android/okhttp
1
0
Fork 0
mirror of https://github.com/square/okhttp.git synced 2026-01-12 10:23:16 +03:00
Code Releases Activity
Files
87f74d02854d187d73175ceff55c093ebd1f1044
okhttp/https/index.html
Jesse Wilson 87f74d0285 Deployed bd675a830 with MkDocs version: 1.0.4
2019-12-31 14:23:38 -05:00

961 lines
42 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<meta name="description" content="An HTTP & HTTP/2 client for Android and Java applications">
<link rel="canonical" href="https://square.github.com/okhttp/https/">
<meta name="author" content="Square, Inc.">
<meta name="lang:clipboard.copy" content="Copy to clipboard">
<meta name="lang:clipboard.copied" content="Copied to clipboard">
<meta name="lang:search.language" content="en">
<meta name="lang:search.pipeline.stopwords" content="True">
<meta name="lang:search.pipeline.trimmer" content="True">
<meta name="lang:search.result.none" content="No matching documents">
<meta name="lang:search.result.one" content="1 matching document">
<meta name="lang:search.result.other" content="# matching documents">
<meta name="lang:search.tokenizer" content="[\s\-]+">
<link rel="shortcut icon" href="../images/icon-square.png">
<meta name="generator" content="mkdocs-1.0.4, mkdocs-material-4.4.0">
<title>HTTPS - OkHttp</title>
<link rel="stylesheet" href="../assets/stylesheets/application.0284f74d.css">
<link rel="stylesheet" href="../assets/stylesheets/application-palette.01803549.css">
<meta name="theme-color" content="#009688">
<script src="../assets/javascripts/modernizr.74668098.js"></script>
<link href="https://fonts.gstatic.com" rel="preconnect" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700|Roboto+Mono&display=fallback">
<style>body,input{font-family:"Roboto","Helvetica Neue",Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono","Courier New",Courier,monospace}</style>
<link rel="stylesheet" href="../assets/fonts/material-icons.css">
<link rel="stylesheet" href="../css/app.css">
</head>
<body dir="ltr" data-md-color-primary="teal" data-md-color-accent="white">
<svg class="md-svg">
<defs>
<svg xmlns="http://www.w3.org/2000/svg" width="416" height="448" viewBox="0 0 416 448" id="__github"><path fill="currentColor" d="M160 304q0 10-3.125 20.5t-10.75 19T128 352t-18.125-8.5-10.75-19T96 304t3.125-20.5 10.75-19T128 256t18.125 8.5 10.75 19T160 304zm160 0q0 10-3.125 20.5t-10.75 19T288 352t-18.125-8.5-10.75-19T256 304t3.125-20.5 10.75-19T288 256t18.125 8.5 10.75 19T320 304zm40 0q0-30-17.25-51T296 232q-10.25 0-48.75 5.25Q229.5 240 208 240t-39.25-2.75Q130.75 232 120 232q-29.5 0-46.75 21T56 304q0 22 8 38.375t20.25 25.75 30.5 15 35 7.375 37.25 1.75h42q20.5 0 37.25-1.75t35-7.375 30.5-15 20.25-25.75T360 304zm56-44q0 51.75-15.25 82.75-9.5 19.25-26.375 33.25t-35.25 21.5-42.5 11.875-42.875 5.5T212 416q-19.5 0-35.5-.75t-36.875-3.125-38.125-7.5-34.25-12.875T37 371.5t-21.5-28.75Q0 312 0 260q0-59.25 34-99-6.75-20.5-6.75-42.5 0-29 12.75-54.5 27 0 47.5 9.875t47.25 30.875Q171.5 96 212 96q37 0 70 8 26.25-20.5 46.75-30.25T376 64q12.75 25.5 12.75 54.5 0 21.75-6.75 42 34 40 34 99.5z"/></svg>
</defs>
</svg>
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" data-md-component="overlay" for="__drawer"></label>
<a href="#https" tabindex="1" class="md-skip">
Skip to content
</a>
<header class="md-header" data-md-component="header">
<nav class="md-header-nav md-grid">
<div class="md-flex">
<div class="md-flex__cell md-flex__cell--shrink">
<a href="https://square.github.com/okhttp/" title="OkHttp" class="md-header-nav__button md-logo">
<img src="../images/icon-square.png" width="24" height="24">
</a>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--menu md-header-nav__button" for="__drawer"></label>
</div>
<div class="md-flex__cell md-flex__cell--stretch">
<div class="md-flex__ellipsis md-header-nav__title" data-md-component="title">
<span class="md-header-nav__topic">
OkHttp
</span>
<span class="md-header-nav__topic">
HTTPS
</span>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<label class="md-icon md-icon--search md-header-nav__button" for="__search"></label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="query" data-md-state="active">
<label class="md-icon md-search__icon" for="__search"></label>
<button type="reset" class="md-icon md-search__icon" data-md-component="reset" tabindex="-1">
&#xE5CD;
</button>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" data-md-scrollfix>
