macif-dev / ssl_pinning_plugin Goto Github PK
View Code? Open in Web Editor NEWSSL Pinning Plugin Flutter
License: Apache License 2.0
SSL Pinning Plugin Flutter
License: Apache License 2.0
ssl_pinning_plugin: ^1.5.0
try {
var check = await SslPinningPlugin.check(serverURL: endpoint, headerHttp: new Map(), sha: SHA.SHA256, allowedSHAFingerprints: shaList, timeout : 50);
return check.contains("CONNECTION_SECURE");
} catch(e) {
print("Error $e");
return false;
}
i tried and get error
in iOS => MissingPluginException(No implementation found for method check on channel ssl_pinning_plugin)
anybody help me please?
My dartlang application performs network requests like this:
Future<List<int>> streamToBytes(Stream<List<int>> stream) => stream
.fold(new BytesBuilder(), (BytesBuilder bytesBuilder, List<int> bytes) {
bytesBuilder.add(bytes);
return bytesBuilder;
}).then((BytesBuilder bytesBuilder) => bytesBuilder.takeBytes());
final HttpClient client = new HttpClient();
Map<String, String> headers = Map.from(headers);
final HttpClientRequest request = await client.postUrl(url);
request.headers.set('user-agent', userAgent));
request.headers.contentLength = bytes.length;
request.add(bytes);
final HttpClientResponse response = await request.close();
final List<int> bytes = await streamToBytes(response);
return new HttpResponse(response.statusCode, response.reasonPhrase,
response.headers.value(HttpHeaders.contentTypeHeader) ?? '', bytes);
Please add a way to check the certificate used by such requests, to protect the data sent and received by the app.
Getting the following log output on flutter packages get
:
The plugin `ssl_pinning_plugin` is built using an older version of the Android plugin API which assumes that it's running in a full-Flutter environment. It may have undefined behaviors when Flutter is integrated into an existing app as a module.
The plugin can be updated to the v2 Android Plugin APIs by following https://flutter.dev/go/android-plugin-migration.
We are facing the crash since yesterday on live application. Please check the logs @us3soap @adsellor
Fatal Exception: java.lang.NoClassDefFoundError: c.f.a.a.a$c
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.checkConnexion(SslPinningPlugin.java)
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.onMethodCall(SslPinningPlugin.java)
at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler.getStackTrace(MethodChannel.java)
at io.flutter.embedding.engine.dart.DartMessenger.handleError(DartMessenger.java)
at io.flutter.embedding.engine.FlutterJNI.handlePlatformMessage(FlutterJNI.java)
at android.os.MessageQueue.nativePollOnce(MessageQueue.java)
at android.os.MessageQueue.next(MessageQueue.java:323)
at android.os.Looper.loop(Looper.java:141)
at android.app.ActivityThread.main(ActivityThread.java:5603)
at java.lang.reflect.Method.invoke(Method.java)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:774)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:652)
From the description of the package is not clear if the SHA-256 fingerprint can also be the SHA-256 of the public key of the certificate. I was wondering if this designed to work for public key pinning as well?
Either way I would suggest to state it in the package description also for clarity :)
New project with main.dart from example doesn't work when check button is pressed for any https site/fingerprint.
Error returned:
MissingPluginException(No implementation found for method close on channel ssl_pinning_plugin)
$ flutter doctor
Doctor summary (to see all details, run flutter doctor -v):
[√] Flutter (Channel stable, v1.17.3, on Microsoft Windows [versão
10.0.18363.900], locale pt-BR)
[√] Android toolchain - develop for Android devices (Android SDK version
30.0.0-rc2)
[√] Android Studio (version 4.0)
[√] VS Code (version 1.37.0)
[√] Connected device (1 available)
• No issues found!
Here is the latest version of ssl_pining_plugin.pubspec
Pod::Spec.new do |s|
s.name = 'ssl_pinning_plugin'
s.dependency 'CryptoSwift'
s.ios.deployment_target = '8.0'
end
And according the CHANGELOG of CryptoSwift, the minimum deployment target is iOS9.0.
