Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/codenameone/sslcertificatefingerprint

An API to check the fingerprint of an HTTPS server to prevent certificate pinning vulnerability for Codename One applications
https://github.com/codenameone/sslcertificatefingerprint

Last synced: 8 months ago
JSON representation

An API to check the fingerprint of an HTTPS server to prevent certificate pinning vulnerability for Codename One applications

Awesome Lists containing this project

README 

          
# SSL Certificate Fingerprint



Certificate pinning happens when an attacker can "fake" a server but do so with a certificate that is seamingly valid e.g. one that was obtained from a valid certificate authority. This is a difficult attack to execute and so the vulnerability isn't crucial for most applications unless you are targeting sensitive industries such as banking/government etc.



This API essentially validates that the connection to the server has the same "fingerprint" (certificate hash) as you had during the development of the application. Currently this API works in the simulator, desktop ports, iOS & Android. In other OS's `isSupported()` will return false.



Usage of the library is demonstrated in the `TestFingerprint` demo project within. To use the API just invoke:



````java

if(CheckCert.isCertCheckingSupported()) {

    String f = CheckCert.getFingerprint(myHttpsURL);

    if(validKeysList.contains(f)) {

        // OK it's a good certificate proceed

    } else {

       if(Dialog.show("Security Warning", "WARNING: it is possible your commmunications are being tampered! We suggest quitting the app at once!", "Quit", "Continue")) {

          Display.getInstance().exitApplication();

       }

    }

} else {

    // certificate fingerprint checking isn't supported on this platform... It's your decision whether to proceed or not

}

````