<div class="md-search-result" data-md-component="result">
<div class="md-search-result__meta">
Type to start searching
</div>
<ol class="md-search-result__list"></ol>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<div class="md-header-nav__source">
<a href="https://github.com/square/okhttp/" title="Go to repository" class="md-source" data-md-source="github">
<div class="md-source__icon">
<svg viewBox="0 0 24 24" width="24" height="24">
<use xlink:href="#__github" width="24" height="24"></use>
</svg>
</div>
<div class="md-source__repository">
OkHttp
</div>
</a>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container">
<main class="md-main">
<div class="md-main__inner md-grid" data-md-component="container">
<div class="md-sidebar md-sidebar--primary" data-md-component="navigation">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary" data-md-level="0">
<label class="md-nav__title md-nav__title--site" for="__drawer">
<a href="https://square.github.com/okhttp/" title="OkHttp" class="md-nav__button md-logo">
<img src="../images/icon-square.png" width="48" height="48">
</a>
OkHttp
</label>
<div class="md-nav__source">
<a href="https://github.com/square/okhttp/" title="Go to repository" class="md-source" data-md-source="github">
<div class="md-source__icon">
<svg viewBox="0 0 24 24" width="24" height="24">
<use xlink:href="#__github" width="24" height="24"></use>
</svg>
</div>
<div class="md-source__repository">
OkHttp
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href=".." title="Overview" class="md-nav__link">
Overview
</a>
</li>
<li class="md-nav__item">
<a href="../calls/" title="Calls" class="md-nav__link">
Calls
</a>
</li>
<li class="md-nav__item">
<a href="../connections/" title="Connections" class="md-nav__link">
Connections
</a>
</li>
<li class="md-nav__item">
<a href="../recipes/" title="Recipes" class="md-nav__link">
Recipes
</a>
</li>
<li class="md-nav__item">
<a href="../interceptors/" title="Interceptors" class="md-nav__link">
Interceptors
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-toggle md-nav__toggle" data-md-toggle="toc" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
HTTPS
</label>
<a href="./" title="HTTPS" class="md-nav__link md-nav__link--active">
HTTPS
</a>
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#certificate-pinning-kt-java" title="Certificate Pinning (.kt, .java)" class="md-nav__link">
Certificate Pinning (.kt, .java)
</a>
</li>
<li class="md-nav__item">
<a href="#customizing-trusted-certificates-kt-java" title="Customizing Trusted Certificates (.kt, .java)" class="md-nav__link">
Customizing Trusted Certificates (.kt, .java)
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../events/" title="Events" class="md-nav__link">
Events
</a>
</li>
<li class="md-nav__item">
<a href="../works_with_okhttp/" title="Works with OkHttp" class="md-nav__link">
Works with OkHttp
</a>
</li>
<li class="md-nav__item">
<a href="https://stackoverflow.com/questions/tagged/okhttp?sort=active" title="Stack Overflow ⏏" class="md-nav__link">
Stack Overflow ⏏
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-10" type="checkbox" id="nav-10">
<label class="md-nav__link" for="nav-10">
4.x API
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-10">
4.x API
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../4.x/okhttp/okhttp3/" title="okhttp" class="md-nav__link">
okhttp
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/okhttp-brotli/okhttp3.brotli/" title="brotli" class="md-nav__link">
brotli
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/okhttp-dnsoverhttps/okhttp3.dnsoverhttps/" title="dnsoverhttps" class="md-nav__link">
dnsoverhttps
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/okhttp-logging-interceptor/okhttp3.logging/" title="logging-interceptor" class="md-nav__link">
logging-interceptor
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/okhttp-sse/okhttp3.sse/" title="sse" class="md-nav__link">
sse
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/okhttp-tls/okhttp3.tls/" title="tls" class="md-nav__link">
tls
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/okhttp-urlconnection/okhttp3/" title="urlconnection" class="md-nav__link">
urlconnection
</a>
</li>
<li class="md-nav__item">
<a href="../4.x/mockwebserver/okhttp3.mockwebserver/" title="mockwebserver" class="md-nav__link">
mockwebserver
