Last active
November 16, 2019 11:45
-
-
Save aramezx/8e65608492a791adc7926f8939dfe7a2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* OkHttp lib provide a CertificatePinner class to be added to an OkHttpClient instance. | |
* The easiest way to pin a host is turn on pinning with a broken configuration and | |
* read the expected configuration when the connection fails. | |
*/ | |
CertificatePinner certificatePinner = new CertificatePinner.Builder() | |
.add("mydomain.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") | |
.build(); | |
OkHttpClient client = OkHttpClient.Builder() | |
.certificatePinner(certificatePinner) | |
.build(); | |
/* After a request is executed, you’ll see this message on the console: */ | |
javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure! | |
Peer certificate chain: | |
sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=mydomain.com, OU=PositiveSSL | |
sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA | |
sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority | |
sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root | |
Pinned certificates for mydomain.com: | |
sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= | |
at okhttp3.CertificatePinner.check(CertificatePinner.java) | |
at okhttp3.Connection.upgradeToTls(Connection.java) | |
at okhttp3.Connection.connect(Connection.java) | |
at okhttp3.Connection.connectAndSetOwner(Connection.java) | |
/* The exception will provide you the server’s certificate public key hashes. Paste them on the CertifinatePinner and done! ✔ */ | |
CertificatePinner certificatePinner = new CertificatePinner.Builder() | |
.add("mydomain.com", "sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=") | |
.add("mydomain.com", "sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=") | |
.add("mydomain.com", "sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=") | |
.add("mydomain.com", "sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=") | |
.build(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment