Skip to content

Instantly share code, notes, and snippets.

@Prasanth-Shakti

Prasanth-Shakti/SSL_Pinning_For_Android.md

Last active September 3, 2023 03:46
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Prasanth-Shakti/2765f1d09873c7f573fde431b8024c03 to your computer and use it in GitHub Desktop.
Save Prasanth-Shakti/2765f1d09873c7f573fde431b8024c03 to your computer and use it in GitHub Desktop.
Download ZIP
React Native - SSL Pinning for Android
Raw
SSL_Pinning_For_Android.md

React Native - SSL Pinning for Android Using Okhttp

MainActivity.java

Add Headers

import com.example.app.OkHttpCertPin;
import android.os.Bundle;
import com.facebook.react.modules.network.OkHttpClientProvider;

MainActivity class

@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
OkHttpClientProvider.setOkHttpClientFactory(new OkHttpCertPin());
}

In the same folder as MainActivity create file OkHttpCertPin.java and add below:

package com.example.app;

import com.facebook.react.modules.network.OkHttpClientFactory;
import com.facebook.react.modules.network.OkHttpClientProvider;
import com.facebook.react.modules.network.ReactCookieJarContainer;

import java.util.concurrent.TimeUnit;
import okhttp3.CertificatePinner;
import okhttp3.OkHttpClient;

public class OkHttpCertPin implements OkHttpClientFactory {
private static String Hostname = "example.com";

@Override
public OkHttpClient createNewNetworkModuleClient() {
	CertificatePinner certificatePinner = new CertificatePinner.Builder()
	.add(Hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAA")       ----------------> this will be replaced with generated pin
	.build();

	OkHttpClient.Builder client = new OkHttpClient.Builder()
	.connectTimeout(0, TimeUnit.MILLISECONDS)
.readTimeout(0, TimeUnit.MILLISECONDS)
.writeTimeout(0, TimeUnit.MILLISECONDS)
.cookieJar(new ReactCookieJarContainer())
.certificatePinner(certificatePinner);

return OkHttpClientProvider.enableTls12OnPreLollipop(client).build();
}
}

Extracting the public key of a certificate

openssl s_client -servername example.com -connect example.com:443 | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64

Reference: [Implement the ssl pinning]

https://itnext.io/react-native-security-ssl-pinning-cde086210d58. https://www.madebymany.com/stories/a-year-of-react-native-ssl-pinning. https://medium.com/@jaedmuva/react-native-ssl-pinning-is-back-e317e6682642. https://johnnn.tech/q/react-native-getting-java-build-error-error-cannot-find-symbol/. ----> error because of com.package in okhttp

Reference:[Generate sha256 ssl pin certificate]

https://stackoverflow.com/questions/10175812/how-to-generate-a-self-signed-ssl-certificate-using-openssl. https://www.ssllabs.com/ssltest. ---> get the ssl pin from website. https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning#extracting_the_base64_encoded_public_key_information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment