2

HostnameVerifier

Your app (s) are using an unsafe implementation of the HostnameVerifier interface. You can find more information about how to solve the issue in this Google Help Center article.

okHttpClientBuilder.hostnameVerifier((hostname, session) -> {

        Certificate[] certs;
        try {
            certs = session.getPeerCertificates();
            //Log.e(TAG, "getHttpClient: "+certs[0] );
        } catch (SSLException e) {
            Log.e(TAG, "getHttpClient: "+e.getMessage() );
            return false;
        }
        X509Certificate x509 = (X509Certificate) certs[0];
        // We can be case-insensitive when comparing the host we used to
        // establish the socket to the hostname in the certificate.
        String hostName = hostname.trim().toLowerCase(Locale.ENGLISH);
        // Verify the first CN provided. Other CNs are ignored. Firefox, wget,
        // curl, and Sun Java work this way.
        String firstCn = getFirstCn(x509);
        System.out.println(TAG + ": firstCn: " + firstCn);
        Log.e(TAG, "getHttpClient:1 "+hostName +" "+firstCn );
        if (matches(hostName, firstCn)) {
            Log.e(TAG, "getHttpClient:2 "+hostName+" "+firstCn );
            return true;
        }
        for (String cn : getDNSSubjectAlts(x509)) {
            if (matches(hostName, cn)) {
                Log.e(TAG, "getHttpClient: True" );
                return true;
            }
        }
        Log.e(TAG, "getHttpClient: False" );
        return false;

    });

    return okHttpClientBuilder.build();


}

private static String getFirstCn(X509Certificate cert) {
    String subjectPrincipal = cert.getSubjectX500Principal().toString();
    Log.e(TAG, "getFirstCn: "+subjectPrincipal );
    for (String token : subjectPrincipal.split(",")) {
        int x = token.indexOf("CN=");
        if (x >= 0) {
            return token.substring(x + 3);
        }
    }
    return null;
}
Joachim Sauer
  • 302,674
  • 57
  • 556
  • 614
Radwan
  • 17
  • 1

0 Answers0