英文:
how to get the server certificate with okhttp response
问题
我想保存服务器证书,但是我无法找到使用OkHttpClient获取它的方法。response.handshake为空:
client.newCall(request).execute().handshake().peerCertificates()
英文:
I want to save a server certificate, but I cannot find the method to get it with OkHttpClient. The response.handshake is empty:
client.newCall(request).execute().handshake().peerCertificates()
答案1
得分: 1
以下是翻译好的内容:
你已经拥有了正确的代码。但是很可能你已经禁用了安全性或类似的功能,导致你的请求没有干净的证书链。
正确的安全代码
return response.use {
it.handshake!!.peerCertificates
}.map { it as X509Certificate }
不安全的代码
import okhttp3.internal.connection.RealCall
import okhttp3.tls.HandshakeCertificates
import java.security.cert.X509Certificate
import javax.net.ssl.SSLSocket
fun main() {
val handshakeCertificates = HandshakeCertificates.Builder()
.addPlatformTrustedCertificates()
.addInsecureHost("self-signed.badssl.com")
.build()
val client = OkHttpClient.Builder()
.sslSocketFactory(handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager)
.eventListener(object : EventListener() {
override fun connectionAcquired(call: Call, connection: Connection) {
val socket = (call as RealCall).connection?.socket() as? SSLSocket
println("connectionAcquired " + socket?.session?.peerCertificates?.size)
socket?.session?.peerCertificates?.forEach {
val x509 = it as X509Certificate
println(x509.subjectDN)
}
}
})
.build()
val response = client.newCall(Request.Builder().url("https://self-signed.badssl.com").build()).execute()
println("response " + response.handshake?.peerCertificates?.size)
response.handshake?.peerCertificates?.forEach {
val x509 = it as X509Certificate
println(x509.subjectDN)
}
}
输出
connectionAcquired 1
CN=*.badssl.com, O=BadSSL, L=San Francisco, ST=California, C=US
response 0
英文:
You have the correct code. But likely you have disabled security or similar such that there is no clean certificate chain for your request.
Correct secure code
return response.use {
it.handshake!!.peerCertificates
}.map { it as X509Certificate }
Insecure code
import okhttp3.internal.connection.RealCall
import okhttp3.tls.HandshakeCertificates
import java.security.cert.X509Certificate
import javax.net.ssl.SSLSocket
fun main() {
val handshakeCertificates = HandshakeCertificates.Builder()
.addPlatformTrustedCertificates()
.addInsecureHost("self-signed.badssl.com")
.build()
val client = OkHttpClient.Builder()
.sslSocketFactory(handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager)
.eventListener(object : EventListener() {
override fun connectionAcquired(call: Call, connection: Connection) {
val socket = (call as RealCall).connection?.socket() as? SSLSocket
println("connectionAcquired " + socket?.session?.peerCertificates?.size)
socket?.session?.peerCertificates?.forEach {
val x509 = it as X509Certificate
println(x509.subjectDN)
}
}
})
.build()
val response = client.newCall(Request.Builder().url("https://self-signed.badssl.com").build()).execute()
println("response " + response.handshake?.peerCertificates?.size)
response.handshake?.peerCertificates?.forEach {
val x509 = it as X509Certificate
println(x509.subjectDN)
}
}
Output
connectionAcquired 1
CN=*.badssl.com, O=BadSSL, L=San Francisco, ST=California, C=US
response 0
答案2
得分: 0
certifikit CLI可以以OkHttp友好的格式为您下载它们。
https://github.com/cashapp/certifikit/tree/master/certifikit-cli
$ certifikit-cli git:(master) ./cft --host badssl.com --insecure --output tmp
CN: *.badssl.com
Pin: sha256/f522e496c72fccc623f1ffb9da5a79cdefe16340851f22d23d0cd2a58608066f
SAN: *.badssl.com, badssl.com
Key Usage: DigitalSignature, KeyEncipherment
Ext Key Usage: serverAuth, clientAuth
Authority Info Access:
ocsp: http://ocsp.digicert.com
caIssuers: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
Valid: 2020-03-23T00:00:00Z..2022-05-17T12:00:00Z (1 years)
CA: false
CN: DigiCert SHA2 Secure Server CA
Pin: sha256/e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c
SAN: <N/A>
Key Usage: DigitalSignature, KeyCertSign, CRLSign
Authority Info Access:
ocsp: http://ocsp.digicert.com
Valid: 2013-03-08T12:00:00Z..2023-03-08T12:00:00Z (2 years)
CA: true Max Intermediate: 0
CN: DigiCert Global Root CA (signed by locally-trusted root)
Pin: sha256/aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SAN: <N/A>
OU: www.digicert.com
Key Usage: DigitalSignature, KeyCertSign, CRLSign
Valid: 2006-11-10T00:00:00Z..2031-11-10T00:00:00Z (11 years)
CA: true
$ certifikit-cli git:(master) ✗ ls tmp
aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391.pem f522e496c72fccc623f1ffb9da5a79cdefe16340851f22d23d0cd2a58608066f.pem
e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c.pem
英文:
The certifikit CLI can download them for you in an OkHttp friendly format.
https://github.com/cashapp/certifikit/tree/master/certifikit-cli
$ certifikit-cli git:(master) ./cft --host badssl.com --insecure --output tmp
CN: *.badssl.com
Pin: sha256/f522e496c72fccc623f1ffb9da5a79cdefe16340851f22d23d0cd2a58608066f
SAN: *.badssl.com, badssl.com
Key Usage: DigitalSignature, KeyEncipherment
Ext Key Usage: serverAuth, clientAuth
Authority Info Access:
ocsp: http://ocsp.digicert.com
caIssuers: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
Valid: 2020-03-23T00:00:00Z..2022-05-17T12:00:00Z (1 years)
CA: false
CN: DigiCert SHA2 Secure Server CA
Pin: sha256/e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c
SAN: <N/A>
Key Usage: DigitalSignature, KeyCertSign, CRLSign
Authority Info Access:
ocsp: http://ocsp.digicert.com
Valid: 2013-03-08T12:00:00Z..2023-03-08T12:00:00Z (2 years)
CA: true Max Intermediate: 0
CN: DigiCert Global Root CA (signed by locally-trusted root)
Pin: sha256/aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391
SAN: <N/A>
OU: www.digicert.com
Key Usage: DigitalSignature, KeyCertSign, CRLSign
Valid: 2006-11-10T00:00:00Z..2031-11-10T00:00:00Z (11 years)
CA: true
$ certifikit-cli git:(master) ✗ ls tmp
aff988906dde12955d9bebbf928fdcc31cce328d5b9384f21c8941ca26e20391.pem f522e496c72fccc623f1ffb9da5a79cdefe16340851f22d23d0cd2a58608066f.pem
e6426f344330d0a8eb080bbb7976391d976fc824b5dc16c0d15246d5148ff75c.pem
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论