Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
URL url = new URL("https://pixels.camp");
URLConnection urlConnection = url.openConnection();
URL url = new URL("https://devpixels.local");
URLConnection urlConnection = url.openConnection();
SSLContext mySSLContext = SSLContext.getInstance("TLS");
SSLContext mySSLContext = SSLContext.getInstance("TLS");
mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustMa...
SSLContext mySSLContext = SSLContext.getInstance("TLS");
mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustMa...
SSLContext mySSLContext = SSLContext.getInstance("TLS");
mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustMa...
TrustManager mySuperCustomTrustManager = new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return n...
URL url = new URL("https://devpixels.camp");
URLConnection urlConnection = url.openConnection();
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSessio...
WebView myWebView = (WebView) findViewById(R.id.webview);
myWebView.loadUrl(“https://devpixels.local”);
WebView myWebView = (WebView) findViewById(R.id.webview);
myWebView.setWebViewClient(new WebViewClient() {
public void onR...
final class JavaScriptInterface {
@JavascriptInterface
public String getSomeString() {
return "string";
}
}
WebView myWebV...
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.ra...
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = getResources().openRawResource(R.ra...
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance...
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance...
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance...
public class accessfile extends ContentProvider {
public class accessfile extends ContentProvider {
public static final String AUTHORITY = "pt.claudio.security";
public sta...
public class accessfile extends ContentProvider {
public static final String AUTHORITY = "pt.claudio.security";
public sta...
public class accessfile extends ContentProvider {
public static final String AUTHORITY = "pt.claudio.security";
public sta...
Uri targURI =
Uri.parse("content://pt.claudio.security/../../../../../data/data/p
t.claudio.security.pixelscamp_content/fi...
public Cursor query(Uri uri, String[] projection, String
selection,String[] selectionArgs, String sortOrder) {
public Cursor query(Uri uri, String[] projection, String
selection,String[] selectionArgs, String sortOrder) {
SELECT _id,...
public Cursor query(Uri uri, String[] projection, String
selection,String[] selectionArgs, String sortOrder) {
SQLiteQuery...
public Cursor query(Uri uri, String[] projection, String
selection,String[] selectionArgs, String sortOrder) {
SQLiteQuery...
String[] selectionArgs = { "first string", "second@string.com" };
String selection = "name=? AND email=?";
Cursor cursor =...
/res/xml/excludes.xml
/res/xml/excludes.xml
<application>
android:fullBackupContent="@xml/excludes"
</application>
/res/xml/excludes.xml
<application>
android:fullBackupContent="@xml/excludes"
</application>
<?xml version="1.0" encoding=...
<full-backup-content>
<include domain=["file" | "database" | "sharedpref" | "external" | "root"]
path="string" />
<exclude...
/res/xml/network_security_config.xml
/res/xml/network_security_config.xml
<application>
android:networkSecurityConfig="@xml/network_security_config"
</applicat...
/res/xml/network_security_config.xml
<application>
android:networkSecurityConfig="@xml/network_security_config"
</applicat...
security.claudio.pt @clviper github.com/clviper
Q&A
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
This is the secure droid you are looking for
Prochain SlideShare
Chargement dans…5
×

This is the secure droid you are looking for

575 vues

Publié le

Presentation made on Pixels Camp on the 7th of November in 2016.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