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-toggle md-nav__toggle" data-md-toggle="nav-11" type="checkbox" id="nav-11">
<label class="md-nav__link" for="nav-11">
3.x API
</label>
<nav class="md-nav" data-md-component="collapsible" data-md-level="1">
<label class="md-nav__title" for="nav-11">
3.x API
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/okhttp/" title="okhttp ⏏" class="md-nav__link">
okhttp ⏏
</a>
</li>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/okhttp-dnsoverhttps/" title="dnsoverhttps ⏏" class="md-nav__link">
dnsoverhttps ⏏
</a>
</li>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/logging-interceptor/" title="logging-interceptor ⏏" class="md-nav__link">
logging-interceptor ⏏
</a>
</li>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/okhttp-sse/" title="sse ⏏" class="md-nav__link">
sse ⏏
</a>
</li>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/okhttp-tls/" title="tls ⏏" class="md-nav__link">
tls ⏏
</a>
</li>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/okhttp-urlconnection/" title="urlconnection ⏏" class="md-nav__link">
urlconnection ⏏
</a>
</li>
<li class="md-nav__item">
<a href="https://square.github.io/okhttp/3.x/mockwebserver/" title="mockwebserver ⏏" class="md-nav__link">
mockwebserver ⏏
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../changelog/" title="Change Log" class="md-nav__link">
Change Log
</a>
</li>
<li class="md-nav__item">
<a href="../upgrading_to_okhttp_4/" title="Upgrading to OkHttp 4" class="md-nav__link">
Upgrading to OkHttp 4
</a>
</li>
<li class="md-nav__item">
<a href="../contributing/" title="Contributing" class="md-nav__link">
Contributing
</a>
</li>
<li class="md-nav__item">
<a href="../code_of_conduct/" title="Code of Conduct" class="md-nav__link">
Code of Conduct
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="toc">
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary">
<label class="md-nav__title" for="__toc">Table of contents</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="#certificate-pinning-kt-java" title="Certificate Pinning (.kt, .java)" class="md-nav__link">
Certificate Pinning (.kt, .java)
</a>
</li>
<li class="md-nav__item">
<a href="#customizing-trusted-certificates-kt-java" title="Customizing Trusted Certificates (.kt, .java)" class="md-nav__link">
Customizing Trusted Certificates (.kt, .java)
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/square/okhttp/edit/master/docs/https.md" title="Edit this page" class="md-icon md-content__icon">&#xE3C9;</a>
<h1 id="https">HTTPS<a class="headerlink" href="#https" title="Permanent link">&para;</a></h1>
<p>OkHttp attempts to balance two competing concerns:</p>
<ul>
<li><strong>Connectivity</strong> to as many hosts as possible. That includes advanced hosts that run the latest versions of <a href="https://boringssl.googlesource.com/boringssl/">boringssl</a> and less out of date hosts running older versions of <a href="https://www.openssl.org/">OpenSSL</a>.</li>
<li><strong>Security</strong> of the connection. This includes verification of the remote webserver with certificates and the privacy of data exchanged with strong ciphers.</li>
</ul>
<p>When negotiating a connection to an HTTPS server, OkHttp needs to know which <a href="http://square.github.io/okhttp/4.x/okhttp/okhttp3/-tls-version/">TLS versions</a> and <a href="http://square.github.io/okhttp/4.x/okhttp/okhttp3/-cipher-suite/">cipher suites</a> to offer. A client that wants to maximize connectivity would include obsolete TLS versions and weak-by-design cipher suites. A strict client that wants to maximize security would be limited to only the latest TLS version and strongest cipher suites.</p>
<p>Specific security vs. connectivity decisions are implemented by <a href="http://square.github.io/okhttp/4.x/okhttp/okhttp3/-connection-spec/">ConnectionSpec</a>. OkHttp includes four built-in connection specs:</p>
<ul>
<li><code>RESTRICTED_TLS</code> is a secure configuration, intended to meet stricter compliance requirements.</li>
<li><code>MODERN_TLS</code> is a secure configuration that connects to modern HTTPS servers.</li>
<li><code>COMPATIBLE_TLS</code> is a secure configuration that connects to securebut not currentHTTPS servers.</li>
<li><code>CLEARTEXT</code> is an insecure configuration that is used for <code>http://</code> URLs.</li>
</ul>
