Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

This is the secure droid you are looking for

564 visualizaciones

Publicado el

Presentation made on Pixels Camp on the 7th of November in 2016.

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

This is the secure droid you are looking for

  1. 1. URL url = new URL("https://pixels.camp"); URLConnection urlConnection = url.openConnection();
  2. 2. URL url = new URL("https://devpixels.local"); URLConnection urlConnection = url.openConnection();
  3. 3. SSLContext mySSLContext = SSLContext.getInstance("TLS");
  4. 4. SSLContext mySSLContext = SSLContext.getInstance("TLS"); mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustManager },new SecureRandom());
  5. 5. SSLContext mySSLContext = SSLContext.getInstance("TLS"); mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustManager },new SecureRandom()); URL url = new URL("https://devpixels.local");
  6. 6. SSLContext mySSLContext = SSLContext.getInstance("TLS"); mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustManager },new SecureRandom()); URL url = new URL("https://devpixels.local"); HttpsURLConnection urlConnection = HttpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(mySSLContext.getSocketFactory());
  7. 7. TrustManager mySuperCustomTrustManager = new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException { } public void checkClientTrusted(X509Certificate[] chain,String authType) throws CertificateException { } };
  8. 8. URL url = new URL("https://devpixels.camp"); URLConnection urlConnection = url.openConnection();
  9. 9. HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); URL url = new URL("https://devpixels.camp"); URLConnection urlConnection = url.openConnection();
  10. 10. WebView myWebView = (WebView) findViewById(R.id.webview); myWebView.loadUrl(“https://devpixels.local”);
  11. 11. WebView myWebView = (WebView) findViewById(R.id.webview); myWebView.setWebViewClient(new WebViewClient() { public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { handler.proceed(); } }); myWebView.loadUrl(“https://devpixels.local”);
  12. 12. final class JavaScriptInterface { @JavascriptInterface public String getSomeString() { return "string"; } } WebView myWebView = (WebView) findViewById(R.id.webview); myWebView.getSettings().setJavaScriptEnabled(true); myWebView.addJavascriptInterface(new JavaScriptInterface(), "jsinterface");
  13. 13. CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = getResources().openRawResource(R.raw.pixels); Certificate ca; try { ca = cf.generateCertificate(caInput); } finally { caInput.close(); }
  14. 14. CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = getResources().openRawResource(R.raw.pixels); Certificate ca; try { ca = cf.generateCertificate(caInput); } finally { caInput.close(); } String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("PixelsCampLeaf", ca);
  15. 15. String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore);
  16. 16. String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null);
  17. 17. String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); URL url = new URL("https://pixels.camp"); HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); InputStream in = urlConnection.getInputStream();
  18. 18. public class accessfile extends ContentProvider {
  19. 19. public class accessfile extends ContentProvider { public static final String AUTHORITY = "pt.claudio.security"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/"); private static final HashMap<String, String> MIME_TYPES = new HashMap<String, String>(); private static final UriMatcher sURIMatcher = new UriMatcher(UriMatcher.NO_MATCH); static { sURIMatcher.addURI(AUTHORITY, "folder/", FOLDER); sURIMatcher.addURI(AUTHORITY, "file/", FILE); }
  20. 20. public class accessfile extends ContentProvider { public static final String AUTHORITY = "pt.claudio.security"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/"); private static final HashMap<String, String> MIME_TYPES = new HashMap<String, String>(); private static final UriMatcher sURIMatcher = new UriMatcher(UriMatcher.NO_MATCH); static { sURIMatcher.addURI(AUTHORITY, "folder/", FOLDER); sURIMatcher.addURI(AUTHORITY, "file/", FILE); } … public ParcelFileDescriptor openFile(Uri uri, String mode){
  21. 21. public class accessfile extends ContentProvider { public static final String AUTHORITY = "pt.claudio.security"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/"); private static final HashMap<String, String> MIME_TYPES = new HashMap<String, String>(); private static final UriMatcher sURIMatcher = new UriMatcher(UriMatcher.NO_MATCH); static { sURIMatcher.addURI(AUTHORITY, "folder/", FOLDER); sURIMatcher.addURI(AUTHORITY, "file/", FILE); } … public ParcelFileDescriptor openFile(Uri uri, String mode){ … File f = new File(getContext().getString(R.string._sdcard), uri.getPath());
  22. 22. Uri targURI = Uri.parse("content://pt.claudio.security/../../../../../data/data/p t.claudio.security.pixelscamp_content/files/mysecretfile.txt");
  23. 23. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) {
  24. 24. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) { SELECT _id, description FROM notes WHERE _id = 1{ { Projection Selection
  25. 25. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) { SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); queryBuilder.setTables(Table.TABLE_NOTE) SQLiteDatabase db = database.getWritableDatabase();
  26. 26. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) { SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); queryBuilder.setTables(Table.TABLE_NOTE) SQLiteDatabase db = database.getWritableDatabase(); Cursor cursor = queryBuilder.query(db, projection, selection,selectionArgs, null, null, sortOrder);
  27. 27. String[] selectionArgs = { "first string", "second@string.com" }; String selection = "name=? AND email=?"; Cursor cursor = db.query("TABLE_NAME", null,selection, selectionArgs, null);
  28. 28. /res/xml/excludes.xml
  29. 29. /res/xml/excludes.xml <application> android:fullBackupContent="@xml/excludes" </application>
  30. 30. /res/xml/excludes.xml <application> android:fullBackupContent="@xml/excludes" </application> <?xml version="1.0" encoding="utf-8"?> <full-backup-content> <exclude domain="sharedpref" path="MyPrefsFile.xml"/> </full-backup-content>
  31. 31. <full-backup-content> <include domain=["file" | "database" | "sharedpref" | "external" | "root"] path="string" /> <exclude domain=["file" | "database" | "sharedpref" | "external" | "root"] path="string" /> </full-backup-content>
  32. 32. /res/xml/network_security_config.xml
  33. 33. /res/xml/network_security_config.xml <application> android:networkSecurityConfig="@xml/network_security_config" </application>
  34. 34. /res/xml/network_security_config.xml <application> android:networkSecurityConfig="@xml/network_security_config" </application> <?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config cleartextTrafficPermitted="false"> <domain includeSubdomains="true">http.badssl.com</domain> </domain-config> </network-security-config>
  35. 35. security.claudio.pt @clviper github.com/clviper Q&A

×