Moxie Marlinspike moxie0

## gist:1398973
$ wget http://bouncycastle.org/download/bcprov-jdk16-146.jar
$ keytool -importcert -file your_signing_certificate.pem -keystore yourapp.store -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storetype BKS

## gist:1398985
private InputStream makeRequest(Context context, URL url) {
  AssetManager assetManager       = context.getAssets();
  InputStream keyStoreInputStream = assetManager.open("yourapp.store");
  KeyStore trustStore             = KeyStore.getInstance("BKS");

  trustStore.load(keyStoreInputStream, "somepass".toCharArray());

  TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
  tmf.init(trustStore);

## gist:1398990
private Socket constructSSLSocket(Context context, String host, int port) {
  AssetManager assetManager        = context.getAssets();
  InputStream keyStoreInputStream  = assetManager.open("yourapp.store");
  KeyStore trustStore              = KeyStore.getInstance("BKS");

  trustStore.load(keyStoreInputStream, "somepass".toCharArray());

  SSLSocketFactory sslSocketFactory = new SSLSocketFactory(trustStore);
  sslSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);


## gist:1398993
$ git clone https://github.com/moxie0/AndroidPinning.git
$ cd AndroidPinning
$ python ./pin.py /path/to/cacert.pem

## gist:1398995
TrustManager[] trustManagers = new TrustManager[1];
trustManagers[0]             = new PinningTrustManager(new String[] {"f30012bbc18c231ac1a44b788e410ce754182513"});

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagers, null);

HttpsURLConnection urlConnection = (HttpsURLConnection)new URL("https://encrypted.google.com/").openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

InputStream in = urlConnection.getInputStream();
	$ wget http://bouncycastle.org/download/bcprov-jdk16-146.jar
	$ keytool -importcert -file your_signing_certificate.pem -keystore yourapp.store -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storetype BKS
	private InputStream makeRequest(Context context, URL url) {
	AssetManager assetManager = context.getAssets();
	InputStream keyStoreInputStream = assetManager.open("yourapp.store");
	KeyStore trustStore = KeyStore.getInstance("BKS");

	trustStore.load(keyStoreInputStream, "somepass".toCharArray());

	TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
	tmf.init(trustStore);
	private Socket constructSSLSocket(Context context, String host, int port) {
	AssetManager assetManager = context.getAssets();
	InputStream keyStoreInputStream = assetManager.open("yourapp.store");
	KeyStore trustStore = KeyStore.getInstance("BKS");

	trustStore.load(keyStoreInputStream, "somepass".toCharArray());

	SSLSocketFactory sslSocketFactory = new SSLSocketFactory(trustStore);
	sslSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
	$ git clone https://github.com/moxie0/AndroidPinning.git
	$ cd AndroidPinning
	$ python ./pin.py /path/to/cacert.pem
	TrustManager[] trustManagers = new TrustManager[1];
	trustManagers[0] = new PinningTrustManager(new String[] {"f30012bbc18c231ac1a44b788e410ce754182513"});

	SSLContext sslContext = SSLContext.getInstance("TLS");
	sslContext.init(null, trustManagers, null);

	HttpsURLConnection urlConnection = (HttpsURLConnection)new URL("https://encrypted.google.com/").openConnection();
	urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

	InputStream in = urlConnection.getInputStream();