Moxie Marlinspike moxie0

## gist:1398995
TrustManager[] trustManagers = new TrustManager[1];
trustManagers[0]             = new PinningTrustManager(new String[] {"f30012bbc18c231ac1a44b788e410ce754182513"});

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagers, null);

HttpsURLConnection urlConnection = (HttpsURLConnection)new URL("https://encrypted.google.com/").openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

InputStream in = urlConnection.getInputStream();

## gist:1398993
$ git clone https://github.com/moxie0/AndroidPinning.git
$ cd AndroidPinning
$ python ./pin.py /path/to/cacert.pem

## gist:1398990
private Socket constructSSLSocket(Context context, String host, int port) {
  AssetManager assetManager        = context.getAssets();
  InputStream keyStoreInputStream  = assetManager.open("yourapp.store");
  KeyStore trustStore              = KeyStore.getInstance("BKS");

  trustStore.load(keyStoreInputStream, "somepass".toCharArray());

  SSLSocketFactory sslSocketFactory = new SSLSocketFactory(trustStore);
  sslSocketFactory.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);


## gist:1398985
private InputStream makeRequest(Context context, URL url) {
  AssetManager assetManager       = context.getAssets();
  InputStream keyStoreInputStream = assetManager.open("yourapp.store");
  KeyStore trustStore             = KeyStore.getInstance("BKS");

  trustStore.load(keyStoreInputStream, "somepass".toCharArray());

  TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
  tmf.init(trustStore);

## gist:1398973
$ wget http://bouncycastle.org/download/bcprov-jdk16-146.jar
$ keytool -importcert -file your_signing_certificate.pem -keystore yourapp.store -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-146.jar -storetype BKS