Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Retrofit with OKHTTP3 certification pinning

Tags:

android

ssl

retrofit

okhttp3

certificate-pinning

I am using Retrofit 1.9 with OKHTTP3 client and I am trying to add certification pinning. Below is the relevant code:

String hostname = "xxxxxx.xx";

CertificatePinner certificatePinner = new CertificatePinner.Builder()
    .add(hostname, "sha1/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=")
    .build();

OkHttpClient client = new OkHttpClient.Builder()
     .certificatePinner(certificatePinner)
     .build();

return new RestAdapter.Builder()
     .setRequestInterceptor(request -> {
         request.addHeader("CONTENT-TYPE", "application/json");
     })
     .setEndpoint("https://xxxxxxxxxxxx").
     .setClient(new Ok3Client(client))
     .build();

Unfortunately it doesn't seem to be working. I don't have the

"javax.net.ssl.SSLPeerUnverifiedException: Certificate pinning failure!"

exception and even my host or SHA is incorrect. Can anyone explain why?

like image 312
Leśniakiewicz Avatar asked Dec 14 '16 10:12

Leśniakiewicz

People also ask

What is Dynamic SSL pinning?

The SSL pinning (or public key, or certificate pinning) is a technique mitigating Man-in-the-middle attacks against the secure HTTPS communication. The typical Android solution is to bundle the hash of the certificate, or the exact data of the certificate into the application.

Why do we pin a certificate?

What Are the Benefits? Certificate pinning offers enhanced control for organizations that wish to custom-design certificate-based authentication and encryption security directly into their online applications and mobile applications.

How does SSL pinning work android?

SSL pinning is a process of associating a host with their expected X509 certificate or public key. Once a certificate or public key is known or seen for a host, the certificate or public key is associated or 'pinned' to the host.

1 Answers

A couple things to check, since you've redacted the parts were mistakes are common, I can't tell for certain if these are you issue, but both mistakes will cause no pinning with no logs.

1) For hostname in your CertificatePinner, make sure it is just the host name, like "www.example.com", and not a url "https://www.example.com".
2) For .setEndpoint("xxxxxxxxxxxx"), make sure you endpoint is https, there are no certs checked on http so no logs.

like image 116
iagreen Avatar answered Nov 05 '22 16:11

iagreen
Sign in to Comment

Related questions

How to specify icons in manifest.json?
How to implement an app using OBD2 (ELM327) like Torque in android?
Unable to start unbound service inside of Android JUnit 4 instrumented test
Is there any way to run PHP on Android [closed]
My images changing during scroll in listview android
React native ScrollView keyboardShouldPersistTaps not working Android
How can I pass multiple arguments via xml for a custom setter when using Android data binding
Android TabLayout select first Tab on Startup
java.lang.NoClassDefFoundError: ayc for InterstitialAd
Unable to get URI from storage reference on Firebase
Multiple warnings when building using Proguard
`setEnterTransition` only works with `ActivityCompat.startActivity`
Linphone Android implementation example
not receiving firebase notification from console
RuntimeException Content has view with id attribute 'android.R.id.list_container' that is not a ViewGroup class
How to create local notification in react native and android
Custom marker with user image inside the pin
Know if the app received the notification from server side
Android tests BuildConfig field
What is the use of Singleton class in Volley

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!