From 3b6243072f8e69f680fc0fbd619b338fb6cc7add Mon Sep 17 00:00:00 2001 From: Jan van Esdonk Date: Thu, 19 Jan 2017 14:48:08 +0100 Subject: [PATCH] add fingerprints from env variable --- README.md | 5 +++++ src/main/java/me/figo/internal/FigoTrustManager.java | 8 +++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1b7d499..e30a0a5 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,11 @@ session.setProxy(proxy); // now do your API calls ``` +You can add valid SSL fingerprints by adding them to the `FIGO_API_FINGERPRINTS` environment variable. Fingerprints +need to be added in HEX format without column delimiters. A column delimiter is used to indicate the next element in +the list of fingerprints. + + To disable the SSL certificate pinning (not recommended) do the following: ```java // first create the FigoSession object diff --git a/src/main/java/me/figo/internal/FigoTrustManager.java b/src/main/java/me/figo/internal/FigoTrustManager.java index fa0c1fd..01ac332 100644 --- a/src/main/java/me/figo/internal/FigoTrustManager.java +++ b/src/main/java/me/figo/internal/FigoTrustManager.java @@ -71,8 +71,9 @@ public void checkServerTrusted(X509Certificate[] certs, String authType) throws throw new CertificateException("No certificate found"); } else { String thumbprint = getThumbPrint(certs[0]); - if (!VALID_FINGERPRINTS.contains(thumbprint)) + if (!VALID_FINGERPRINTS.contains(thumbprint) && !this.getFingerprintsFromEnv().contains(thumbprint)){ throw new CertificateException(); + } } } @@ -89,4 +90,9 @@ private static String getThumbPrint(X509Certificate cert) { return ""; } } + + private static List getFingerprintsFromEnv() { + String fingerprintList = System.getenv("FIGO_API_FINGERPRINTS"); + return Arrays.asList(fingerprintList.split(":")); + } }