React Native - SSL Pinning for Android Using Okhttp
MainActivity.java
Add Headers
import com.example.app.OkHttpCertPin;
import android.os.Bundle;
import com.facebook.react.modules.network.OkHttpClientProvider;
MainActivity class
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
OkHttpClientProvider.setOkHttpClientFactory(new OkHttpCertPin());
}
In the same folder as MainActivity create file OkHttpCertPin.java and add below:
package com.example.app;
import com.facebook.react.modules.network.OkHttpClientFactory;
import com.facebook.react.modules.network.OkHttpClientProvider;
import com.facebook.react.modules.network.ReactCookieJarContainer;
import java.util.concurrent.TimeUnit;
import okhttp3.CertificatePinner;
import okhttp3.OkHttpClient;
public class OkHttpCertPin implements OkHttpClientFactory {
private static String Hostname = "example.com";
@Override
public OkHttpClient createNewNetworkModuleClient() {
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(Hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAA") ----------------> this will be replaced with generated pin
.build();
OkHttpClient.Builder client = new OkHttpClient.Builder()
.connectTimeout(0, TimeUnit.MILLISECONDS)
.readTimeout(0, TimeUnit.MILLISECONDS)
.writeTimeout(0, TimeUnit.MILLISECONDS)
.cookieJar(new ReactCookieJarContainer())
.certificatePinner(certificatePinner);
return OkHttpClientProvider.enableTls12OnPreLollipop(client).build();
}
}
Extracting the public key of a certificate
openssl s_client -servername example.com -connect example.com:443 | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64
Reference: [Implement the ssl pinning]
https://itnext.io/react-native-security-ssl-pinning-cde086210d58. https://www.madebymany.com/stories/a-year-of-react-native-ssl-pinning. https://medium.com/@jaedmuva/react-native-ssl-pinning-is-back-e317e6682642. https://johnnn.tech/q/react-native-getting-java-build-error-error-cannot-find-symbol/. ----> error because of com.package in okhttp
Reference:[Generate sha256 ssl pin certificate]
https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl. https://www.ssllabs.com/ssltest. ---> get the ssl pin from website. https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning#extracting_the_base64_encoded_public_key_information.