macif-dev / ssl_pinning_plugin Goto Github PK

ssl_pinning_plugin: ^1.5.0

try {
var check = await SslPinningPlugin.check(serverURL: endpoint, headerHttp: new Map(), sha: SHA.SHA256, allowedSHAFingerprints: shaList, timeout : 50);
return check.contains("CONNECTION_SECURE");
} catch(e) {
print("Error $e");
return false;
}

i tried and get error

in iOS => MissingPluginException(No implementation found for method check on channel ssl_pinning_plugin)

anybody help me please?

My dartlang application performs network requests like this:

Future<List<int>> streamToBytes(Stream<List<int>> stream) => stream
        .fold(new BytesBuilder(), (BytesBuilder bytesBuilder, List<int> bytes) {
      bytesBuilder.add(bytes);
      return bytesBuilder;
    }).then((BytesBuilder bytesBuilder) => bytesBuilder.takeBytes());

final HttpClient client = new HttpClient();
Map<String, String> headers = Map.from(headers);
final HttpClientRequest request = await client.postUrl(url);
request.headers.set('user-agent', userAgent));
request.headers.contentLength = bytes.length;
request.add(bytes);
final HttpClientResponse response = await request.close();
final List<int> bytes = await streamToBytes(response);
return new HttpResponse(response.statusCode, response.reasonPhrase,
        response.headers.value(HttpHeaders.contentTypeHeader) ?? '', bytes);

Please add a way to check the certificate used by such requests, to protect the data sent and received by the app.

Getting the following log output on flutter packages get:

The plugin `ssl_pinning_plugin` is built using an older version of the Android plugin API which assumes that it's running in a full-Flutter environment. It may have undefined behaviors when Flutter is integrated into an existing app as a module.
The plugin can be updated to the v2 Android Plugin APIs by following https://flutter.dev/go/android-plugin-migration.

We are facing the crash since yesterday on live application. Please check the logs @us3soap @adsellor

• Operating system Version: 6.0.1
• Plugin version: 1.5.0

Fatal Exception: java.lang.NoClassDefFoundError: c.f.a.a.a$c
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.checkConnexion(SslPinningPlugin.java)
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.onMethodCall(SslPinningPlugin.java)
at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler.getStackTrace(MethodChannel.java)
at io.flutter.embedding.engine.dart.DartMessenger.handleError(DartMessenger.java)
at io.flutter.embedding.engine.FlutterJNI.handlePlatformMessage(FlutterJNI.java)
at android.os.MessageQueue.nativePollOnce(MessageQueue.java)
at android.os.MessageQueue.next(MessageQueue.java:323)
at android.os.Looper.loop(Looper.java:141)
at android.app.ActivityThread.main(ActivityThread.java:5603)
at java.lang.reflect.Method.invoke(Method.java)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:774)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:652)

From the description of the package is not clear if the SHA-256 fingerprint can also be the SHA-256 of the public key of the certificate. I was wondering if this designed to work for public key pinning as well?

Either way I would suggest to state it in the package description also for clarity :)

New project with main.dart from example doesn't work when check button is pressed for any https site/fingerprint.

Error returned:

MissingPluginException(No implementation found for method close on channel ssl_pinning_plugin)

$ flutter doctor
Doctor summary (to see all details, run flutter doctor -v):
[√] Flutter (Channel stable, v1.17.3, on Microsoft Windows [versão
    10.0.18363.900], locale pt-BR)

[√] Android toolchain - develop for Android devices (Android SDK version
    30.0.0-rc2)
[√] Android Studio (version 4.0)
[√] VS Code (version 1.37.0)
[√] Connected device (1 available)

• No issues found!

Here is the latest version of ssl_pining_plugin.pubspec

Pod::Spec.new do |s|
  s.name             = 'ssl_pinning_plugin'
  s.dependency 'CryptoSwift'
  s.ios.deployment_target = '8.0'
end

And according the CHANGELOG of CryptoSwift, the minimum deployment target is iOS9.0.

