Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Issue #433: Fretboard: Certificate pinning #446
This pull request introduces certificate pinning. It adds a pinCertificates method to ExperimentSource with a set of base64-encoded SHA-256 of the certificate subject public key info.
The implementation first gets the list of trusted certificates as detailed, cleaning the certificate chain using X509TrustManagerExtensions as described here and here.
I also discovered there are libraries available such as TrustKit which replicate the behavior of Android N+ Network Security Configuration, but I decided against using it because it adds extra bloat to the library and also the user has to create an XML file and register it on the Manifest, I don't know if you have different opinion.
@@ Coverage Diff @@ ## master #446 +/- ## ============================================ - Coverage 77.33% 77.31% -0.03% - Complexity 955 966 +11 ============================================ Files 146 147 +1 Lines 3446 3478 +32 Branches 487 490 +3 ============================================ + Hits 2665 2689 +24 - Misses 534 540 +6 - Partials 247 249 +2