Example 6 with Pin
use of okhttp3.CertificatePinner.Pin in project okhttp by square.
the class CallTest method matchingPinnedCertificate.
@Test
public void matchingPinnedCertificate() throws Exception {
enableTls();
server.enqueue(new MockResponse());
server.enqueue(new MockResponse());
// Make a first request without certificate pinning. Use it to collect certificates to pin.
Request request1 = new Request.Builder().url(server.url("/")).build();
Response response1 = client.newCall(request1).execute();
CertificatePinner.Builder certificatePinnerBuilder = new CertificatePinner.Builder();
for (Certificate certificate : response1.handshake().peerCertificates()) {
certificatePinnerBuilder.add(server.getHostName(), CertificatePinner.pin(certificate));
}
response1.body().close();
// Make another request with certificate pinning. It should complete normally.
client = client.newBuilder().certificatePinner(certificatePinnerBuilder.build()).build();
Request request2 = new Request.Builder().url(server.url("/")).build();
Response response2 = client.newCall(request2).execute();
assertNotSame(response2.handshake(), response1.handshake());
response2.body().close();
}
Also used :
MockResponse(okhttp3.mockwebserver.MockResponse)
MockResponse(okhttp3.mockwebserver.MockResponse)
RecordedRequest(okhttp3.mockwebserver.RecordedRequest)
Certificate(java.security.cert.Certificate)
HeldCertificate(okhttp3.internal.tls.HeldCertificate)
Test(org.junit.Test)
Example 7 with Pin
use of okhttp3.CertificatePinner.Pin in project okhttp by square.
the class CallTest method unmatchingPinnedCertificate.
@Test
public void unmatchingPinnedCertificate() throws Exception {
enableTls();
server.enqueue(new MockResponse());
// Pin publicobject.com's cert.
client = client.newBuilder().certificatePinner(new CertificatePinner.Builder().add(server.getHostName(), "sha1/DmxUShsZuNiqPQsX2Oi9uv2sCnw=").build()).build();
// When we pin the wrong certificate, connectivity fails.
Request request = new Request.Builder().url(server.url("/")).build();
try {
client.newCall(request).execute();
fail();
} catch (SSLPeerUnverifiedException expected) {
assertTrue(expected.getMessage().startsWith("Certificate pinning failure!"));
}
}
Also used :
MockResponse(okhttp3.mockwebserver.MockResponse)
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
RecordedRequest(okhttp3.mockwebserver.RecordedRequest)
Test(org.junit.Test)
Example 8 with Pin
use of okhttp3.CertificatePinner.Pin in project okhttp by square.
the class CertificatePinnerTest method sameKeypairSamePin.
/** Multiple certificates generated from the same keypair have the same pin. */
@Test
public void sameKeypairSamePin() throws Exception {
HeldCertificate heldCertificateA2 = new HeldCertificate.Builder().keyPair(certA1.keyPair).serialNumber("101").build();
String keypairACertificate2Pin = CertificatePinner.pin(heldCertificateA2.certificate);
HeldCertificate heldCertificateB2 = new HeldCertificate.Builder().keyPair(certB1.keyPair).serialNumber("201").build();
String keypairBCertificate2Pin = CertificatePinner.pin(heldCertificateB2.certificate);
assertTrue(certA1Sha256Pin.equals(keypairACertificate2Pin));
assertTrue(certB1Sha256Pin.equals(keypairBCertificate2Pin));
assertFalse(certA1Sha256Pin.equals(certB1Sha256Pin));
}
Also used :
HeldCertificate(okhttp3.internal.tls.HeldCertificate)
Test(org.junit.Test)
Aggregations
Test (org.junit.Test)8
Pin (okhttp3.CertificatePinner.Pin)4
HeldCertificate (okhttp3.internal.tls.HeldCertificate)2
MockResponse (okhttp3.mockwebserver.MockResponse)2
RecordedRequest (okhttp3.mockwebserver.RecordedRequest)2
Certificate (java.security.cert.Certificate)1
HashMap (java.util.HashMap)1
LinkedHashMap (java.util.LinkedHashMap)1
Map (java.util.Map)1
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)1
Request (okhttp3.Request)1
ResponseBody (okhttp3.ResponseBody)1
FieldMap (retrofit2.http.FieldMap)1
HeaderMap (retrofit2.http.HeaderMap)1
PartMap (retrofit2.http.PartMap)1
QueryMap (retrofit2.http.QueryMap)1
