flutter_certificate_pinning
HTTPS certificate verification or public key pinning for Dio.
How to use
- Get SHA256 Certificate Fingerprint from Unit Test
flutter test test/flutter_certificate_pinning_test.dart
Output
ExpiredAt: Dec 11 08:19:25 2023 GMT
Fingerprints: [b235f7c569490f2b2b861d2237e303337fe45a80ffec55dc140abda69e843d51]
- SHA256 Certificate Fingerprint
class Sha256CertificateFingerprint implements CertificateFingerprint {
@override
Future<Map<String, bool>> fingerprints() async {
return {
// ExpiredAt: Dec 11 08:19:25 2023 GMT
'b235f7c569490f2b2b861d2237e303337fe45a80ffec55dc140abda69e843d51': true,
};
}
}
- Custom Validator
class SelfCustomValidator implements CustomValidator {
@override
bool validate(X509Certificate cert, String host, int port) {
final hostMatches = _validateHost(host);
return hostMatches;
}
bool _validateHost(String host) {
return 'google.com' == host;
}
}
- Certificate Trusted Configuration
class LocalCertificateTrustedConfiguration implements CertificateTrustedConfiguration {
@override
List<List<int>> certificates() {
// Certificate bytes
return [];
}
}
- Using
final certificateTrustedConfiguration = LocalCertificateTrustedConfiguration();
final sha256CertificateFingerprint = Sha256CertificateFingerprint();
final selfCustomValidator = SelfCustomValidator();
final certificateValidator = SelfCertificateValidator(selfCustomValidator);
final securityHttpClientCreator = SecurityHttpClientCreator(
certificateValidator,
certificateTrustedConfiguration: certificateTrustedConfiguration,
);
final httpsCertificateVerification = HttpsCertificateVerification(
securityHttpClientCreator,
certificateValidator,
sha256CertificateFingerprint,
);
final dio = Dio();
httpsCertificateVerification.config(dio);
Libraries
- command/certificate_executor
- flutter_certificate_pinning
- verification/certificate_fingerprint
- verification/certificate_trusted_configuration
- verification/certificate_validator
- verification/certificate_verification
- verification/custom_validator
- verification/http_client_creator
- verification/https_certificate_verification
- verification/security_http_client_creator
- verification/self_certificate_validator