search

datatheorem / TrustKit-Android

Easy SSL pinning validation and reporting for Android.
MIT License
584 stars 87 forks source link

TrustKit has not been initialized #45

Closed CaffeinatedFunctionality closed 5 years ago

CaffeinatedFunctionality commented 5 years ago

Describe the bug I am setting this up in a react native application. For some reason it refuses to initialize and it gives me the error, "TrustKit has not been initialized".

To Reproduce Create a React Native application and then add the following to MainActivity

    @Override
    public void onCreate(Bundle savedInstanceState) {
        try {
            TrustKit.initializeWithNetworkSecurityConfiguration(this);
        } catch (Exception e) {
            e.printStackTrace();
        }
        OkHttpClientProvider.setOkHttpClientFactory(new CustomClientFactory());
        super.onCreate(savedInstanceState);
    }

My CustomClientFactory is

public class CustomClientFactory implements OkHttpClientFactory {
    private static String hostname = "*.your.service.com";

    @Override
    public OkHttpClient createNewNetworkModuleClient() {
        String hostname = null;
        try {
            hostname = new URL("https://hidden.com").getHost();
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }

        OkHttpClient.Builder client = new OkHttpClient.Builder()
                .connectTimeout(0, TimeUnit.MILLISECONDS)
                .readTimeout(0, TimeUnit.MILLISECONDS)
                .writeTimeout(0, TimeUnit.MILLISECONDS)
                .cookieJar(new ReactCookieJarContainer())
                .sslSocketFactory(TrustKit.getInstance().getSSLSocketFactory(hostname),TrustKit.getInstance().getTrustManager(hostname));
        return OkHttpClientProvider.enableTls12OnPreLollipop(client).build();
    }
}

My Build.gradle has the line implementation 'com.datatheorem.android.trustkit:trustkit:+'

My manifest has this as well 

<application
      android:name=".MainApplication"
      android:networkSecurityConfig="@xml/network_security_config"
      ...

Expected behavior I expect it to initialize

TrustKit configuration In my network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config>
        <domain includeSubdomains="true">hidden.com</domain>
        <pin-set>
            <pin digest="SHA-256">AAAAAAQAAWDFSGSGSFSEFWEF=</pin> //hidden for security
        </pin-set>
        <trustkit-config enforcePinning="true">
        </trustkit-config>
    </domain-config>
</network-security-config>

App details:

Of note this is what I was following: https://medium.com/@jaedmuva/react-native-ssl-pinning-is-back-e317e6682642

CaffeinatedFunctionality commented 5 years ago

Apparently you must have two pins. I figured it out.

shubhamdeol commented 1 year ago

how you created two pins with same certificate @CaffeinatedFunctionality