OkHttp SSL Pinning

最新推荐文章于 2024-06-21 17:05:14 发布

爪哇

最新推荐文章于 2024-06-21 17:05:14 发布

阅读量1.2k

点赞数

分类专栏：网络爬虫文章标签： ssl html5 java

记录平时的问题，完全是给自己看的，垃圾博客，浪费各位大佬时间...

本文链接：https://blog.csdn.net/qq_40794973/article/details/120600341

版权

网络爬虫专栏收录该内容

9 篇文章 1 订阅

订阅专栏

1 获得证书公钥的哈希值

https://www.ssllabs.com/ssltest/index.html

2 例子

<!-- https://mvnrepository.com/artifact/com.squareup.okhttp3/okhttp -->
<dependency>
    <groupId>com.squareup.okhttp3</groupId>
    <artifactId>okhttp</artifactId>
    <version>4.9.2</version>
</dependency>

// 小红书 www.xiaohongshu.com 证书公钥的哈希值
String PUBLIC_KEY_HASH = "7/7ZtGQbsxpnFWI8v2DmVSwEd7W6dmkHw4TjbuH1Ds0=";
OkHttpClient client = new OkHttpClient.Builder()
        .certificatePinner(
                new CertificatePinner.Builder()
                .add("www.xiaohongshu.com", "sha256/" + PUBLIC_KEY_HASH)
                .build()
        )
        .build();
// 请求小红书微信小程序详情页接口
Request request = new Request.Builder()
        .url("https://www.xiaohongshu.com/fe_api/burdock/weixin/v2/note/6139e3790000000021039b7a/single_feed")
        .addHeader("X-Sign", "X09f2f3e9da819070d0c34a92124d6274")
        .addHeader("Authorization", "wxmp.3beb70ee-b1a3-4e75-b740-5907192612d6")
        .addHeader("Host", " www.xiaohongshu.com")
        .addHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 MicroMessenger/7.0.9.501 NetType/WIFI MiniProgramEnv/Windows WindowsWechat")
        .build();

Response response = client.newCall(request).execute();
if (!response.isSuccessful()) {
    throw new IOException("Unexpected code " + response);
}
// 打印证书公钥的哈希值（证书链上的）
for (Certificate certificate : response.handshake().peerCertificates()) {
    System.out.println(CertificatePinner.pin(certificate));
}
// 打印返回值
// {"code":0,"success":true,"data":{"ats":[],"likes":1,"collects":1,"shareCount":0,"comments":2,"title":"求助，变色LED灯坏了能修吗","desc":"就像视频这样子，总共三种颜色，现在有两种暖色灯有用，一种冷色灯只有微亮，还一直闪。怎么办。要换整个灯吗？","id":"6139e3790000000021039b7a","imageList":[{"url":"http://ci.xiaohongshu.com/e5348a40-c9ef-33d3-a873-32ce9373a190?imageView2/2/w/1080/format/jpg","width":720,"height":1280,"fileId":"e5348a40-c9ef-33d3-a873-32ce9373a190","traceId":"e5348a40-c9ef-33d3-a873-32ce9373a190"}],"cover":{"url":"http://ci.xiaohongshu.com/e5348a40-c9ef-33d3-a873-32ce9373a190?imageView2/2/w/1080/format/jpg","width":720,"height":1280,"fileId":"e5348a40-c9ef-33d3-a873-32ce9373a190","traceId":"e5348a40-c9ef-33d3-a873-32ce9373a190"},"isLiked":false,"time":"2021-09-09 18:35","type":"video","hashTags":[],"cooperateBinds":[],"isCollected":false,"video":{"id":"6139e3790000000021039b7a","url":"http://v.xiaohongshu.com/95907c516534bdfdcb72658cd9c0ff083d9739d8_r_ln?sign=63add5d6df2133068801f2197f39bed7&t=615c7680","width":720,"height":1280,"duration":49,"playedCount":0},"inCensor":false,"censorTip":"","user":{"bannerImage":"","fans":60,"follows":76,"gender":1,"id":"5658298db8c8b44cafd43a85","nickname":"双木林2012","notes":13,"boards":0,"location":"中国","image":"https://sns-avatar-qc.xhscdn.com/avatar/60edaa6904fcbc4286ae9966.jpg?imageView2/1/w/540/format/jpg","collected":43,"desc":"县城资料员小白","liked":85,"officialVerified":false,"redOfficialVerifyShowIcon":false,"level":{"image":"https://fe-static.xhscdn.com/formula-static/user-growth/public/4f_89d6a14b2f5f3f5c1ce3cac9fa6dab96.png","name":"困困薯"},"fstatus":"none","redOfficialVerifyIconType":0,"red_id":"509011835","officialVerifyIcon":"","officialVerifyName":"","isFollowed":false},"poi":{},"commentList":[{"content":"可以在网上买个灯盘很便宜安装也简单","user":{"id":"5af53b63e8ac2b55dbc4a72c","nickname":"12号下午"}}],"canShareMoment":false}}
System.out.println(new String(response.body().bytes()));

公钥hash值错误

// 7/7ZtGQbsxpnFWI8v2DmVSwEd6W6dmkHw4TjbuH1Ds0=

Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!
  Peer certificate chain:
    sha256/7/7ZtGQbsxpnFWI8v2DmVSwEd7W6dmkHw4TjbuH1Ds0=: CN=*.xiaohongshu.com, O=行吟信息科技（上海）有限公司, ST=上海市, C=CN
    sha256/TbrK7tI1CsyZLKNdMvoHsV863GbcuERLt4LWrjChCv0=: CN=DigiCert Secure Site CN CA G3, O=DigiCert Inc, C=US
    sha256/r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Pinned certificates for www.xiaohongshu.com:
    sha256/7/7ZtGQbsxpnFWI8v2DmVSwEd6W6dmkHw4TjbuH1Ds0=
	at okhttp3.CertificatePinner.check$okhttp(CertificatePinner.kt:200)
	at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:410)
	at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:337)
	at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:209)
	at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:226)
	at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:106)
	at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:74)
	at okhttp3.internal.connection.RealCall.initExchange$okhttp(RealCall.kt:255)
	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:32)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:95)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:83)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:76)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:109)
	at okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp(RealCall.kt:201)
	at okhttp3.internal.connection.RealCall.execute(RealCall.kt:154)
	at cn.baker.utils.OkHttpTest.main(OkHttpTest.java:37)

Process finished with exit code 1