添加okhttp证书校验，上传日志时禁止写入

0e191dd7 · 赵鹏翔 · c1d3e9a0 · 0e191dd7 · 0e191dd7 · 0e191dd7
Commit 0e191dd7 authored May 19, 2022 by 赵鹏翔
4 changed files
--- a/app/src/main/java/com/miya/fastcashier/BaseApplication.kt
+++ b/app/src/main/java/com/miya/fastcashier/BaseApplication.kt
@@ -116,47 +116,61 @@ class BaseApplication : MultiDexApplication() {
            override fun onActivityCreated(activity: Activity, savedInstanceState: Bundle?) {
                DensityUtils.setDensity(activity, this@BaseApplication)
                XLog.d(DateUtils.format18(Date()) + "  onActivityCreated")
+                if (!LogFileUtils.isProhibitWrite) {
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivityCreated() called with: activity = [$activity]\n")
                }
+            }
            override fun onActivityStarted(activity: Activity) {
                XLog.d(DateUtils.format18(Date()) + "  onActivityStarted")
+                if (!LogFileUtils.isProhibitWrite) {
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivityStarted() called with: activity = [$activity]\n")
                }
+            }
            override fun onActivityResumed(activity: Activity) {
                XLog.d(DateUtils.format18(Date()) + "  onActivityResumed")
+                if (!LogFileUtils.isProhibitWrite) {
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivityResumed() called with: activity = [$activity]\n")
                }
+            }
            override fun onActivityPaused(activity: Activity) {
                XLog.d(DateUtils.format18(Date()) + "  onActivityPaused")
+                if (!LogFileUtils.isProhibitWrite) {
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivityPaused() called with: activity = [$activity]\n")
                }
+            }
            override fun onActivityStopped(activity: Activity) {
                XLog.d(DateUtils.format18(Date()) + "  onActivityStopped")
+                if (!LogFileUtils.isProhibitWrite) {
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivityStopped() called with: activity = [$activity]\n")
                }
+            }
            override fun onActivitySaveInstanceState(activity: Activity, outState: Bundle) {
                XLog.d(DateUtils.format18(Date()) + "  onActivitySaveInstanceState")
+                if (!LogFileUtils.isProhibitWrite) {
                    val memoryStatus = "\ttotalMemory:${Runtime.getRuntime().totalMemory()}\tfreeMemory:${Runtime.getRuntime().freeMemory()}"
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivitySaveInstanceState() called with:" +
                                " activity = [$activity]\nmemoryStatus: $memoryStatus")
                }
+            }
            override fun onActivityDestroyed(activity: Activity) {
                XLog.d(DateUtils.format18(Date()) + "  onActivityDestroyed")
+                if (!LogFileUtils.isProhibitWrite) {
                    LogFileUtils.writeLog(ContextUtils.getContext(),
                        "\n${DateUtils.format18(Date())}########onActivityDestroyed() called with: activity = [$activity]\n")
                }
+            }
        })
    }

--- a/app/src/main/java/com/miya/fastcashier/net/ApiConfig.kt
+++ b/app/src/main/java/com/miya/fastcashier/net/ApiConfig.kt
@@ -6,7 +6,7 @@ import com.miya.fastcashier.beans.SelfCashierTerminalConfig
 object ApiConfig {
    private const val BASE_URL = "https://hhms.miyapay.com/"
-    private const val BASE_URL_4_TEST = ""
+    private const val BASE_URL_4_TEST = "https://hhmspre.miyapay.com/"
    @JvmStatic
    val baseUrl: String

--- a/app/src/main/java/com/miya/fastcashier/net/ApiRequest.kt
+++ b/app/src/main/java/com/miya/fastcashier/net/ApiRequest.kt
@@ -9,6 +9,9 @@ import okhttp3.MultipartBody
 import okhttp3.OkHttpClient
 import retrofit2.Retrofit
 import retrofit2.converter.gson.GsonConverterFactory
+import java.util.concurrent.TimeUnit
+import javax.net.ssl.SSLSocketFactory
+import javax.net.ssl.X509TrustManager
 class ApiRequest private constructor() {
@@ -31,12 +34,20 @@ class ApiRequest private constructor() {
                val httpLoggingInterceptor =
                    MiyaHttpLoggingInterceptor {
                        Log.e("####", it)
+                        if (!LogFileUtils.isProhibitWrite) {
                            LogFileUtils.writeLog(BaseApplication.getApplication(),it)
+                        }
                    }.apply { level = MiyaHttpLoggingInterceptor.Level.BODY }
+                val socketFactory = arrayOfNulls<SSLSocketFactory>(1)
+                val trustManager = arrayOfNulls<X509TrustManager>(1)
+                SSLCertificatesInit.init(socketFactory, trustManager)
                val client = OkHttpClient.Builder()
                    .addInterceptor(httpLoggingInterceptor)
                    .addInterceptor(RequestSignInterceptor())
+                    .sslSocketFactory(socketFactory[0]!!, trustManager[0]!!)
                    .build()
                val retrofit = Retrofit.Builder()

