下面列出了怎么用android.net.http.X509TrustManagerExtensions的API类实例代码及写法,或者点击链接到github查看源代码。
/**
* A trust manager which implements path, hostname and pinning validation for a given hostname
* and sends pinning failure reports if validation failed.
*
* Before Android N, the PinningTrustManager implements pinning validation itself. On Android
* N and later the OS' implementation is used instead for pinning validation.
*
* @param serverHostname: The hostname of the server whose identity is being validated. It will
* be validated against the name(s) the leaf certificate was issued for
* when performing hostname validation.
* @param serverConfig: The pinning policy to be enforced when doing pinning validation.
* @param baselineTrustManager: The trust manager to use for path validation.
*/
public PinningTrustManager(@NonNull String serverHostname,
@NonNull DomainPinningPolicy serverConfig,
@NonNull X509TrustManager baselineTrustManager) {
// Store server's information
this.serverHostname = serverHostname;
this.serverConfig = serverConfig;
if (Build.VERSION.SDK_INT < 17) {
// No pinning validation at all for API level < 17
// Because X509TrustManagerExtensions is not available
this.baselineTrustManager = null;
} else {
// We use the default trust manager so we can perform regular SSL validation and we wrap
// it in the Android-specific X509TrustManagerExtensions, which provides an API to
// compute the cleaned/verified server certificate chain that we eventually need for
// pinning validation. Also the X509TrustManagerExtensions provides a
// checkServerTrusted() where the hostname can be supplied, allowing it to call the
// (system) RootTrustManager on Android N
this.baselineTrustManager = new X509TrustManagerExtensions(baselineTrustManager);
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
String host = mServerHostname.get();
DomainPinningPolicy serverConfig =
TrustKit.getInstance().getConfiguration().getPolicyForHostname(host);
X509TrustManager trustManager = TrustKit.getInstance().getTrustManager(host);
//The first check is needed for compatibility with the Platform default's implementation of
//the Trust Manager. For APIs 24 and greater, the Platform's default TrustManager states
//that it requires usage of the hostname-aware version of checkServerTrusted for app's that
//implement Android's network_security_config file. The 2nd check is to allow usage of the
//X509TrustManagerExtensions class. Any API below will default to the baseline trust manager.
if (serverConfig == null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
new X509TrustManagerExtensions(trustManager).checkServerTrusted(chain, authType, host);
} else {
trustManager.checkServerTrusted(chain, authType);
}
}
@SuppressLint("NewApi")
public X509TrustManagerJellyBean(X509TrustManager trustManager) {
mTrustManagerExtensions = new X509TrustManagerExtensions(trustManager);
}
@SuppressLint("NewApi")
public X509TrustManagerJellyBean(X509TrustManager trustManager) {
mTrustManagerExtensions = new X509TrustManagerExtensions(trustManager);
}