Therefore I can't build app successfully.
Could you please bump s.ios.deployment.target
to '9.0' or specify version constraint of CryptoSwift?
Thanks.
The network_security_config.xml file in Android only supports SHA-256 certificate fingerprints. Can you add a way to use either SHA-1 or SHA-256 fingerprints?
I got this log in firebase crashlytics.
SslPinningPlugin.java
com.macif.plugin.sslpinningplugin.SslPinningPlugin.handleCheckEvent
Triggered ANR - Root blocking
main (waiting): tid=1 systid=7551
at sun.misc.Unsafe.park(Unsafe.java)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:190)
at java.util.concurrent.CompletableFuture$Signaller.block(CompletableFuture.java:1723)
at java.util.concurrent.ForkJoinPool.managedBlock(ForkJoinPool.java:3446)
at java.util.concurrent.CompletableFuture.waitingGet(CompletableFuture.java:1752)
at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1923)
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.handleCheckEvent(SslPinningPlugin.java)
at com.macif.plugin.sslpinningplugin.SslPinningPlugin.onMethodCall(SslPinningPlugin.java)
at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler.onMessage(MethodChannel.java)
at io.flutter.embedding.engine.dart.DartMessenger.handleMessageFromDart(DartMessenger.java)
at io.flutter.embedding.engine.FlutterJNI.handlePlatformMessage(FlutterJNI.java)
at android.os.MessageQueue.nativePollOnce(MessageQueue.java)
at android.os.MessageQueue.next(MessageQueue.java:339)
at android.os.Looper.loop(Looper.java:208)
at android.app.ActivityThread.main(ActivityThread.java:8218)
at java.lang.reflect.Method.invoke(Method.java)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:626)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1016)
This happened mostly in android 11 and 12
Anyone can help me with this issue? Thank you very much
We have implement ssl pinning web server https://test.link.com
It will automatically renew the certificate in (one year) when certificate expired. is there any way to re new ssl pining in live applications automatically.
It looks like version 1.0 version has Dart 2 support, but it doesn't look like it was released to the Pub site: https://pub.dev/packages/ssl_pinning_plugin#-installing-tab-
Are there plans to release 1.0?
Hi, I am getting below error. can you please assist quickly on this. Thanks in advance.
Invalid plugin specification ssl_pinning_plugin.
Cannot find the flutter.plugin.platforms
key in the pubspec.yaml
file. An instruction to format the pubspec.yaml
can be found here: https://flutter.dev/docs/development/packages-and-plugins/developing-packages#plugin-platforms
I got this error when check ssl pinning
ssl_pinning_plugin: 1.4.0
Android 6.0 or earlier
[ERROR:flutter/shell/platform/android/platform_view_android_jni_impl.cc(43)] java.lang.NoClassDefFoundError: com.macif.plugin.sslpinningplugin.SslPinningPlugin$handleCheckEvent$get$1
E/flutter (15888): at com.macif.plugin.sslpinningplugin.SslPinningPlugin.handleCheckEvent(SslPinningPlugin.kt:78)
E/flutter (15888): at com.macif.plugin.sslpinningplugin.SslPinningPlugin.onMethodCall(SslPinningPlugin.kt:57)
E/flutter (15888): at io.flutter.plugin.common.MethodChannel$IncomingMethodCallHandler.onMessage(MethodChannel.java:233)
E/flutter (15888): at io.flutter.embedding.engine.dart.DartMessenger.handleMessageFromDart(DartMessenger.java:85)
E/flutter (15888): at io.flutter.embedding.engine.FlutterJNI.handlePlatformMessage(FlutterJNI.java:692)
E/flutter (15888): at android.os.MessageQueue.nativePollOnce(Native Method)
E/flutter (15888): at android.os.MessageQueue.next(MessageQueue.java:148)
Anyone can help me?
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
I/System.out( 6497): (HTTPLog)-Static: isSBSettingEnabled false
Thanks for this awesome plugin.
Do you have any plan to migrate to DART 2.12.0 (sound null safety)?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.