search

datatheorem / TrustKit-Android

Easy SSL pinning validation and reporting for Android.
MIT License
584 stars 87 forks source link

TrustKit throws IllegalArgumentException #52

Open iskugor opened 5 years ago

iskugor commented 5 years ago

Hello!

Describe the bug

I'm seeing one crash in Google play console:

java.lang.IllegalArgumentException: 
  at com.datatheorem.android.trustkit.config.TrustKitConfiguration.getPolicyForHostname (TrustKitConfiguration.java:90)
  at com.datatheorem.android.trustkit.pinning.TrustManagerBuilder.getTrustManager (TrustManagerBuilder.java:67)
  at com.datatheorem.android.trustkit.TrustKit.getTrustManager (TrustKit.java:390)

https://github.com/datatheorem/TrustKit-Android/blob/master/trustkit/src/main/java/com/datatheorem/android/trustkit/config/TrustKitConfiguration.java#L91

To Reproduce

Unfortunately I cannot reproduce it. It happens to just two users. I just enabled certificate pinning for one default server (and user can use their own server for which pining is not enabled). It looks like server url is not valid, but I validate server url with:

https://github.com/square/okhttp/blob/master/okhttp/src/main/java/okhttp3/HttpUrl.java#L903

before creating http client:

okhttp3.OkHttpClient.Builder httpClient = new okhttp3.OkHttpClient.Builder();
X509TrustManager[] trustManagers = { TrustKit.getInstance().getTrustManager(backendUrl) };

so I'm confused why TrustKit throws exception.

Expected behavior App would not crash.

Or please, let me know how should I handle this exception?

TrustKit configuration

<domain-config cleartextTrafficPermitted="false">
    <domain includeSubdomains="true">*******.***</domain>
    <pin-set>
        <pin digest="SHA-256">********************************************</pin>
        <pin digest="SHA-256">********************************************</pin>
    </pin-set>
    <trustkit-config enforcePinning="true" disableDefaultReportUri="true">
    </trustkit-config>
</domain-config>

App details: