From 9eba0af841e02144aecfe679893349627ba61dfa Mon Sep 17 00:00:00 2001 From: 519seven Date: Fri, 25 Feb 2022 23:54:09 -0500 Subject: [PATCH] Update fully-validate-ssl-tls.md Correcting the code blocks. --- en/sensitive-data/fully-validate-ssl-tls.md | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/en/sensitive-data/fully-validate-ssl-tls.md b/en/sensitive-data/fully-validate-ssl-tls.md index ddd5948..b957c0b 100644 --- a/en/sensitive-data/fully-validate-ssl-tls.md +++ b/en/sensitive-data/fully-validate-ssl-tls.md @@ -79,22 +79,26 @@ Pinning certificates to a default Apache HTTP client shipped with Android consis The following sample code demonstrates how a BKS keystore can be loaded: -` InputStream in = resources.openRawResource(certificateRawResource); +``` +InputStream in = resources.openRawResource(certificateRawResource); - keyStore = KeyStore.getInstance("BKS"); - keyStore.load(resourceStream, password);` +keyStore = KeyStore.getInstance("BKS"); +keyStore.load(resourceStream, password); +``` The constructed httpClient instance can be configured to only allow requests to host that present certificates that have been signed with certificates stored inside the application. The following sample code illustrates this approach: -` HttpParams httpParams = new BasicHttpParams(); - SchemeRegistry schemeRegistry = new SchemeRegistry(); - schemeRegistry.register(new Scheme("https", new SSLSocketFactory(keyStore), 443)); +``` +HttpParams httpParams = new BasicHttpParams(); - ThreadSafeClientConnManager clientMan = new ThreadSafeClientConnManager(httpParams, schemeRegistry); +SchemeRegistry schemeRegistry = new SchemeRegistry(); +schemeRegistry.register(new Scheme("https", new SSLSocketFactory(keyStore), 443)); +ThreadSafeClientConnManager clientMan = new ThreadSafeClientConnManager(httpParams, schemeRegistry); - httpClient = new DefaultHttpClient(clientMan, httpParams);` +httpClient = new DefaultHttpClient(clientMan, httpParams); +``` For more information on implementing certificate pinning in Android, refer to the OWASP [Certificate and Public Key Pinning guide](https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#Android) - https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning#Android.