<p>These loosely follow the model set in <a href="https://cloud.google.com/load-balancing/docs/ssl-policies-concepts">Google Cloud Policies</a>. We <a href="../tls_configuration_history/">track changes</a> to this policy.</p>
<p>By default, OkHttp will attempt a <code>MODERN_TLS</code> connection. However by configuring the client connectionSpecs you can allow a fall back to <code>COMPATIBLE_TLS</code> connection if the modern configuration fails.</p>
<div class="codehilite"><pre><span></span><span class="n">OkHttpClient</span> <span class="n">client</span> <span class="o">=</span> <span class="k">new</span> <span class="n">OkHttpClient</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">connectionSpecs</span><span class="o">(</span><span class="n">Arrays</span><span class="o">.</span><span class="na">asList</span><span class="o">(</span><span class="n">ConnectionSpec</span><span class="o">.</span><span class="na">MODERN_TLS</span><span class="o">,</span> <span class="n">ConnectionSpec</span><span class="o">.</span><span class="na">COMPATIBLE_TLS</span><span class="o">))</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
</pre></div>
<p>The TLS versions and cipher suites in each spec can change with each release. For example, in OkHttp 2.2 we dropped support for SSL 3.0 in response to the <a href="http://googleonlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html">POODLE</a> attack. And in OkHttp 2.3 we dropped support for <a href="http://en.wikipedia.org/wiki/RC4#Security">RC4</a>. As with your desktop web browser, staying up-to-date with OkHttp is the best way to stay secure.</p>
<p>You can build your own connection spec with a custom set of TLS versions and cipher suites. For example, this configuration is limited to three highly-regarded cipher suites. Its drawback is that it requires Android 5.0+ and a similarly current webserver.</p>
<div class="codehilite"><pre><span></span><span class="n">ConnectionSpec</span> <span class="n">spec</span> <span class="o">=</span> <span class="k">new</span> <span class="n">ConnectionSpec</span><span class="o">.</span><span class="na">Builder</span><span class="o">(</span><span class="n">ConnectionSpec</span><span class="o">.</span><span class="na">MODERN_TLS</span><span class="o">)</span>
<span class="o">.</span><span class="na">tlsVersions</span><span class="o">(</span><span class="n">TlsVersion</span><span class="o">.</span><span class="na">TLS_1_2</span><span class="o">)</span>
<span class="o">.</span><span class="na">cipherSuites</span><span class="o">(</span>
<span class="n">CipherSuite</span><span class="o">.</span><span class="na">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span><span class="o">,</span>
<span class="n">CipherSuite</span><span class="o">.</span><span class="na">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span><span class="o">,</span>
<span class="n">CipherSuite</span><span class="o">.</span><span class="na">TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</span><span class="o">)</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
<span class="n">OkHttpClient</span> <span class="n">client</span> <span class="o">=</span> <span class="k">new</span> <span class="n">OkHttpClient</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">connectionSpecs</span><span class="o">(</span><span class="n">Collections</span><span class="o">.</span><span class="na">singletonList</span><span class="o">(</span><span class="n">spec</span><span class="o">))</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
</pre></div>
<h3 id="certificate-pinning-kt-java">Certificate Pinning (<a href="https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/kt/CertificatePinning.kt">.kt</a>, <a href="https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CertificatePinning.java">.java</a>)<a class="headerlink" href="#certificate-pinning-kt-java" title="Permanent link">&para;</a></h3>
<p>By default, OkHttp trusts the certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the <a href="http://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html">2011 DigiNotar attack</a>. It also assumes your HTTPS servers certificates are signed by a certificate authority.</p>
<p>Use <a href="http://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/">CertificatePinner</a> to restrict which certificates and certificate authorities are trusted. Certificate pinning increases security, but limits your server teams abilities to update their TLS certificates. <strong>Do not use certificate pinning without the blessing of your servers TLS administrator!</strong></p>
