1 获得证书公钥的哈希值
2 例子
<!-- https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp -->
<dependency>
<groupId>com.squareup.okhttp3</groupId>
<artifactId>okhttp</artifactId>
<version>4.9.2</version>
</dependency>
// 小红书 www.xiaohongshu.com 证书公钥的哈希值
String PUBLIC_KEY_HASH = "7/7ZtGQbsxpnFWI8v2DmVSwEd7W6dmkHw4TjbuH1Ds0=";
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(
new CertificatePinner.Builder()
.add("www.xiaohongshu.com", "sha256/" + PUBLIC_KEY_HASH)
.build()
)
.build();
// 请求小红书微信小程序详情页接口
Request request = new Request.Builder()
.url("https://www.xiaohongshu.com/fe_api/burdock/weixin/v2/note/6139e3790000000021039b7a/single_feed")
.addHeader("X-Sign", "X09f2f3e9da819070d0c34a92124d6274")
.addHeader("Authorization", "wxmp.3beb70ee-b1a3-4e75-b740-5907192612d6")
.addHeader("Host", " www.xiaohongshu.com")
.addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 MicroMessenger/7.0.9.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat")
.build();
Response response = client.newCall(request).execute();
if (!response.isSuccessful()) {
throw new IOException("Unexpected code " + response);
}
// 打印证书公钥的哈希值(证书链上的)
for (Certificate certificate : response.handshake().peerCertificates()) {
System.out.println(CertificatePinner.pin(certificate));
}
// 打印返回值
// {"code":0,"success":true,"data":{"ats":[],"likes":1,"collects":1,"shareCount":0,"comments":2,"title":"求助,变色LED灯坏了能修吗","desc":"就像视频这样子,总共三种颜色,现在有两种暖色灯有用,一种冷色灯只有微亮,还一直闪。怎么办。要换整个灯吗?","id":"6139e3790000000021039b7a","imageList":[{"url":"http://ci.xiaohongshu.com/e5348a40-c9ef-33d3-a873-32ce9373a190?imageView2/2/w/1080/format/jpg","width":720,"height":1280,"fileId":"e5348a40-c9ef-33d3-a873-32ce9373a190","traceId":"e5348a40-c9ef-33d3-a873-32ce9373a190"}],"cover":{"url":"http://ci.xiaohongshu.com/e5348a40-c9ef-33d3-a873-32ce9373a190?imageView2/2/w/1080/format/jpg","width":720,"height":1280,"fileId":"e5348a40-c9ef-33d3-a873-32ce9373a190","traceId":"e5348a40-c9ef-33d3-a873-32ce9373a190"},"isLiked":false,"time":"2021-09-09 18:35","type":"video","hashTags":[],"cooperateBinds":[],"isCollected":false,"video":{"id":"6139e3790000000021039b7a","url":"http://v.xiaohongshu.com/95907c516534bdfdcb72658cd9c0ff083d9739d8_r_ln?sign=63add5d6df2133068801f2197f39bed7&t=615c7680","width":720,"height":1280,"duration":49,"playedCount":0},"inCensor":false,"censorTip":"","user":{"bannerImage":"","fans":60,"follows":76,"gender":1,"id":"5658298db8c8b44cafd43a85","nickname":"双木林2012","notes":13,"boards":0,"location":"中国","image":"https://sns-avatar-qc.xhscdn.com/avatar/60edaa6904fcbc4286ae9966.jpg?imageView2/1/w/540/format/jpg","collected":43,"desc":"县城资料员小白","liked":85,"officialVerified":false,"redOfficialVerifyShowIcon":false,"level":{"image":"https://fe-static.xhscdn.com/formula-static/user-growth/public/4f_89d6a14b2f5f3f5c1ce3cac9fa6dab96.png","name":"困困薯"},"fstatus":"none","redOfficialVerifyIconType":0,"red_id":"509011835","officialVerifyIcon":"","officialVerifyName":"","isFollowed":false},"poi":{},"commentList":[{"content":"可以在网上买个灯盘很便宜安装也简单","user":{"id":"5af53b63e8ac2b55dbc4a72c","nickname":"12号下午"}}],"canShareMoment":false}}
System.out.println(new String(response.body().bytes()));
公钥hash值错误
// 7/7ZtGQbsxpnFWI8v2DmVSwEd6W6dmkHw4TjbuH1Ds0=
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!
Peer certificate chain:
sha256/7/7ZtGQbsxpnFWI8v2DmVSwEd7W6dmkHw4TjbuH1Ds0=: CN=*.xiaohongshu.com, O=行吟信息科技(上海)有限公司, ST=上海市, C=CN
sha256/TbrK7tI1CsyZLKNdMvoHsV863GbcuERLt4LWrjChCv0=: CN=DigiCert Secure Site CN CA G3, O=DigiCert Inc, C=US
sha256/r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Pinned certificates for www.xiaohongshu.com:
sha256/7/7ZtGQbsxpnFWI8v2DmVSwEd6W6dmkHw4TjbuH1Ds0=
at okhttp3.CertificatePinner.check$okhttp(CertificatePinner.kt:200)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:410)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
at cn.baker.utils.OkHttpTest.main(OkHttpTest.java:37)
Process finished with exit code 1
- https://www.jianshu.com/p/ad4c7ce94518/
- https://www.jianshu.com/p/80282c1b3cff
- https://www.jianshu.com/p/952254affbbf