Therefore I can't build app successfully.

Could you please bump s.ios.deployment.target to '9.0' or specify version constraint of CryptoSwift?

Thanks.

The network_security_config.xml file in Android only supports SHA-256 certificate fingerprints. Can you add a way to use either SHA-1 or SHA-256 fingerprints?

I got this log in firebase crashlytics.

SslPinningPlugin.java
com.macif.plugin.sslpinningplugin.SslPinningPlugin.handleCheckEvent

Triggered ANR - Root blocking

main (waiting): tid=1 systid=7551
at sun.misc.Unsafe.park(Unsafe.java)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:190)
at java.util.concurrent.CompletableFuture$Signaller.block(CompletableFuture.java:1723)
at java.util.concurrent.ForkJoinPool.managedBlock(ForkJoinPool.java:3446)
at java.util.concurrent.CompletableFuture.waitingGet(CompletableFuture.java:1752)
at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1923)
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.handleCheckEvent(SslPinningPlugin.java)
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.onMethodCall(SslPinningPlugin.java)
at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler.onMessage(MethodChannel.java)
at io.flutter.embedding.engine.dart.DartMessenger.handleMessageFromDart(DartMessenger.java)
at io.flutter.embedding.engine.FlutterJNI.handlePlatformMessage(FlutterJNI.java)
at android.os.MessageQueue.nativePollOnce(MessageQueue.java)
at android.os.MessageQueue.next(MessageQueue.java:339)
at android.os.Looper.loop(Looper.java:208)
at android.app.ActivityThread.main(ActivityThread.java:8218)
at java.lang.reflect.Method.invoke(Method.java)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:626)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1016)

This happened mostly in android 11 and 12

Anyone can help me with this issue? Thank you very much

We have implement ssl pinning web server https://test.link.com It will automatically renew the certificate in (one year) when certificate expired. is there any way to re new ssl pining in live applications automatically.

It looks like version 1.0 version has Dart 2 support, but it doesn't look like it was released to the Pub site: https://pub.dev/packages/ssl_pinning_plugin#-installing-tab-

Are there plans to release 1.0?

Hi, I am getting below error. can you please assist quickly on this. Thanks in advance.

Invalid plugin specification ssl_pinning_plugin.
Cannot find the flutter.plugin.platforms key in the pubspec.yaml file. An instruction to format the pubspec.yaml can be found here: https://flutter.dev/docs/development/packages-and-plugins/developing-packages#plugin-platforms

I got this error when check ssl pinning

ssl_pinning_plugin: 1.4.0
Android 6.0 or earlier

[ERROR:flutter/shell/platform/android/platform_view_android_jni_impl.cc(43)] java.lang.NoClassDefFoundError: com.macif.plugin.sslpinningplugin.SslPinningPlugin$handleCheckEvent$get$1

E/flutter (15888): at com.macif.plugin.sslpinningplugin.SslPinningPlugin.handleCheckEvent(SslPinningPlugin.kt:78)
E/flutter (15888): at com.macif.plugin.sslpinningplugin.SslPinningPlugin.onMethodCall(SslPinningPlugin.kt:57)
E/flutter (15888): at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler.onMessage(MethodChannel.java:233)
E/flutter (15888): at io.flutter.embedding.engine.dart.DartMessenger.handleMessageFromDart(DartMessenger.java:85)
E/flutter (15888): at io.flutter.embedding.engine.FlutterJNI.handlePlatformMessage(FlutterJNI.java:692)
E/flutter (15888): at android.os.MessageQueue.nativePollOnce(Native Method)
E/flutter (15888): at android.os.MessageQueue.next(MessageQueue.java:148)

Anyone can help me?

I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false

Thanks for this awesome plugin.

Do you have any plan to migrate to DART 2.12.0 (sound null safety)?