Skip to content

Instantly share code, notes, and snippets.

@jinal90
jinal90 / TrustStoreAndSslSocketFactory
Last active May 25, 2020 07:57
Code snippet to demonstrate implementation of network calls and SSL pinning using TrustStore and SSL socket factory in Android
// get the TrustStore that you just placed in resources
val resourceStream = resources.openRawResource(R.raw.your_trust_store)
// create an empty default KeyStore
val keyStoreType = KeyStore.getDefaultType()
val keyStore = KeyStore.getInstance(keyStoreType)
// load the KeyStore from input stream of TrustStore
keyStore.load(resourceStream, getTrustStorePassword()?.toCharArray())
@jinal90
jinal90 / OkhttpAndCertificatePinner
Last active May 25, 2020 08:15
Code Snippet to implement SSL pinning using SHA256 key and CertificatePinner in OKHTTP
// Create CertificatePinner object which contatins list of domains and associated SHA-256 keys.
// Pin this CertificatePinner object while creating the OKHTTP client.
private val client = OkHttpClient.Builder()
.certificatePinner(
CertificatePinner.Builder()
.add("www.example.com", "sha256/7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=")
.build())
.build()
// Implement rest service call
@jinal90
jinal90 / SSLPinningWithRetrofit
Created May 20, 2020 21:22
Code snippet to explain implementation of SSL pinning in Retrofit.
Retrofit retrofit = new Retrofit.Builder()
.baseUrl("https://www.example.com")
.client(okHttpClientWithCertificatePinner)
.build();
YourServiceClass service = retrofit.create(YourServiceClass.class);
@jinal90
jinal90 / AlamofireAndServerTrustPolicies
Created May 22, 2020 21:23
Code snippet to explain a SSL pinning Alamofire and Server trust policy.
// 1. Basic configuration for creating Alamofire manager
let configuration = URLSessionConfiguration.default
configuration.httpAdditionalHeaders = SessionManager.defaultHTTPHeaders
configuration.timeoutIntervalForRequest = 60
var serverTrustPolicies: [String: ServerTrustPolicy] = [:]
// 2. Pass your certificate filename, type and directory path to load the cefrtificate
guard let certificatePath = Bundle.main.path(forResource: "CertificateFileName", ofType: "der", inDirectory: "assets/certificate") else{
@jinal90
jinal90 / urlSessionDelegate
Last active May 24, 2020 20:53
Code snippet to demonstrate URLSessionDelegate
class MyViewController: UIViewController, URLSessionDelegate {
//
// MARK: - Constants
//
let pinnedCertificates: [Data] = {
let url = Bundle.main.url(forResource: "certificate_name", withExtension: "der")!
let data = try! Data(contentsOf: url)
return [data]
}()
@jinal90
jinal90 / urlSessionNetworkCall
Created May 24, 2020 21:17
Code snippet to demonstrate simple network call using URLSession in swift.
var dataTask: URLSessionDataTask?
if var urlComponents = URLComponents(string: "https://www.example.com") {
urlComponents.query = "paramKey=value"
guard let url = urlComponents.url else {
return
}
var defaultSession = URLSession(configuration: .default, delegate: self, delegateQueue: nil)
dataTask = defaultSession.dataTask(with: url) { [weak self] data, response, error in
@jinal90
jinal90 / urlSessionDelegateAndPinning
Created May 24, 2020 21:29
Certificate comparison to confirm secure SSL handshake using URLSession delegate
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
if let trust = challenge.protectionSpace.serverTrust,
SecTrustGetCertificateCount(trust) > 0 {
if let certificate = SecTrustGetCertificateAtIndex(trust, 0) {
let data = SecCertificateCopyData(certificate) as Data
if certificates.contains(data) {
completionHandler(.useCredential, URLCredential(trust: trust))
return
}