diff --git a/README.md b/README.md index 1b7d499..e30a0a5 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,11 @@ session.setProxy(proxy); // now do your API calls ``` +You can add valid SSL fingerprints by adding them to the `FIGO_API_FINGERPRINTS` environment variable. Fingerprints +need to be added in HEX format without column delimiters. A column delimiter is used to indicate the next element in +the list of fingerprints. + + To disable the SSL certificate pinning (not recommended) do the following: ```java // first create the FigoSession object diff --git a/src/main/java/me/figo/internal/FigoTrustManager.java b/src/main/java/me/figo/internal/FigoTrustManager.java index fa0c1fd..01ac332 100644 --- a/src/main/java/me/figo/internal/FigoTrustManager.java +++ b/src/main/java/me/figo/internal/FigoTrustManager.java @@ -71,8 +71,9 @@ public void checkServerTrusted(X509Certificate[] certs, String authType) throws throw new CertificateException("No certificate found"); } else { String thumbprint = getThumbPrint(certs[0]); - if (!VALID_FINGERPRINTS.contains(thumbprint)) + if (!VALID_FINGERPRINTS.contains(thumbprint) && !this.getFingerprintsFromEnv().contains(thumbprint)){ throw new CertificateException(); + } } } @@ -89,4 +90,9 @@ private static String getThumbPrint(X509Certificate cert) { return ""; } } + + private static List getFingerprintsFromEnv() { + String fingerprintList = System.getenv("FIGO_API_FINGERPRINTS"); + return Arrays.asList(fingerprintList.split(":")); + } }