Skip to content

Instantly share code, notes, and snippets.

@develodroid
Last active July 5, 2016 18:41
Show Gist options
  • Save develodroid/f3b445bd63ba96fd1f5f238adc906a7e to your computer and use it in GitHub Desktop.
Save develodroid/f3b445bd63ba96fd1f5f238adc906a7e to your computer and use it in GitHub Desktop.
//start with a broken configuration:
String hostname = “publicobject.com”;
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add(hostname, “sha1/AAAAAAAAAAAAAAAAAAAAAAAAAAA=”)
.build();
OkHttpClient client = new OkHttpClient();
client.setCertificatePinner(certificatePinner);
Request request = new Request.Builder()
.url(“https://” + hostname)
.build();
client.newCall(request).execute();
//As expected, this fails with a certificate pinning exception:
javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!
Peer certificate chain:
sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=: CN=publicobject.com, OU=PositiveSSL
sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=: CN=COMODO RSA Domain Validation Secure Server CA
sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=: CN=COMODO RSA Certification Authority
sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=: CN=AddTrust External CA Root
Pinned certificates for publicobject.com:
sha1/AAAAAAAAAAAAAAAAAAAAAAAAAAA=
//Follow up by pasting the public key hashes from the exception into the certificate pinner’s configuration:
CertificatePinner certificatePinner = new CertificatePinner.Builder()
 .add(“publicobject.com”, “sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=”)
 .add(“publicobject.com”, “sha1/SXxoaOSEzPC6BgGmxAt/EAcsajw=”)
 .add(“publicobject.com”, “sha1/blhOM3W9V/bVQhsWAcLYwPU6n24=”)
 .add(“publicobject.com”, “sha1/T5x9IXmcrQ7YuQxXnxoCmeeQ84c=”)
 .build();
http://square.github.io/okhttp/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment