Is this android SSL pinning implementation correct

2019-02-03 16:59发布

问题:

I am getting this error in my logcat. I have implemented ssl pinning in my android application. I think I have done something wrong which is causing this error.

05-19 17:39:54.998: E/NativeCrypto(30908): ssl=0x5eefaf80 cert_verify_callback x509_store_ctx=0x5dbea940 arg=0x0

05-19 17:39:54.998: E/NativeCrypto(30908): ssl=0x5eefaf80 cert_verify_callback calling verifyCertificateChain authMethod=ECDHE_RSA

Following is my ssl pinning android code. Which works but throws the above mentioned error.

public static HttpClient getHttpClient(HttpParams params, Context context) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, KeyManagementException, UnrecoverableKeyException {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream caInput = context.getResources().openRawResource(R.raw.abc);
        Certificate ca;
        try {
            ca = cf.generateCertificate(caInput);
        } finally {
            try {
                caInput.close();
            } catch (IOException e) {
                Log.e("Error","Closing the cert file",e);
            }
        }

        String keyStoreType = KeyStore.getDefaultType();
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(null, null);
        keyStore.setCertificateEntry("ca", ca);

        SSLSocketFactory sf = new TrustSelectCertsSSLSocketFactory(keyStore,context);
        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        registry.register(new Scheme("https", sf, 443));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);

        DefaultHttpClient client = new DefaultHttpClient(ccm, params);
        DefaultHttpRequestRetryHandler defaultHttpRequestRetryHandler = new DefaultHttpRequestRetryHandler(0, false);
        client.setHttpRequestRetryHandler(defaultHttpRequestRetryHandler);
        return client;
}

TrustSelectCertSSLFactory.java code

public class TrustSelectCertSSLSocketFactory extends SSLSocketFactory {
SSLContext sslContext = SSLContext.getInstance("TLS");
public TrustSelectCertSSLFactory(KeyStore truststore, Context context) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException,
        UnrecoverableKeyException, CertificateException {
    super(truststore);
    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    tmf.init(truststore);
    sslContext.init(null, tmf.getTrustManagers(), null);
}

@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}

}

The code which calls the function getHttpClient

....
HttpClient client = getHttpClient(params,context);
....
httpResponse = client.execute(post);
....

Is my SSL pinning implementation correct and why is this error showing up in the logcat? If you need more details then please mention it in the comment section.

I searched on google but it's giving me solutions which are not solution to this problem. Is there something else I should look for?

link 1

link 2