Created
June 26, 2017 06:23
-
-
Save omerlh/8ddafbcffc1cc95854d6381ac8c81476 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import com.datatheorem.android.trustkit.TrustKit; | |
| import com.datatheorem.android.trustkit.config.PublicKeyPin; | |
| import javax.inject.Inject; | |
| import okhttp3.CertificatePinner; | |
| import okhttp3.OkHttpClient; | |
| public class OkHttpCertPin { | |
| private final TrustKit mTrustKit; | |
| @Inject | |
| public OkHttpCertPin(TrustKit trustKit) | |
| { | |
| mTrustKit = trustKit; | |
| } | |
| public OkHttpClient extend(OkHttpClient currentClient, String hostName) { | |
| CertificatePinner.Builder certificatePinnerBuilder = new CertificatePinner.Builder(); | |
| for (PublicKeyPin key : mTrustKit.getConfiguration().getPolicyForHostname(hostName).getPublicKeyPins()) { | |
| certificatePinnerBuilder.add(hostName, "sha256/" + key.toString()); | |
| } | |
| return currentClient.newBuilder().certificatePinner(certificatePinnerBuilder.build()).build(); | |
| } | |
| } |
In order to match with @omerlh gist, here's the MainActivity.java for react native to use SSL Pinning on Android
Using RN 0.51 with Axios
package com.yourpackage;
import android.os.Bundle;
import com.facebook.react.ReactActivity;
import com.datatheorem.android.trustkit.TrustKit;
import com.facebook.react.modules.network.OkHttpClientProvider;
import okhttp3.OkHttpClient;
public class MainActivity extends ReactActivity {
private String hostname = "your.server.com";
private OkHttpClient currentClient;
/**
* Returns the name of the main component registered from JavaScript.
* This is used to schedule rendering of the component.
*/
@Override
protected String getMainComponentName() {
return "YourApp";
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
TrustKit.initializeWithNetworkSecurityConfiguration(this, R.xml.network_security_config);
currentClient = new OkHttpClient().newBuilder()
.sslSocketFactory(TrustKit.getInstance().getSSLSocketFactory(hostname), TrustKit.getInstance().getTrustManager(hostname))
.build();
rebuildOkHtttp();
}
private void rebuildOkHtttp() {
OkHttpCertPin certPin = new OkHttpCertPin(TrustKit.getInstance());
OkHttpClient replacementClient = certPin.extend(currentClient, hostname);
OkHttpClientProvider.replaceOkHttpClient(replacementClient);
}
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@cihadturhan I think RN fetch API uses XmlHttpRequest, haven't had a look at that, and axios does use it. In any case, this works for okhttp3 in android and the corresponding in iOS (I'm not much of an iOS developer).
@karthiganesan90 yes, it does not work anymore, not like that at least, depending on the version of RN you are using.
0.54 adds back this ability through OkHttpClientFactory. I did something like this:
OkHttpClientProvider.setOkHttpClientFactory(new CustomClientFactory());
then in your factory class, override method createNewNetworkModuleClient() and you'll be able to feed the client you need to the networking module, responsible for networking.