CODEWITHSUNDEEP
securitycordova-pluginsmulti-device-hybrid-appssslcontextsslpinning
SARAN
SARAN

Reputation: 1

cordova-plugin-sslcertificatechecker always return me CONNECTION_NOT_SECURE Message

What I'm trying : I'm trying to implement SSL Pinning in Hybrid mobile app that comes with Angular 1.x + Cordova. I tried advance http plugin where my API call doesn't hit at all, not able to figure out why. The next try What I did is, using cordova-plugin-sslcertificatechecker. In this impl, even though I have the correct finger print from the certificate, It always goes to error block and thows messaage as "CONNECTION_NOT_SECURE". I dont know how or what else I can try...

Cordova - 12.0.0

angular - 1.6

Below is the snippet:

useCertificateChecker(): void {
    let server = 'xxx/api/';  
    let fingerprint = '545a098abdcdf93xxx-xxxx-7f3801240c98a4d54'; // took if via browser

    this.$ionicPlatform.ready(() => {
      if (this.$window.cordova) {
        (this.$window.plugins as any).sslCertificateChecker.check(successCallback, errorCallback, server, fingerprint);
      }

      function successCallback(message: any): any {
        alert(message);
        this.logger.info('initSslPinning inside useCertificateChecker');
        this.logger.warning('++++++++++++++++++++++++++++++++++++');
        this.logger.warning(message);
        this.logger.warning('++++++++++++++++++++++++++++++++++++');
        // Message is always: CONNECTION_SECURE.
        // Now do something with the trusted server.
      }

      function errorCallback(message: any): any {
        alert(message);
        this.logger.info('initSslPinning inside errorCallback');
        this.logger.warning('++++++++++++++++++++++++++++++++++++');
        this.logger.warning(message);
        this.logger.warning('++++++++++++++++++++++++++++++++++++');
        if (message === 'CONNECTION_NOT_SECURE') {
          // There is likely a man in the middle attack going on, be careful!
        } else if (message.indexOf('CONNECTION_FAILED') > -1) {
          // There was no connection (yet). Internet may be down. Try again (a few times) after a little timeout.
          this.logger.warning('CONNECTION_FAILED');
          this.logger.warning(message);
        }
      }
    });

I mentioned above the tries I did,

  1. cordova-advance-http I tried
  2. https://www.npmjs.com/package/cordova-plugin-sslcertificatechecker - trying with above piece of code

Upvotes: 0

Views: 48

Answers (0)

Related Questions