This is the secure droid you are looking for

  1. 1. URL url = new URL("https://pixels.camp"); URLConnection urlConnection = url.openConnection();
  2. 2. URL url = new URL("https://devpixels.local"); URLConnection urlConnection = url.openConnection();
  3. 3. SSLContext mySSLContext = SSLContext.getInstance("TLS");
  4. 4. SSLContext mySSLContext = SSLContext.getInstance("TLS"); mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustManager },new SecureRandom());
  5. 5. SSLContext mySSLContext = SSLContext.getInstance("TLS"); mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustManager },new SecureRandom()); URL url = new URL("https://devpixels.local");
  6. 6. SSLContext mySSLContext = SSLContext.getInstance("TLS"); mySSLContext.init(null, new TrustManager[] { mySuperCustomTrustManager },new SecureRandom()); URL url = new URL("https://devpixels.local"); HttpsURLConnection urlConnection = HttpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(mySSLContext.getSocketFactory());
  7. 7. TrustManager mySuperCustomTrustManager = new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return null; } public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException { } public void checkClientTrusted(X509Certificate[] chain,String authType) throws CertificateException { } };
  8. 8. URL url = new URL("https://devpixels.camp"); URLConnection urlConnection = url.openConnection();
  9. 9. HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }); URL url = new URL("https://devpixels.camp"); URLConnection urlConnection = url.openConnection();
  10. 10. WebView myWebView = (WebView) findViewById(R.id.webview); myWebView.loadUrl(“https://devpixels.local”);
  11. 11. WebView myWebView = (WebView) findViewById(R.id.webview); myWebView.setWebViewClient(new WebViewClient() { public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { handler.proceed(); } }); myWebView.loadUrl(“https://devpixels.local”);
  12. 12. final class JavaScriptInterface { @JavascriptInterface public String getSomeString() { return "string"; } } WebView myWebView = (WebView) findViewById(R.id.webview); myWebView.getSettings().setJavaScriptEnabled(true); myWebView.addJavascriptInterface(new JavaScriptInterface(), "jsinterface");
  13. 13. CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = getResources().openRawResource(R.raw.pixels); Certificate ca; try { ca = cf.generateCertificate(caInput); } finally { caInput.close(); }
  14. 14. CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = getResources().openRawResource(R.raw.pixels); Certificate ca; try { ca = cf.generateCertificate(caInput); } finally { caInput.close(); } String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("PixelsCampLeaf", ca);
  15. 15. String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore);
  16. 16. String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null);
  17. 17. String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); URL url = new URL("https://pixels.camp"); HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); InputStream in = urlConnection.getInputStream();
  18. 18. public class accessfile extends ContentProvider {
  19. 19. public class accessfile extends ContentProvider { public static final String AUTHORITY = "pt.claudio.security"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/"); private static final HashMap<String, String> MIME_TYPES = new HashMap<String, String>(); private static final UriMatcher sURIMatcher = new UriMatcher(UriMatcher.NO_MATCH); static { sURIMatcher.addURI(AUTHORITY, "folder/", FOLDER); sURIMatcher.addURI(AUTHORITY, "file/", FILE); }
  20. 20. public class accessfile extends ContentProvider { public static final String AUTHORITY = "pt.claudio.security"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/"); private static final HashMap<String, String> MIME_TYPES = new HashMap<String, String>(); private static final UriMatcher sURIMatcher = new UriMatcher(UriMatcher.NO_MATCH); static { sURIMatcher.addURI(AUTHORITY, "folder/", FOLDER); sURIMatcher.addURI(AUTHORITY, "file/", FILE); } … public ParcelFileDescriptor openFile(Uri uri, String mode){
  21. 21. public class accessfile extends ContentProvider { public static final String AUTHORITY = "pt.claudio.security"; public static final Uri CONTENT_URI = Uri.parse("content://" + AUTHORITY + "/"); private static final HashMap<String, String> MIME_TYPES = new HashMap<String, String>(); private static final UriMatcher sURIMatcher = new UriMatcher(UriMatcher.NO_MATCH); static { sURIMatcher.addURI(AUTHORITY, "folder/", FOLDER); sURIMatcher.addURI(AUTHORITY, "file/", FILE); } … public ParcelFileDescriptor openFile(Uri uri, String mode){ … File f = new File(getContext().getString(R.string._sdcard), uri.getPath());
  22. 22. Uri targURI = Uri.parse("content://pt.claudio.security/../../../../../data/data/p t.claudio.security.pixelscamp_content/files/mysecretfile.txt");
  23. 23. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) {
  24. 24. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) { SELECT _id, description FROM notes WHERE _id = 1{ { Projection Selection
  25. 25. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) { SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); queryBuilder.setTables(Table.TABLE_NOTE) SQLiteDatabase db = database.getWritableDatabase();
  26. 26. public Cursor query(Uri uri, String[] projection, String selection,String[] selectionArgs, String sortOrder) { SQLiteQueryBuilder queryBuilder = new SQLiteQueryBuilder(); queryBuilder.setTables(Table.TABLE_NOTE) SQLiteDatabase db = database.getWritableDatabase(); Cursor cursor = queryBuilder.query(db, projection, selection,selectionArgs, null, null, sortOrder);
  27. 27. String[] selectionArgs = { "first string", "second@string.com" }; String selection = "name=? AND email=?"; Cursor cursor = db.query("TABLE_NAME", null,selection, selectionArgs, null);
  28. 28. /res/xml/excludes.xml
  29. 29. /res/xml/excludes.xml <application> android:fullBackupContent="@xml/excludes" </application>
  30. 30. /res/xml/excludes.xml <application> android:fullBackupContent="@xml/excludes" </application> <?xml version="1.0" encoding="utf-8"?> <full-backup-content> <exclude domain="sharedpref" path="MyPrefsFile.xml"/> </full-backup-content>
  31. 31. <full-backup-content> <include domain=["file" | "database" | "sharedpref" | "external" | "root"] path="string" /> <exclude domain=["file" | "database" | "sharedpref" | "external" | "root"] path="string" /> </full-backup-content>
  32. 32. /res/xml/network_security_config.xml
  33. 33. /res/xml/network_security_config.xml <application> android:networkSecurityConfig="@xml/network_security_config" </application>
  34. 34. /res/xml/network_security_config.xml <application> android:networkSecurityConfig="@xml/network_security_config" </application> <?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config cleartextTrafficPermitted="false"> <domain includeSubdomains="true">http.badssl.com</domain> </domain-config> </network-security-config>
  35. 35. security.claudio.pt @clviper github.com/clviper Q&A

×