<div class="superfences-tabs">
<input name="__tabs_1" type="radio" id="__tab_1_0" checked="checked" />
<label for="__tab_1_0">Kotlin</label>
<div class="superfences-content"><div class="codehilite"><pre><span></span> <span class="k">private</span> <span class="k">val</span> <span class="py">client</span> <span class="p">=</span> <span class="n">OkHttpClient</span><span class="p">.</span><span class="n">Builder</span><span class="p">()</span>
<span class="p">.</span><span class="n">certificatePinner</span><span class="p">(</span>
<span class="n">CertificatePinner</span><span class="p">.</span><span class="n">Builder</span><span class="p">()</span>
<span class="p">.</span><span class="n">add</span><span class="p">(</span><span class="s">&quot;publicobject.com&quot;</span><span class="p">,</span> <span class="s">&quot;sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=&quot;</span><span class="p">)</span>
<span class="p">.</span><span class="n">build</span><span class="p">())</span>
<span class="p">.</span><span class="n">build</span><span class="p">()</span>
<span class="k">fun</span> <span class="nf">run</span><span class="p">()</span> <span class="p">{</span>
<span class="k">val</span> <span class="py">request</span> <span class="p">=</span> <span class="n">Request</span><span class="p">.</span><span class="n">Builder</span><span class="p">()</span>
<span class="p">.</span><span class="n">url</span><span class="p">(</span><span class="s">&quot;https://publicobject.com/robots.txt&quot;</span><span class="p">)</span>
<span class="p">.</span><span class="n">build</span><span class="p">()</span>
<span class="n">client</span><span class="p">.</span><span class="n">newCall</span><span class="p">(</span><span class="n">request</span><span class="p">).</span><span class="n">execute</span><span class="p">().</span><span class="n">use</span> <span class="p">{</span> <span class="n">response</span> <span class="p">-&gt;</span>
<span class="k">if</span> <span class="p">(!</span><span class="n">response</span><span class="p">.</span><span class="n">isSuccessful</span><span class="p">)</span> <span class="k">throw</span> <span class="n">IOException</span><span class="p">(</span><span class="s">&quot;Unexpected code $response&quot;</span><span class="p">)</span>
<span class="k">for</span> <span class="p">(</span><span class="n">certificate</span> <span class="k">in</span> <span class="n">response</span><span class="p">.</span><span class="n">handshake</span><span class="o">!!</span><span class="p">.</span><span class="n">peerCertificates</span><span class="p">)</span> <span class="p">{</span>
<span class="n">println</span><span class="p">(</span><span class="n">CertificatePinner</span><span class="p">.</span><span class="n">pin</span><span class="p">(</span><span class="n">certificate</span><span class="p">))</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="p">}</span>
</pre></div></div>
<input name="__tabs_1" type="radio" id="__tab_1_1" />
<label for="__tab_1_1">Java</label>
<div class="superfences-content"><div class="codehilite"><pre><span></span> <span class="kd">private</span> <span class="kd">final</span> <span class="n">OkHttpClient</span> <span class="n">client</span> <span class="o">=</span> <span class="k">new</span> <span class="n">OkHttpClient</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">certificatePinner</span><span class="o">(</span>
<span class="k">new</span> <span class="n">CertificatePinner</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">add</span><span class="o">(</span><span class="s">&quot;publicobject.com&quot;</span><span class="o">,</span> <span class="s">&quot;sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=&quot;</span><span class="o">)</span>
<span class="o">.</span><span class="na">build</span><span class="o">())</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
<span class="kd">public</span> <span class="kt">void</span> <span class="nf">run</span><span class="o">()</span> <span class="kd">throws</span> <span class="n">Exception</span> <span class="o">{</span>
