Reputation: 102205
Android: HttpsUrlConnection and Pinset Example
I was watching Google I/O 2012's Security and Privacy in Android Apps. At around 37:55, Kenny Root talks about certificate pinning and tells us to visit the docs for HttpsUrlConnection to see how to use a pinset.
Unfortunately my Google-fu is off again, and I can't seem to locate the example (locally or on the web). Searching for "httpsurlconnection pinset example" returned 0 hits. Would anyone happen to have a link or example of using HttpsUrlConnection with a pinset?
For those who do not pin, pinning is a whitelist of expected server certifcates (possibly thumbprints). It remediates a lot of infrastructure issues created by carriers, telcos, handset OEMs, CAs, subordinate CA certifcates (including proxies), ISPs, and DNS providers.
Jeff
Upvotes: 0
Views: 2549
Answers (1)
Reputation: 2042
Visit the Android documentation on HttpsURLConnection and read the section entitled "Providing an application specific X509TrustManager" for the sample code.
Note you'll have to make a Keystore file containing your certificates. You can do this with the "keytool" command that ships with the JDK:
keytool -import -trustcacerts -alias myca -file myca.crt -keystore myca.jks
Upvotes: 1
Related Questions
- Android SSL Certificate pinning
- Android SSL certificate pinning with retrofit
- Certificate pinning for websockets in android
- How to connect to a https URL using HttpsURLConnection
- Certificate Pinning on Android with Robospice
- HttpsURLconnection to post and get in Android
- SSL Pinning Certificate
- Requesting https using HttpURLConnection
- Android - HttpsURLConnection not working
- Using HttpURLConnection and HttpsURLConnection to connect to an https?