java - android java如何保护/保护我的硬编码密码

问题描述

我想做 CertPinning，用 clientcertificate 发送请求。为此，我需要将密码硬编码以在密钥库初始化中使用它：

keyManagerFactory.init(keyStore, Password.toCharArray());

我该如何保护它？

File pKeyFile;
InputStream caInput = new BufferedInputStream(OkHttpUtils.class.getClassLoader().getResourceAsStream("assets/acptamancli.pfx"));
String Password= "MyPassword!";
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("X509");
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// InputStream keyInput = new FileInputStream(caInput);
keyStore.load(caInput, Password.toCharArray());
caInput.close();
keyManagerFactory.init(keyStore, Password.toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
SSLSocketFactory sockFact = context.getSocketFactory();
con.setSSLSocketFactory(sockFact);
/* Send the request */
OutputStream outputStream = con.getOutputStream();
outputStream.write(requestParams.getBytes("UTF-8"));
outputStream.close();
InputStream inputStream;

if(comparePKeys) {
    // Check for errors
    int responseCode = con.getResponseCode();
    if (responseCode == HttpURLConnection.HTTP_OK) {
        inputStream = con.getInputStream();
    } else {
        inputStream = con.getErrorStream();
    }
} else{
    inputStream = con.getErrorStream();
}

// Process the response
InputStream is = inputStream;
int i;
BufferedReader reader;
String line = null;
reader = new BufferedReader(new InputStreamReader(inputStream));
String result =  reader.readLine();
inputStream.close();
callback.invoke(null, result);
} catch (Exception e) {
    e.printStackTrace();
}

标签： javaandroidreact-native