<span class="n">Request</span> <span class="n">request</span> <span class="o">=</span> <span class="k">new</span> <span class="n">Request</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">url</span><span class="o">(</span><span class="s">&quot;https://publicobject.com/robots.txt&quot;</span><span class="o">)</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
<span class="k">try</span> <span class="o">(</span><span class="n">Response</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="o">.</span><span class="na">newCall</span><span class="o">(</span><span class="n">request</span><span class="o">).</span><span class="na">execute</span><span class="o">())</span> <span class="o">{</span>
<span class="k">if</span> <span class="o">(!</span><span class="n">response</span><span class="o">.</span><span class="na">isSuccessful</span><span class="o">())</span> <span class="k">throw</span> <span class="k">new</span> <span class="n">IOException</span><span class="o">(</span><span class="s">&quot;Unexpected code &quot;</span> <span class="o">+</span> <span class="n">response</span><span class="o">);</span>
<span class="k">for</span> <span class="o">(</span><span class="n">Certificate</span> <span class="n">certificate</span> <span class="o">:</span> <span class="n">response</span><span class="o">.</span><span class="na">handshake</span><span class="o">().</span><span class="na">peerCertificates</span><span class="o">())</span> <span class="o">{</span>
<span class="n">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">CertificatePinner</span><span class="o">.</span><span class="na">pin</span><span class="o">(</span><span class="n">certificate</span><span class="o">));</span>
<span class="o">}</span>
<span class="o">}</span>
<span class="o">}</span>
</pre></div></div>
</div>
<h3 id="customizing-trusted-certificates-kt-java">Customizing Trusted Certificates (<a href="https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/kt/CustomTrust.kt">.kt</a>, <a href="https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java">.java</a>)<a class="headerlink" href="#customizing-trusted-certificates-kt-java" title="Permanent link">&para;</a></h3>
<p>The full code sample shows how to replace the host platforms certificate authorities with your own set. As above, <strong>do not use custom certificates without the blessing of your servers TLS administrator!</strong></p>
<div class="superfences-tabs">
<input name="__tabs_2" type="radio" id="__tab_2_0" checked="checked" />
<label for="__tab_2_0">Kotlin</label>
<div class="superfences-content"><div class="codehilite"><pre><span></span> <span class="k">private</span> <span class="k">val</span> <span class="py">client</span><span class="p">:</span> <span class="n">OkHttpClient</span>
<span class="n">init</span> <span class="p">{</span>
<span class="k">val</span> <span class="py">trustManager</span> <span class="p">=</span> <span class="n">trustManagerForCertificates</span><span class="p">(</span><span class="n">trustedCertificatesInputStream</span><span class="p">())</span>
<span class="k">val</span> <span class="py">sslContext</span> <span class="p">=</span> <span class="n">SSLContext</span><span class="p">.</span><span class="n">getInstance</span><span class="p">(</span><span class="s">&quot;TLS&quot;</span><span class="p">)</span>
<span class="n">sslContext</span><span class="p">.</span><span class="n">init</span><span class="p">(</span><span class="k">null</span><span class="p">,</span> <span class="n">arrayOf</span><span class="p">&lt;</span><span class="n">TrustManager</span><span class="p">&gt;(</span><span class="n">trustManager</span><span class="p">),</span> <span class="k">null</span><span class="p">)</span>
<span class="k">val</span> <span class="py">sslSocketFactory</span> <span class="p">=</span> <span class="n">sslContext</span><span class="p">.</span><span class="n">socketFactory</span>
<span class="n">client</span> <span class="p">=</span> <span class="n">OkHttpClient</span><span class="p">.</span><span class="n">Builder</span><span class="p">()</span>
<span class="p">.</span><span class="n">sslSocketFactory</span><span class="p">(</span><span class="n">sslSocketFactory</span><span class="p">,</span> <span class="n">trustManager</span><span class="p">)</span>
<span class="p">.</span><span class="n">build</span><span class="p">()</span>
<span class="p">}</span>
<span class="k">fun</span> <span class="nf">run</span><span class="p">()</span> <span class="p">{</span>
