由 Android 发送到服务器的密码列表.
During TLS negotiation, clients send a list of supported ciphers to the server, the server picks one, and encryption starts. I want to change this cipherlist sent to the server by Android, when I'm using HttpsURLConnection
for communication.
我知道我可以在 HttpsURLConnection
对象上使用 setSSLSocketFactory
将其设置为使用 SSLSocketFactory
.当我想更改 SSLSocketFactory
返回的 SSLSocket
使用的 trustmanager 等时,这很有用.
I know that I can use setSSLSocketFactory
on the HttpsURLConnection
object to set it up to use a SSLSocketFactory
. This is useful when I want to change the trustmanager etc used by the SSLSocket
returned by the SSLSocketFactory
.
我知道通常可以使用 SSLParameters
对象编辑此密码套件列表,并使用方法将其传递给 SSlsocket
或 SSLEngine
对象他们提供.
I know that in general this ciphersuite list can be edited using an SSLParameters
object and passing it to SSlsocket
or SSLEngine
objects using the methods they provide.
但是 SSLSocketFactory
似乎没有公开这样的方法!
BUT the SSLSocketFactory
does not seem to expose such methods!
我找不到一种方法来更改由我传递给 HttpsURLConnection
SSLSocketFactory
创建的返回的 SSLSocket
对象的 SSLParameters
/代码>.
I cannot find a way to change the SSLParameters
of the returned SSLSocket
objects created by the SSLSocketFactory
I pass to HttpsURLConnection
.
怎么办?
我想这也与 Java 相关,而不仅仅是 Android.也许有一种面向对象的方式来做到这一点(例如,扩展 SSLSocketFactory
并将其提供给 HttpsURLConnection
?)
I guess this is also relevant to Java in general, not only Android. Maybe there's an OO way to do it (e.g. extend SSLSocketFactory
and provide that to HttpsURLConnection
?)
推荐答案
这段代码有点原始.请谨慎使用.
This piece of code is a bit raw. please use with care.
public class PreferredCipherSuiteSSLSocketFactory extends SSLSocketFactory {
private static final String PREFERRED_CIPHER_SUITE = "TLS_RSA_WITH_AES_128_CBC_SHA";
private final SSLSocketFactory delegate;
public PreferredCipherSuiteSSLSocketFactory(SSLSocketFactory delegate) {
this.delegate = delegate;
}
@Override
public String[] getDefaultCipherSuites() {
return setupPreferredDefaultCipherSuites(this.delegate);
}
@Override
public String[] getSupportedCipherSuites() {
return setupPreferredSupportedCipherSuites(this.delegate);
}
@Override
public Socket createSocket(String arg0, int arg1) throws IOException,
UnknownHostException {
Socket socket = this.delegate.createSocket(arg0, arg1);
String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);
return socket;
}
@Override
public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
Socket socket = this.delegate.createSocket(arg0, arg1);
String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);
return socket;
}
@Override
public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
throws IOException {
Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3);
String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);
return socket;
}
@Override
public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
throws IOException, UnknownHostException {
Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3);
String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);
return socket;
}
@Override
public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
int arg3) throws IOException {
Socket socket = this.delegate.createSocket(arg0, arg1, arg2, arg3);
String[] cipherSuites = setupPreferredDefaultCipherSuites(delegate);
((SSLSocket)socket).setEnabledCipherSuites(cipherSuites);
return socket;
}
private static String[] setupPreferredDefaultCipherSuites(SSLSocketFactory sslSocketFactory) {
String[] defaultCipherSuites = sslSocketFactory.getDefaultCipherSuites();
ArrayList<String> suitesList = new ArrayList<String>(Arrays.asList(defaultCipherSuites));
suitesList.remove(PREFERRED_CIPHER_SUITE);
suitesList.add(0, PREFERRED_CIPHER_SUITE);
return suitesList.toArray(new String[suitesList.size()]);
}
private static String[] setupPreferredSupportedCipherSuites(SSLSocketFactory sslSocketFactory) {
String[] supportedCipherSuites = sslSocketFactory.getSupportedCipherSuites();
ArrayList<String> suitesList = new ArrayList<String>(Arrays.asList(supportedCipherSuites));
suitesList.remove(PREFERRED_CIPHER_SUITE);
suitesList.add(0, PREFERRED_CIPHER_SUITE);
return suitesList.toArray(new String[suitesList.size()]);
}
}
当你想使用它时.
HttpsURLConnection connection = (HttpsURLConnection) (new URL(url))
.openConnection();
SSLContext context = SSLContext.getInstance("TLS");
TrustManager tm[] = {new SSLPinningTrustManager()};
context.init(null, tm, null);
SSLSocketFactory preferredCipherSuiteSSLSocketFactory = new PreferredCipherSuiteSSLSocketFactory(context.getSocketFactory());
connection.setSSLSocketFactory(preferredCipherSuiteSSLSocketFactory);
connection.connect();
谢谢.
这篇关于使用HttpsURLConnection时如何覆盖Android发送到服务器的密码列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!