MarketTakers/arbiter
5
0
Fork 0
Code Issues 27 Pull Requests 6 Packages Projects Releases Wiki Activity

security(useragent): validate server cert fingerprint and host instead of accepting all certificates
Some checks failed
ci/woodpecker/pr/useragent-analyze Pipeline failed
Details

Browse Source
This commit is contained in:
CleverWild
2026-04-10 14:44:16 +02:00
parent 62dff3f810
commit 9e1ab51398
2 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
useragent/test/features/connection/auth_tls_validation_test.dart Normal file
View File

@@ -0,0 +1,35 @@
import 'package:arbiter/features/connection/auth.dart';
import 'package:flutter_test/flutter_test.dart';
void main() {
group('certificate pinning helpers', () {
test('certificateFingerprintHex returns SHA-256 in hex', () {
final fingerprint = certificateFingerprintHex('abc'.codeUnits);
expect(
fingerprint,
'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad',
);
});
test('isPinnedServerCertificate matches expected fingerprint', () {
final matches = isPinnedServerCertificate(
expectedFingerprint:
'BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD',
certificateDer: 'abc'.codeUnits,
);
expect(matches, isTrue);
});
test('isPinnedServerCertificate rejects mismatched fingerprint', () {
final matches = isPinnedServerCertificate(
expectedFingerprint:
'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',
certificateDer: 'abc'.codeUnits,
);
expect(matches, isFalse);
});
});
}