--- a/app/src/main/java/com/miya/fastcashier/net/SSLCertificatesInit.java
+++ b/app/src/main/java/com/miya/fastcashier/net/SSLCertificatesInit.java
+package com.miya.fastcashier.net;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+public class SSLCertificatesInit {
+    public static final String TLS = "TLS";
+    public static final String SSL = "SSL";
+    public static final String SSLV2 = "SSLv2";
+    private static final String SERVER_CERTIFICATE_TYPE = "X.509";
+    private static final String CLIENT_CERTIFICATE_TYPE = "BKS";
+    /**
+     * 信任所有站点
+     *
+     * @param socketFactory 输出参数，在外部创建1个SSLSocketFactory数组
+     * @param trustManager  输出参数，在外部创建1个X509TrustManager数组
+     */
+    public static void init(SSLSocketFactory[] socketFactory, X509TrustManager[] trustManager) {
+        try {
+            SSLContext sslContext = SSLContext.getInstance(TLS);
+            trustManager[0] = new X509TrustManager() {
+                public X509Certificate[] getAcceptedIssuers() {
+                    return new X509Certificate[]{};
+                }
+                public void checkClientTrusted(X509Certificate[] certs, String authType) {
+                }
+                public void checkServerTrusted(X509Certificate[] certs, String authType) {
+                }
+            };
+            sslContext.init(null, new TrustManager[]{trustManager[0]}, new SecureRandom());
+            socketFactory[0] = sslContext.getSocketFactory();
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (KeyManagementException e) {
+            e.printStackTrace();
+        }
+    }
+    /**
+     * 单向验证
+     *
+     * @param socketFactory 输出参数，在外部创建1个SSLSocketFactory数组
+     * @param trustManager  输出参数，在外部创建1个X509TrustManager数组
+     * @param in            服务器cer证书文件的InputStream对象
+     */
+    public static void init(SSLSocketFactory[] socketFactory, X509TrustManager[] trustManager, InputStream in) {
+        try {
+            SSLContext sslContext = SSLContext.getInstance(TLS);
+            TrustManager[] tmArr = createTrustManagers(genServerKeyStore(in));
+            sslContext.init(null, tmArr, new SecureRandom());
+            trustManager[0] = getX509TrustManager(tmArr);
+            socketFactory[0] = sslContext.getSocketFactory();
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (KeyManagementException e) {
+            e.printStackTrace();
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        } finally {
+            try {
+                in.close();
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+        }
+    }
+    private static TrustManager[] createTrustManagers(KeyStore ks) throws KeyStoreException, NoSuchAlgorithmException {
+        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(ks);
+        return tmf.getTrustManagers();
+    }
+    private static KeyStore genServerKeyStore(InputStream in) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        keyStore.load(null);
+        CertificateFactory cf = CertificateFactory.getInstance(SERVER_CERTIFICATE_TYPE);
+        keyStore.setCertificateEntry(SERVER_CERTIFICATE_TYPE, cf.generateCertificate(in));
+        return keyStore;
+    }
+    /**
+     * 双向验证
+     *
+     * @param socketFactory 输出参数，在外部创建1个SSLSocketFactory数组
+     * @param trustManager  输出参数，在外部创建1个X509TrustManager数组
+     * @param serverIn      服务器cer证书文件的InputStream对象
+     * @param clientIn      客户端bks证书的InputStream对象
+     * @param clientPwd     客户端bks证书的密码
+     */
+    public static void getSocketFactory(SSLSocketFactory[] socketFactory, X509TrustManager[] trustManager, InputStream serverIn, InputStream clientIn, String clientPwd) {
+        try {
+            SSLContext sslContext = SSLContext.getInstance(TLS);
+            TrustManager[] tmArr = createTrustManagers(genServerKeyStore(serverIn));
+            sslContext.init(createKeyManagers(genClientKeyStore(clientIn, clientPwd), clientPwd), tmArr, new SecureRandom());
+            trustManager[0] = getX509TrustManager(tmArr);
+            socketFactory[0] = sslContext.getSocketFactory();
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (KeyManagementException e) {
+            e.printStackTrace();
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        } catch (UnrecoverableKeyException e) {
+            e.printStackTrace();
+        } finally {
+            try {
+                serverIn.close();
+                clientIn.close();
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+        }
+    }
+    private static KeyManager[] createKeyManagers(KeyStore ks, String pwd) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
+        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        kmf.init(ks, pwd.toCharArray());
+        return kmf.getKeyManagers();
+    }
+    private static KeyStore genClientKeyStore(InputStream in, String pwd) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
+        KeyStore ks = KeyStore.getInstance(CLIENT_CERTIFICATE_TYPE);
+        ks.load(in, pwd.toCharArray());
+        return ks;
+    }
+    private static X509TrustManager getX509TrustManager(TrustManager[] tmArr) {
+        for (TrustManager tm : tmArr) {
+            if (tm instanceof X509TrustManager) {
+                return (X509TrustManager) tm;
+            }
+        }
+        return null;
+    }
+}