<span class="k">val</span> <span class="py">request</span> <span class="p">=</span> <span class="n">Request</span><span class="p">.</span><span class="n">Builder</span><span class="p">()</span>
<span class="p">.</span><span class="n">url</span><span class="p">(</span><span class="s">&quot;https://publicobject.com/helloworld.txt&quot;</span><span class="p">)</span>
<span class="p">.</span><span class="n">build</span><span class="p">()</span>
<span class="n">client</span><span class="p">.</span><span class="n">newCall</span><span class="p">(</span><span class="n">request</span><span class="p">).</span><span class="n">execute</span><span class="p">().</span><span class="n">use</span> <span class="p">{</span> <span class="n">response</span> <span class="p">-&gt;</span>
<span class="k">if</span> <span class="p">(!</span><span class="n">response</span><span class="p">.</span><span class="n">isSuccessful</span><span class="p">)</span> <span class="k">throw</span> <span class="n">IOException</span><span class="p">(</span><span class="s">&quot;Unexpected code $response&quot;</span><span class="p">)</span>
<span class="k">for</span> <span class="p">((</span><span class="n">name</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">in</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">)</span> <span class="p">{</span>
<span class="n">println</span><span class="p">(</span><span class="s">&quot;$name: $value&quot;</span><span class="p">)</span>
<span class="p">}</span>
<span class="n">println</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">body</span><span class="o">!!</span><span class="p">.</span><span class="n">string</span><span class="p">())</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="cm">/**</span>
<span class="cm"> * Returns an input stream containing one or more certificate PEM files. This implementation just</span>
<span class="cm"> * embeds the PEM files in Java strings; most applications will instead read this from a resource</span>
<span class="cm"> * file that gets bundled with the application.</span>
<span class="cm"> */</span>
<span class="k">private</span> <span class="k">fun</span> <span class="nf">trustedCertificatesInputStream</span><span class="p">():</span> <span class="n">InputStream</span> <span class="p">{</span>
<span class="p">...</span> <span class="c1">// Full source omitted. See sample.</span>
<span class="p">}</span>
<span class="k">private</span> <span class="k">fun</span> <span class="nf">trustManagerForCertificates</span><span class="p">(</span><span class="n">inputStream</span><span class="p">:</span> <span class="n">InputStream</span><span class="p">):</span> <span class="n">X509TrustManager</span> <span class="p">{</span>
<span class="p">...</span> <span class="c1">// Full source omitted. See sample.</span>
<span class="p">}</span>
</pre></div></div>
<input name="__tabs_2" type="radio" id="__tab_2_1" />
<label for="__tab_2_1">Java</label>
<div class="superfences-content"><div class="codehilite"><pre><span></span> <span class="kd">private</span> <span class="kd">final</span> <span class="n">OkHttpClient</span> <span class="n">client</span><span class="o">;</span>
<span class="kd">public</span> <span class="nf">CustomTrust</span><span class="o">()</span> <span class="o">{</span>
<span class="n">X509TrustManager</span> <span class="n">trustManager</span><span class="o">;</span>
<span class="n">SSLSocketFactory</span> <span class="n">sslSocketFactory</span><span class="o">;</span>
<span class="k">try</span> <span class="o">{</span>
<span class="n">trustManager</span> <span class="o">=</span> <span class="n">trustManagerForCertificates</span><span class="o">(</span><span class="n">trustedCertificatesInputStream</span><span class="o">());</span>
<span class="n">SSLContext</span> <span class="n">sslContext</span> <span class="o">=</span> <span class="n">SSLContext</span><span class="o">.</span><span class="na">getInstance</span><span class="o">(</span><span class="s">&quot;TLS&quot;</span><span class="o">);</span>
<span class="n">sslContext</span><span class="o">.</span><span class="na">init</span><span class="o">(</span><span class="kc">null</span><span class="o">,</span> <span class="k">new</span> <span class="n">TrustManager</span><span class="o">[]</span> <span class="o">{</span> <span class="n">trustManager</span> <span class="o">},</span> <span class="kc">null</span><span class="o">);</span>
