TrustKit Android
============
[![Build Status](https://app.bitrise.io/app/00f0a4139c34c45d/status.svg?token=A5sTczJBYGmt3oFXQJ5Ymw&branch=master)](https://app.bitrise.io/app/00f0a4139c34c45d#/builds)
[![API](https://img.shields.io/badge/API-15%2B-blue.svg?style=flat)](https://android-arsenal.com/api?level=15)
[![Version](https://img.shields.io/bintray/v/datatheoremoss/TrustKit-Android/trustkit.svg)](https://bintray.com/datatheoremoss/TrustKit-Android/trustkit)
[![MIT License](https://img.shields.io/github/license/datatheorem/trustkit-android.svg)](https://en.wikipedia.org/wiki/MIT_License)
[![Gitter chat](https://badges.gitter.im/datatheorem/gitter.png)](https://gitter.im/TrustKit/Lobby)
**TrustKit Android** is an open source library that makes it easy to deploy SSL public key pinning and reporting in any Android App.
If you need SSL pinning/reporting in your iOS App. we have also released **TrustKit for iOS and macOS** at [https://github.com/datatheorem/TrustKit](https://github.com/datatheorem/TrustKit).
Overview
--------
TrustKit Android works by extending the [Android N Network Security Configuration](https://developer.android.com/training/articles/security-config.html) in two ways:
* It provides support for the `<pin-set>` (for SSL pinning) and `<debug-overrides>` functionality of the Network Security Configuration to earlier versions of Android, down to API level 17. This allows Apps that support versions of Android earlier than N to implement SSL pinning in a way that is future-proof.
* It adds the ability to send reports when pinning validation failed for a specific connection. Reports have a format that is similar to the report-uri feature of [HTTP Public Key Pinning](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning) and [TrustKit iOS](https://github.com/datatheorem/trustkit).
For better compatibility, TrustKit will also run on API levels 15 and 16 but its functionality will be disabled.
Getting Started
----------------
* Read the [Getting Started guide](https://github.com/datatheorem/TrustKit-Android/blob/master/docs/getting-started.md).
* Check out the [API documentation](https://datatheorem.github.io/TrustKit-Android/documentation/).
* The [iOS version of TrustKit](https://github.com/datatheorem/TrustKit) was initially released at the Black Hat USA 2015 conference.
* Data Theorem provides a free dashboard for displaying statistics about all the reports sent by your app due to TLS or pinning validation failures. Enable your dashboard at [https://analytics.datatheorem.com/](https://analytics.datatheorem.com/).
Sample Usage
---------------
### Adding TrustKit as a Dependency
Add TrustKit to your project's _build.gradle_:
`implementation 'com.datatheorem.android.trustkit:trustkit:<last_version>'`
### Configuring a Pinning Policy
Deploying SSL pinning in the App requires initializing TrustKit with a pinning policy (domains, pins, and additional settings). The policy is wrapped in the official [Android N Network Security Configuration](https://developer.android.com/training/articles/security-config.html) i.e :
```xml
<!-- res/xml/network_security_config.xml -->
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<!-- Pin the domain www.datatheorem.com -->
<!-- Official Android N API -->
<domain-config>
<domain>www.datatheorem.com</domain>
<pin-set>
<pin digest="SHA-256">k3XnEYQCK79AtL9GYnT/nyhsabas03V+bhRQYHQbpXU=</pin>
<pin digest="SHA-256">2kOi4HdYYsvTR1sTIR7RHwlf2SescTrpza9ZrWy7poQ=</pin>
</pin-set>
<!-- TrustKit Android API -->
<!-- Do not enforce pinning validation -->
<trustkit-config enforcePinning="false">
<!-- Add a reporting URL for pin validation reports -->
<report-uri>http://report.datatheorem.com/log_report</report-uri>
</trustkit-config>
</domain-config>
<debug-overrides>
<trust-anchors>
<!-- For debugging purposes, add a debug CA and override pins -->
<certificates overridePins="true" src="@raw/debugca" />
</trust-anchors>
</debug-overrides>
</network-security-config>
```
### Initializing TrustKit with the Pinning Policy
The path to the XML policy should then be specified [in the App's manifest](https://developer.android.com/training/articles/security-config.html#manifest) in order to enable it as the App's [Network Security Configuration](https://developer.android.com/training/articles/security-config.html) on Android N:
```
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config"
... >
...
</application>
</manifest>
```
Then, TrustKit should be initialized with the same path:
```java
@Override
protected void onCreate(Bundle savedInstanceState) {
super.OnCreate(savedInstanceState);
// Using the default path - res/xml/network_security_config.xml
TrustKit.initializeWithNetworkSecurityConfiguration(this);
// OR using a custom resource (TrustKit can't be initialized twice)
TrustKit.initializeWithNetworkSecurityConfiguration(this, R.xml.my_custom_network_security_config);
URL url = new URL("https://www.datatheorem.com");
String serverHostname = url.getHost();
//Optionally add a local broadcast receiver to receive PinningFailureReports
PinningValidationReportTestBroadcastReceiver receiver = new PinningValidationReportTestBroadcastReceiver();
LocalBroadcastManager.getInstance(context)
.registerReceiver(receiver, new IntentFilter(BackgroundReporter.REPORT_VALIDATION_EVENT));
// HttpsUrlConnection
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(TrustKit.getInstance().getSSLSocketFactory(serverHostname));
// OkHttp 2.x
OkHttpClient client =
new OkHttpClient()
.setSSLSocketFactory(TrustKit.getInstance().getSSLSocketFactory(serverHostname));
// OkHttp 3.0.x, 3.1.x and 3.2.x
OkHttpClient client =
new OkHttpClient.Builder()
.sslSocketFactory(TrustKit.getInstance().getSSLSocketFactory(serverHostname))
// OkHttp 3.3.x and higher
OkHttpClient client =
new OkHttpClient().newBuilder()
.sslSocketFactory(TrustKit.getInstance().getSSLSocketFactory(serverHostname),
TrustKit.getInstance().getTrustManager(serverHostname))
.build();
}
class PinningFailureReportBroadcastReceiver extends BroadcastReceiver {
@Override
public void onReceive(Context context, Intent intent) {
PinningFailureReport report = (PinningFailureReport) intent.getSerializableExtra(BackgroundReporter.EXTRA_REPORT);
}
}
```
Once TrustKit has been initialized and the client or connection's `SSLSocketFactory` has been set, it will verify the server's certificate chain against the configured pinning policy whenever an HTTPS connection is initiated. If a report URI has been configured, the App will also send reports to the specified URI whenever a pin validation failure occurred.
