An Android Jitpack project written in Kotlin implementing dynamic SSL pinning.
The SSL pinning is a technique mitigating man-in-the-middle attacks against the secure HTTP communication, but has a drawback, the certificate's expiration date. This resolve this problem, implementing dynamic SSL pinning, providing easy to use fingerprint validation on the TLS handshake. The remote server must be the responsible to update the certificate(s).
Add the JitPack repository to your root build.gradle
at the end of repositories
allprojects {
repositories {
..
maven { url 'https://jitpack.io' }
}
}
Add the dependency
dependencies {
implementation 'com.github.Yoonit-Labs:android-yoonit-handshake:master-SNAPSHOT'
}
The current version of the library depends on
[Wultra SSL Pinning]
(https://github.com/wultra/ssl-pinning-android)
First, in the local.properties
, insert the public.key
and service.url
values.
class MainActivity : AppCompatActivity() {
private lateinit var handshake: Handshake
private val handshakeListener = object : HandshakeListener {
override fun continueExecution() {
Toast.makeText(applicationContext, "OK", Toast.LENGTH_LONG).show()
}
override fun handleFailedUpdate(type: String, result: String) {
Toast.makeText(applicationContext, result, Toast.LENGTH_LONG).show()
}
}
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
this.handshake = Handshake(applicationContext, handshakeListener)
update_fingerprint.setOnClickListener {
handshake.updateFingerprint(BuildConfig.PUBLIC_KEY, BuildConfig.URL)
}
}
}
Function | Parameters | Description |
---|---|---|
updateFingerprint | publicKey: String, serviceUrl: String |
Update the list of fingerprints from the remote server. The method is asynchronous. Response can get in the HandshakeListener interface. |
Event | Parameters | Description |
---|---|---|
continueExecution | The update fingerprint request success result. | |
handleFailedUpdate | type: String, result: String |
The update fail fingerprint request result. |
UpdateResult | Description |
---|---|
OK |
|
STORE_IS_EMPTY |
|
NETWORK_ERROR | There was an error in network communication with the server. |
INVALID_DATA | The update request returned invalid data from the server. |
INVALID_SIGNATURE | The update request returned data which did not pass the signature validation. |
Clone the repo, change what you want and send PR.
For commit messages we use Conventional Commits.
Contributions are always welcome!
Code with ❤ by the Cyberlabs AI Front-End Team