sebkoller / certificate_pinning_httpclient Goto Github PK

License: MIT License

Java 12.21% Objective-C 24.11% Ruby 2.54% Dart 59.62% Kotlin 0.42% Swift 1.10%

certificate_pinning_httpclient's Introduction

certificate_pinning_httpclient

An implementation of an HttpClient with certificate pinning.

Pinning is done against SPKI (subject public key info) SHA-256 hashes. The client will download the certificates via a MethodChannel and cache them. All certificates with a matching SPKI hash will be used with a SecurityContext.

Usage

The client will log the SPKI hash of each certificate in the chain. Use this to get your hash. You can also get the hash with GnuTLS: gnutls-cli --print-cert example.com (look for the Public Key PIN).

import 'package:certificate_pinning_httpclient/certificate_pinning_httpclient.dart';

// with http
final client = IOClient(CertificatePinningHttpClient(
        ["S4kZuhQQ1DPcMOCYFQXD0gG+UW0zmyVx6roNWpRl65I="]));

// with Dio
final _dio = Dio();
(_dio.httpClientAdapter as IOHttpClientAdapter).onHttpClientCreate =
    (client) => CertificatePinningHttpClient(
        ["S4kZuhQQ1DPcMOCYFQXD0gG+UW0zmyVx6roNWpRl65I="]);

Disable logs for release builds:

import 'package:logger/logger.dart';

Logger.level = kDebugMode ? Level.debug : Level.nothing;

Credits

https://github.com/approov/approov-service-flutter-httpclient

certificate_pinning_httpclient's People

Contributors

Stargazers

Watchers

Forkers

mthongvanh bgulmez rocaforarnelo vamsi-kleargroup szugyi

certificate_pinning_httpclient's Issues

Getting syntax within the library when building

Hi,

I'm trying to run the package on Flutter 2.5.4. I'm not sure what the minimum version is since on pub.dev it says the minimum version is Dart 2.14. When trying to run my test app with this integrated, I get the following errors when I try to debug:

Public keys not matching across iOS and Android

The issue

Recently I found out that running the plugin on iOS and on Android gives different result for the public key list it finds for a given host. To verify my findings I was using this tool: https://www.ssllabs.com/ssltest/analyze.html?d=redmine.org

In the above URL redmine.org is specified as the domain we want to validate.
If we make a request to it on iOS with he given example application, the keys we will see in the logs are the following:

🐛 CertificatePinningHttpClient: Certificate chain for https://www.redmine.org/: jTAaQPE1JcVqOxPMZ4Bwke3KKYKVv+acRLCetrRp2yA=, CFtSlX6OU4eENrKNiHtx6zY8UV7/SoMM63hXbHdXgjs=, x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=

And on Android :

🐛 CertificatePinningHttpClient: Certificate chain for https://www.redmine.org/: jTAaQPE1JcVqOxPMZ4Bwke3KKYKVv+acRLCetrRp2yA=, CFtSlX6OU4eENrKNiHtx6zY8UV7/SoMM63hXbHdXgjs=

As you can see the first 2 keys match, but the 3rd key is missing on Android.

The reason

Some servers do not send the whole chain of certificates during SSL/TLS handshake to the client as the Root CA cert should be already installed in the clients Trust Store. This is the case for redmine.org as well.

This means that calling .getServerCertificates() on the HttpsURLConnection only includes the certificates and in turn we can only pin against the public key pins of the certificates that are sent by the server.

The solution

I created a patch that includes the Root CA certificate's public key pin, but only if it was not sent by the server. Will open a Pull request shortly.

macOS and Windows support

Hello,

Is there any chance for macOS and Windows support ? I am not familiar with swift and c++, so no chance to do it on my own.

Regards

iOS cocoapods install error and compile error due to unknown type

on flutter 3.0.5, i encountered two issues while building for iOS. when running pod install i received the following error:

    -> Fetching podspec for `certificate_pinning_httpclient` from `.symlinks/plugins/certificate_pinning_httpclient/ios`
    [!] The `certificate_pinning_httpclient` pod failed to validate due to 2 errors:
        - ERROR | attributes: Missing required attribute `homepage`.
        - ERROR | attributes: Missing required attribute `source`.

and after fixing that error, i hit another error when trying to build:

    ../../../.pub-cache/hosted/pub.dartlang.org/certificate_pinning_httpclient-0.0.1/lib/certificate_pinning_httpclient.dart:18:33: Error: Type 'Uint8List' not found.
      static final Map<String, List<Uint8List>?> _hostCertificates =
                                    ^^^^^^^^^
    ../../../.pub-cache/hosted/pub.dartlang.org/certificate_pinning_httpclient-0.0.1/lib/certificate_pinning_httpclient.dart:27:22: Error: Type 'Uint8List' not found.
      static Future<List<Uint8List>?> _getHostCertificates(Uri url) async {
                         ^^^^^^^^^
    ../../../.pub-cache/hosted/pub.dartlang.org/certificate_pinning_httpclient-0.0.1/lib/certificate_pinning_httpclient.dart:57:22: Error: Type 'Uint8List' not found.
      static Future<List<Uint8List>> _hostPinCertificates(
                         ^^^^^^^^^

output from flutter doctor -v

[✓] Flutter (Channel unknown, 3.0.5, on macOS 12.6 21G115 darwin-x64, locale en-US)
    • Flutter version 3.0.5 at /Users/michael/fvm/versions/3.0.5
    • Upstream repository unknown
    • Framework revision f1875d570e (5 months ago), 2022-07-13 11:24:16 -0700
    • Engine revision e85ea0e79c
    • Dart version 2.17.6
    • DevTools version 2.12.2

[✓] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
    • Android SDK at /Users/michael/Library/Android/sdk
    • Platform android-33, build-tools 30.0.3
    • Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
    • All Android licenses accepted.

[✓] Xcode - develop for iOS and macOS (Xcode 14.0)
    • Xcode at /Applications/Xcode1400.app/Contents/Developer
    • CocoaPods version 1.11.3

[✓] Chrome - develop for the web
    • Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome

[✓] Android Studio (version 2021.2)
    • Android Studio at /Applications/Android Studio.app/Contents
    • Flutter plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/9212-flutter
    • Dart plugin can be installed from:
      🔨 https://plugins.jetbrains.com/plugin/6351-dart
    • Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)

[✓] VS Code (version 1.73.1)
    • VS Code at /Applications/Visual Studio Code.app/Contents
    • Flutter extension version 3.54.0

[✓] Connected device (4 available)
    • iPhone 13 (mobile) • B5D33A2C-9768-466D-B184-E6810CF62B81 • ios            • com.apple.CoreSimulator.SimRuntime.iOS-15-0 (simulator)
    • macOS (desktop)    • macos                                • darwin-x64     • macOS 12.6 21G115 darwin-x64
    • Chrome (web)       • chrome                               • web-javascript • Google Chrome 108.0.5359.98

[✓] HTTP Host Availability
    • All required HTTP hosts are available

• No issues found!

#1 pull request submitted to fix these two issues

Get error type 'Null' is not a subtype of type '(Uri) => String' in type cast

Get error when load function when open app

example for httpclient

in pub.dev the example currently support for dio. does it support for HttpClient ? thank you