I am trying to implement SSL pinning using Cordova plugin for Android and i am getting an error 500: SSL handshake failed error. I am running the app on Android N.
I have tried below plugins : https://github.com/yyfearth/cordova-plugin-http
https://github.com/wymsee/cordova-HTTP
For my sample code, i am pinning facebook's certs. I have tried pinning CA cert(Avast) as well as leaf cert (facebook).
Below is my code:
var app = {
// Application Constructor
initialize: function() {
document.addEventListener('deviceready', this.onDeviceReady.bind(this), false);
},
// deviceready Event Handler
//
// Bind any cordova events here. Common events are:
// 'pause', 'resume', etc.
onDeviceReady: function() {
this.receivedEvent('deviceready');
cordovaHTTP.enableSSLPinning(
true,
function (msg) {alert("SSL pinning enabled")},
function (msg) {alert("SSL pinning can't be enabled " + msg)}
);
CordovaHttpPlugin.addPinningCerts(
['MIIEXDCCA0SgAwIBAgIBATANBgkqhkiG9w0BAQsFADBoMQswCQYDVQQGEwJDWjEP\n' +
'MA0GA1UECAwGUHJhZ3VlMQ4wDAYDVQQKDAVBVkFTVDEdMBsGA1UECwwUU29mdHdh\n' +
'cmUgRGV2ZWxvcG1lbnQxGTAXBgNVBAMMEEF2YXN0IHRydXN0ZWQgQ0EwHhcNMTYx\n' +
'MjA5MDAwMDAwWhcNMTgwMTI1MTIwMDAwWjBpMQswCQYDVQQGEwJVUzETMBEGA1UE\n' +
'CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEXMBUGA1UEChMORmFj\n' +
'ZWJvb2ssIEluYy4xFzAVBgNVBAMMDiouZmFjZWJvb2suY29tMIIBIjANBgkqhkiG\n' +
'9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEjiWVGgjCgy6GjTUTZJAFgPJ5ybGKVvCzG7\n' +
'yDKB2A2gLhFD3oEwiikVI2glBcSoPq6Yy2sOpZJWb2uchDVydjqy/6UrwL9vjZ4v\n' +
'AicRsI0A+ftVpyQZhCb2r50OnI6Fy8rpYQc0B8DP2XEq8RE3nrG7cFt80e+vygNv\n' +
'+FvV/8QwAAZlDNMCiCUEMtQ3ZHh8XybVIhVVYefrPY7GLec7UbbgP0coaJE9utVI\n' +
'ZxLIOzD+3dpCL0+/f6H2BkQLeVi5qB3+fyVsHqkHDKHnjG18nrJUR9xcNFNO9Onh\n' +
'ZK/JwT3kyECnd7mv7wE5JG9o3nsMapic+OkLWUTUNZYRzeyj3QIDAQABo4IBDjCC\n' +
'AQowHQYDVR0OBBYEFJ8vur6MoceTetprJx2P+OTfMgh2MB8GA1UdIwQYMBaAFEE4\n' +
'wE3WMlzLKyRJ94n3/3fKbXcfMIHHBgNVHREEgb8wgbyCDiouZmFjZWJvb2suY29t\n' +
'gg4qLmZhY2Vib29rLm5ldIIIKi5mYi5jb22CCyouZmJjZG4ubmV0ggsqLmZic2J4\n' +
'LmNvbYIQKi5tLmZhY2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg4qLnh4LmZi\n' +
'Y2RuLm5ldIIOKi54eS5mYmNkbi5uZXSCDioueHouZmJjZG4ubmV0ggxmYWNlYm9v\n' +
'ay5jb22CBmZiLmNvbYINbWVzc2VuZ2VyLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA\n' +
'POrSZ9dMpwQHRO78VfBjDLeoGKYk2EdnTyxFIzZXPaLzMA5+X97eektopJgRWWIG\n' +
'aVn1fsHgwNl7DqdG13mHN6w9ziMon5TlXyz0NZn9jKEtdiw0VZG6f2ccn9HOBUqK\n' +
'5EDeWKXS4XwvrckPLC61nGsUIBGa+OBIh4tQNOgLzp3sY4DzWcyV2X1CFsDtLcPT\n' +
'WWXLOY8JhkFFNkTpLHbbVYFiUUoJ49C+MTt3+0ciwQr4/Tm250ksfpgL+O5u5aB7\n' +
'hngx78ACuL9qjT682tHgw7+Y4oe9cTAs93tf5Bnp0jdjkOomJFS5YgNHTEjD9rA3\n' +
'2d9j7kz7MY2lD5/lEsfCsg==\n']
function(msg) {alert("OK, Added pinned certs success!")},
function(msg) {alert("ERROR, adding pinned certs denied " + JSON.stringify(msg))}
);
cordovaHTTP.validateDomainName(true,
function(msg) {alert("OK, Domain Name validate")},
function(msg) {alert("ERROR, Domain Name not validate " + JSON.stringify(msg))}
);
window.cordovaHTTP.get(
"https://www.facebook.com/", //https://www.facebook.com", // we have a .cer file for this in www/certificates also in assets/certificates
{}, // optional params
{}, // optional headers
function(msg) {alert("OK, Connection allowed")},
function(msg) {alert("ERROR, Connection denied " + JSON.stringify(msg))}
);
},
// Update DOM on a Received Event
receivedEvent: function(id) {
var parentElement = document.getElementById(id);
var listeningElement = parentElement.querySelector('.listening');
var receivedElement = parentElement.querySelector('.received');
listeningElement.setAttribute('style', 'display:none;');
receivedElement.setAttribute('style', 'display:block;');
console.log('Received Event: ' + id);
}
};
app.initialize();
Any idea on how to fix it?
I have used the following plugins:
As per my understanding, you have to include all of the certificates in your project folder.
Also, it is critical to check if the certificates are properly chained to the server you are connecting to. You may need root, intermediate and base certificates as well, to include in your project folder.
Please make sure the certificate you are pinning is for server you are hitting.