<span class="n">sslSocketFactory</span> <span class="o">=</span> <span class="n">sslContext</span><span class="o">.</span><span class="na">getSocketFactory</span><span class="o">();</span>
<span class="o">}</span> <span class="k">catch</span> <span class="o">(</span><span class="n">GeneralSecurityException</span> <span class="n">e</span><span class="o">)</span> <span class="o">{</span>
<span class="k">throw</span> <span class="k">new</span> <span class="n">RuntimeException</span><span class="o">(</span><span class="n">e</span><span class="o">);</span>
<span class="o">}</span>
<span class="n">client</span> <span class="o">=</span> <span class="k">new</span> <span class="n">OkHttpClient</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">sslSocketFactory</span><span class="o">(</span><span class="n">sslSocketFactory</span><span class="o">,</span> <span class="n">trustManager</span><span class="o">)</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
<span class="o">}</span>
<span class="kd">public</span> <span class="kt">void</span> <span class="nf">run</span><span class="o">()</span> <span class="kd">throws</span> <span class="n">Exception</span> <span class="o">{</span>
<span class="n">Request</span> <span class="n">request</span> <span class="o">=</span> <span class="k">new</span> <span class="n">Request</span><span class="o">.</span><span class="na">Builder</span><span class="o">()</span>
<span class="o">.</span><span class="na">url</span><span class="o">(</span><span class="s">&quot;https://publicobject.com/helloworld.txt&quot;</span><span class="o">)</span>
<span class="o">.</span><span class="na">build</span><span class="o">();</span>
<span class="n">Response</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="o">.</span><span class="na">newCall</span><span class="o">(</span><span class="n">request</span><span class="o">).</span><span class="na">execute</span><span class="o">();</span>
<span class="n">System</span><span class="o">.</span><span class="na">out</span><span class="o">.</span><span class="na">println</span><span class="o">(</span><span class="n">response</span><span class="o">.</span><span class="na">body</span><span class="o">().</span><span class="na">string</span><span class="o">());</span>
<span class="o">}</span>
<span class="kd">private</span> <span class="n">InputStream</span> <span class="nf">trustedCertificatesInputStream</span><span class="o">()</span> <span class="o">{</span>
<span class="o">...</span> <span class="c1">// Full source omitted. See sample.</span>
<span class="o">}</span>
<span class="kd">public</span> <span class="n">SSLContext</span> <span class="nf">sslContextForTrustedCertificates</span><span class="o">(</span><span class="n">InputStream</span> <span class="n">in</span><span class="o">)</span> <span class="o">{</span>
<span class="o">...</span> <span class="c1">// Full source omitted. See sample.</span>
<span class="o">}</span>
</pre></div></div>
</div>
</article>
</div>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-nav">
<nav class="md-footer-nav__inner md-grid">
<a href="../interceptors/" title="Interceptors" class="md-flex md-footer-nav__link md-footer-nav__link--prev" rel="prev">
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-back md-footer-nav__button"></i>
</div>
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Previous
</span>
Interceptors
</span>
</div>
</a>
<a href="../events/" title="Events" class="md-flex md-footer-nav__link md-footer-nav__link--next" rel="next">
<div class="md-flex__cell md-flex__cell--stretch md-footer-nav__title">
<span class="md-flex__ellipsis">
<span class="md-footer-nav__direction">
Next
</span>
Events
</span>
</div>
<div class="md-flex__cell md-flex__cell--shrink">
<i class="md-icon md-icon--arrow-forward md-footer-nav__button"></i>
</div>
</a>
</nav>
</div>
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-footer-copyright">
<div class="md-footer-copyright__highlight">
Copyright &copy; 2019 Square, Inc.
</div>
powered by
<a href="https://www.mkdocs.org">MkDocs</a>
and
<a href="https://squidfunk.github.io/mkdocs-material/">
Material for MkDocs</a>
</div>
</div>
</div>
</footer>
</div>
<script src="../assets/javascripts/application.245445c6.js"></script>
<script>app.initialize({version:"1.0.4",url:{base:".."}})</script>
</body>
</html>
View Git Blame Copy Permalink