我正在尝试使用适用于Android的Cordova插件实现SSL固定,并且出现错误500:SSL握手失败错误。我正在Android N上运行该应用程序。
我已经尝试了以下插件:
https://github.com/yyfearth/cordova-plugin-http
https://github.com/wymsee/cordova-HTTP
对于我的示例代码,我固定了Facebook的证书。我尝试过固定CA cert(Avast)和叶子证书(facebook)。
下面是我的代码:
var app = {
// Application Constructor
initialize: function() {
document.addEventListener('deviceready', this.onDeviceReady.bind(this), false);
},
// deviceready Event Handler
//
// Bind any cordova events here. Common events are:
// 'pause', 'resume', etc.
onDeviceReady: function() {
this.receivedEvent('deviceready');
cordovaHTTP.enableSSLPinning(
true,
function (msg) {alert("SSL pinning enabled")},
function (msg) {alert("SSL pinning can't be enabled " + msg)}
);
CordovaHttpPlugin.addPinningCerts(
['MIIEXDCCA0SgAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJDWjEP\n' +
'MA0GA1UECAwGUHJhZ3VlMQ4wDAYDVQQKDAVBVkFTVDEdMBsGA1UECwwUU29mdHdh\n' +
'cmUgRGV2ZWxvcG1lbnQxGTAXBgNVBAMMEEF2YXN0IHRydXN0ZWQgQ0EwHhcNMTYx\n' +
'MjA5MDAwMDAwWhcNMTgwMTI1MTIwMDAwWjBpMQswCQYDVQQGEwJVUzETMBEGA1UE\n' +
'CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFj\n' +
'ZWJvb2ssIEluYy4xFzAVBgNVBAMMDiouZmFjZWJvb2suY29tMIIBIjANBgkqhkiG\n' +
'9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEjiWVGgjCgy6GjTUTZJAFgPJ5ybGKVvCzG7\n' +
'yDKB2A2gLhFD3oEwiikVI2glBcSoPq6Yy2sOpZJWb2uchDVydjqy/6UrwL9vjZ4v\n' +
'AicRsI0A+ftVpyQZhCb2r50OnI6Fy8rpYQc0B8DP2XEq8RE3nrG7cFt80e+vygNv\n' +
'+FvV/8QwAAZlDNMCiCUEMtQ3ZHh8XybVIhVVYefrPY7GLec7UbbgP0coaJE9utVI\n' +
'ZxLIOzD+3dpCL0+/f6H2BkQLeVi5qB3+fyVsHqkHDKHnjG18nrJUR9xcNFNO9Onh\n' +
'ZK/JwT3kyECnd7mv7wE5JG9o3nsMapic+OkLWUTUNZYRzeyj3QIDAQABo4IBDjCC\n' +
'AQowHQYDVR0OBBYEFJ8vur6MoceTetprJx2P+OTfMgh2MB8GA1UdIwQYMBaAFEE4\n' +
'wE3WMlzLKyRJ94n3/3fKbXcfMIHHBgNVHREEgb8wgbyCDiouZmFjZWJvb2suY29t\n' +
'gg4qLmZhY2Vib29rLm5ldIIIKi5mYi5jb22CCyouZmJjZG4ubmV0ggsqLmZic2J4\n' +
'LmNvbYIQKi5tLmZhY2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg4qLnh4LmZi\n' +
'Y2RuLm5ldIIOKi54eS5mYmNkbi5uZXSCDioueHouZmJjZG4ubmV0ggxmYWNlYm9v\n' +
'ay5jb22CBmZiLmNvbYINbWVzc2VuZ2VyLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA\n' +
'POrSZ9dMpwQHRO78VfBjDLeoGKYk2EdnTyxFIzZXPaLzMA5+X97eektopJgRWWIG\n' +
'aVn1fsHgwNl7DqdG13mHN6w9ziMon5TlXyz0NZn9jKEtdiw0VZG6f2ccn9HOBUqK\n' +
'5EDeWKXS4XwvrckPLC61nGsUIBGa+OBIh4tQNOgLzp3sY4DzWcyV2X1CFsDtLcPT\n' +
'WWXLOY8JhkFFNkTpLHbbVYFiUUoJ49C+MTt3+0ciwQr4/Tm250ksfpgL+O5u5aB7\n' +
'hngx78ACuL9qjT682tHgw7+Y4oe9cTAs93tf5Bnp0jdjkOomJFS5YgNHTEjD9rA3\n' +
'2d9j7kz7MY2lD5/lEsfCsg==\n']
function(msg) {alert("OK, Added pinned certs success!")},
function(msg) {alert("ERROR, adding pinned certs denied " + JSON.stringify(msg))}
);
cordovaHTTP.validateDomainName(true,
function(msg) {alert("OK, Domain Name validate")},
function(msg) {alert("ERROR, Domain Name not validate " + JSON.stringify(msg))}
);
window.cordovaHTTP.get(
"https://www.facebook.com/", //https://www.facebook.com", // we have a .cer file for this in www/certificates also in assets/certificates
{}, // optional params
{}, // optional headers
function(msg) {alert("OK, Connection allowed")},
function(msg) {alert("ERROR, Connection denied " + JSON.stringify(msg))}
);
},
// Update DOM on a Received Event
receivedEvent: function(id) {
var parentElement = document.getElementById(id);
var listeningElement = parentElement.querySelector('.listening');
var receivedElement = parentElement.querySelector('.received');
listeningElement.setAttribute('style', 'display:none;');
receivedElement.setAttribute('style', 'display:block;');
console.log('Received Event: ' + id);
}
};
app.initialize();
关于如何解决它的任何想法?
最佳答案
我使用了以下插件:
SSL Checker
SSL Pinning
根据我的理解,您必须在项目文件夹中包含所有证书。
另外,检查证书是否正确链接到要连接的服务器也很重要。您可能还需要根证书,中间证书和基础证书,才能将其包括在项目文件夹中。
请确保您要固定的证书是针对您要命中的服务器的。