Pinning Support for Volley

[ajinabraham]

Is there some way i can add SSL pinning support to volley(http://developer.android.com/training/volley/index.html).

[DirtyJerz]

Did you ever figure this out?

[ajinabraham]

As of now what I do as a workaround is to run a separate thread every 30 seconds which will send a Pinned request using Android's native SSL library. So if anything goes wrong, It will kill the app.

Here is the Sample code.
try {
String[] pins = "pin_here";
URL url = new URL("URL_here");
HttpsURLConnection connection = PinningHelper.getPinnedHttpsURLConnection(getBaseContext(), pins, url);
byte[] data = new byte[4096];
connection.getInputStream().read(data);
YLog.i("SSL", "Success " + new String(data));
}
catch (SSLKeyException e) {
android.os.Process.killProcess(android.os.Process.myPid());
}
catch (SSLHandshakeException e) {
android.os.Process.killProcess(android.os.Process.myPid());
}
catch (SSLProtocolException e) {
android.os.Process.killProcess(android.os.Process.myPid());
}
catch (SSLPeerUnverifiedException e) {
android.os.Process.killProcess(android.os.Process.myPid());
}
catch (IOException ioe) {
YLog.i("SSL", "IOException: Not Success: " + ioe.getMessage().toString());
} catch (StringIndexOutOfBoundsException sio) {
YLog.i("SSL", "StringIndexOutOfBoundsException: Not Success: " + sio.getMessage().toString());
}
catch (Exception e) {
YLog.i("SSL", "Exception: Not Success: " + e.getMessage().toString());
}

[DirtyJerz]

Ah ok, your volley request queue is using the default http stack which uses the singleton. My volley instance is using Okhttp. OkHttp creates it's own httpclient (separate ssl context). I think all I need to do is to set the SSLSocketFactory for the OkHttpClient befor passing it to the volley.newRequestQueue.