HttpClient: Allow certificate pinning.

2025-07-21 01:39:51 +00:00 · 2016-11-23 20:11:41 +01:00 · 2016-11-23 20:11:41 +01:00 · d9fe9374df
commit d9fe9374df
parent 07af91b997
1 changed files with 16 additions and 3 deletions
--- a/enabler/src/de/schildbach/pte/util/HttpClient.java
+++ b/enabler/src/de/schildbach/pte/util/HttpClient.java
@ -46,6 +46,7 @@ import de.schildbach.pte.exception.SessionExpiredException;
 import de.schildbach.pte.exception.UnexpectedRedirectException;

 import okhttp3.Call;
+import okhttp3.CertificatePinner;
 import okhttp3.Cookie;
 import okhttp3.Headers;
 import okhttp3.HttpUrl;
@ -68,6 +69,8 @@ public final class HttpClient {
    private String sessionCookieName = null;
    @Nullable
    private Cookie sessionCookie = null;
+    @Nullable
+    private CertificatePinner certificatePinner = null;
    private boolean sslAcceptAllHostnames = false;

    private static final OkHttpClient OKHTTP_CLIENT;
@ -108,6 +111,10 @@ public final class HttpClient {
        this.sessionCookieName = sessionCookieName;
    }

+    public void setCertificatePin(final String host, final String... hashes) {
+        this.certificatePinner = new CertificatePinner.Builder().add(host, hashes).build();
+    }
+
    public void setSslAcceptAllHostnames(final boolean sslAcceptAllHostnames) {
        this.sslAcceptAllHostnames = sslAcceptAllHostnames;
    }
@ -175,10 +182,16 @@ public final class HttpClient {
                request.header("Cookie", sessionCookie.toString());

            final OkHttpClient okHttpClient;
-            if (sslAcceptAllHostnames)
-                okHttpClient = OKHTTP_CLIENT.newBuilder().hostnameVerifier(SSL_ACCEPT_ALL_HOSTNAMES).build();
-            else
+            if (certificatePinner != null || sslAcceptAllHostnames) {
+                final OkHttpClient.Builder builder = OKHTTP_CLIENT.newBuilder();
+                if (certificatePinner != null)
+                    builder.certificatePinner(certificatePinner);
+                if (sslAcceptAllHostnames)
+                    builder.hostnameVerifier(SSL_ACCEPT_ALL_HOSTNAMES);
+                okHttpClient = builder.build();
+            } else {
                okHttpClient = OKHTTP_CLIENT;
+            }

            final Call call = okHttpClient.newCall(request.build());
            Response response = null;