You can also create and register local broadcast receivers to receive the same certificate pinning error reports that would be sent to the report_uris.
Limitations
----------
On Android N devices, TrustKit uses the OS's implementation of pinning, and it is not affected by the following limitations.
On Android M and earlier devices, TrustKit provides uses its own implementation of pinning that is mostly-compatible with Android N's pinning behavior. However, in order to keep the code base as simple as possible, it has the following limitations:
* The pinning policy will only be applied to connections that were configured to use a TrustKit-provided `SSLSocketFactory` or `X509TrustManager`.
* The `SSLSocketFactory` or `X509TrustManager` provided by TrustKit can only be used for connections to the domain that was passed to the `getTrustManager()` and `getSSLSocketFactory()` methods. Hence, if a redirection to a different domain occurs, the new domain w
没有合适的资源?快使用搜索试试~ 我知道了~
TrustKit-Android,为Android提供简单的SSL固定验证和报告。.zip
共142个文件
java:40个
xml:29个
html:27个
需积分: 9 1 下载量 192 浏览量
2019-09-25
08:13:17
上传
评论
收藏 343KB ZIP 举报
温馨提示
trustkit android是一个开源库,可以在任何android应用程序中轻松部署ssl公钥锁定和报告。
资源推荐
资源详情
资源评论
收起资源包目录
TrustKit-Android,为Android提供简单的SSL固定验证和报告。.zip (142个子文件)
ATTRIBUTIONS 2KB
gradlew.bat 2KB
stylesheet.css 13KB
.gitignore 70B
.gitignore 7B
.gitignore 7B
.gitignore 7B
build.gradle 4KB
build.gradle 2KB
build.gradle 1KB
build.gradle 943B
settings.gradle 46B
gradlew 5KB
TrustKit.html 23KB
TrustKitConfiguration.html 11KB
TrustKitTrustManagerBuilder.html 10KB
help-doc.html 8KB
index-2.html 6KB
index-3.html 5KB
package-summary.html 5KB
package-summary.html 5KB
index-6.html 5KB
package-tree.html 5KB
package-tree.html 5KB
package-summary.html 5KB
index-5.html 4KB
index-4.html 4KB
package-tree.html 4KB
overview-summary.html 4KB
index-1.html 4KB
overview-tree.html 4KB
constant-values.html 4KB
deprecated-list.html 3KB
index.html 3KB
overview-frame.html 957B
package-frame.html 939B
package-frame.html 923B
package-frame.html 860B
allclasses-frame.html 683B
allclasses-noframe.html 663B
gradle-wrapper.jar 52KB
DomainValidator.java 92KB
SSLSocketFactoryTest.java 33KB
TrustKitConfigurationTest.java 20KB
TrustKit.java 18KB
DistinguishedNameParser.java 13KB
TrustKitConfigurationParser.java 13KB
DomainPinningPolicy.java 10KB
OkHostnameVerifier.java 9KB
PinningTrustManager.java 9KB
HttpLibrariesTest.java 8KB
RegexValidator.java 8KB
BackgroundReporterTest.java 7KB
ReportRateLimiterTest.java 7KB
CertificateUtils.java 5KB
PinningFailureReport.java 5KB
BackgroundReporter.java 5KB
BackgroundReporterTaskTest.java 5KB
DomainPinningPolicyTest.java 5KB
TrustKitConfiguration.java 4KB
DemoMainActivity.java 4KB
BackgroundReporterTask.java 4KB
TrustManagerBuilder.java 3KB
TrustKitTest.java 3KB
PublicKeyPinTest.java 3KB
DebugOverridesTrustManager.java 3KB
TestableTrustKit.java 2KB
SystemTrustManager.java 2KB
Utils.java 2KB
PublicKeyPin.java 2KB
ReportRateLimiter.java 2KB
VendorIdentifier.java 1KB
PinningFailureReportBroadcastReceiver.java 811B
TestableTrustKitConfiguration.java 703B
TestableBackgroundReporter.java 660B
VendorIdentifierTest.java 643B
PinningValidationResult.java 642B
TrustKitLog.java 435B
TestableTrustManagerBuilder.java 421B
TestableReportRateLimiter.java 260B
ConfigurationException.java 226B
script.js 827B
sample_report.json 9KB
DemoMainActivity.kt 4KB
PinningFailureReportBroadcastReceiver.kt 756B
LICENSE 1KB
README.md 9KB
getting-started.md 7KB
bug_report.md 579B
feature_request.md 560B
package-list 33B
cacertorg.pem 3KB
good.pem 1017B
ic_launcher_round.png 15KB
ic_launcher_round.png 10KB
ic_launcher.png 10KB
ic_launcher.png 9KB
ic_launcher.png 8KB
ic_launcher_round.png 7KB
ic_launcher.png 6KB
共 142 条
- 1
- 2
资源评论
weixin_38743968
- 粉丝: 404
- 资源: 2万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功