AndroidPinning
AndroidPinning copied to clipboard
moxie0
Pinning Support for Volley
Is there some way i can add SSL pinning support to volley(http://developer.android.com/training/volley/index.html).
As of now what I do as a workaround is to run a separate thread every 30 seconds which will send a Pinned request using Android's native SSL library. So if anything goes wrong, It will kill the app.
Here is the Sample code. try { String[] pins = "pin_here"; URL url = new URL("URL_here"); HttpsURLConnection connection = PinningHelper.getPinnedHttpsURLConnection(getBaseContext(), pins, url); byte[] data = new byte[4096]; connection.getInputStream().read(data); YLog.i("SSL", "Success " + new String(data)); } catch (SSLKeyException e) { android.os.Process.killProcess(android.os.Process.myPid()); } catch (SSLHandshakeException e) { android.os.Process.killProcess(android.os.Process.myPid()); } catch (SSLProtocolException e) { android.os.Process.killProcess(android.os.Process.myPid()); } catch (SSLPeerUnverifiedException e) { android.os.Process.killProcess(android.os.Process.myPid()); } catch (IOException ioe) { YLog.i("SSL", "IOException: Not Success: " + ioe.getMessage().toString()); } catch (StringIndexOutOfBoundsException sio) { YLog.i("SSL", "StringIndexOutOfBoundsException: Not Success: " + sio.getMessage().toString()); } catch (Exception e) { YLog.i("SSL", "Exception: Not Success: " + e.getMessage().toString()); }
Ah ok, your volley request queue is using the default http stack which uses the singleton. My volley instance is using Okhttp. OkHttp creates it's own httpclient (separate ssl context). I think all I need to do is to set the SSLSocketFactory for the OkHttpClient befor passing it to the volley.newRequestQueue.