InspectSSLAfterConnect.java example

Explorer
j2objc-master
/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.Certificate;
import javax.net.ssl.HttpsURLConnection;

/**
 * Test that we can inspect the SSL session after connect().
 *
 * Move to here from the test suite, due to security concerns.
 */
public class InspectSSLAfterConnect {
  private static HttpsURLConnection connection;
  private static InputStream inputStream;
  private static Certificate[] certs;

  public static void main(String[] args) {
    try {
      connect();
      printSSLCertificates();
      printPublicKeysHexEncoded();
    } catch (Exception e) {
      e.printStackTrace();
    }
  }

  public static void connect() throws MalformedURLException, IOException {
    connection = (HttpsURLConnection) new URL("https://www.google.com").openConnection();
    connection.connect();
    inputStream = connection.getInputStream();
  }

  public static void printSSLCertificates() throws Exception {
    certs = connection.getServerCertificates();
    for (Certificate cert : certs) {
      System.out.println(cert.toString());
    }
  }

  // Tip: One way to do cross-platform public key/certificate pinning
  // is to add your public key pin set via your build.gradle BuildConfig params
  // e.g. BuildConfigField "String[]", "HTTPS_PINSET", "new String[] { ... }",
  // then compare it in runtime with the ones fetched from the server.
  // As a bonus you could also compare the salted MessageDigest (e.g. SHA-256) results.
  public static void printPublicKeysHexEncoded() {
    StringBuilder sb = new StringBuilder();
    for (Certificate cert : certs) {
      for (byte b : cert.getPublicKey().getEncoded()) {
        sb.append(String.format("%02X ", b));
      }
      sb.append("\n");
    }
    System.out.println(sb.toString());
  }
}