Fix cert pin serialization

gthea · gthea · commit 17a8df640a96 · 2026-02-10T15:01:20.000-03:00
diff --git a/main/src/main/java/io/split/android/client/network/CertificatePinSerializer.java b/main/src/main/java/io/split/android/client/network/CertificatePinSerializer.java
@@ -0,0 +1,67 @@
+package io.split.android.client.network;
+
+import com.google.gson.TypeAdapter;
+import com.google.gson.stream.JsonReader;
+import com.google.gson.stream.JsonWriter;
+
+import java.io.IOException;
+
+/**
+ * Custom Gson {@link TypeAdapter} for {@link CertificatePin} that uses
+ * {@code "algo"} and {@code "pin"} as JSON keys instead of the raw field names.
+ */
+public class CertificatePinSerializer extends TypeAdapter<CertificatePin> {
+
+    @Override
+    public void write(JsonWriter out, CertificatePin src) throws IOException {
+        out.beginObject();
+        out.name("algo").value(src.getAlgorithm());
+        out.name("pin");
+        out.beginArray();
+        for (byte b : src.getPin()) {
+            out.value(b);
+        }
+        out.endArray();
+        out.endObject();
+    }
+
+    @Override
+    public CertificatePin read(JsonReader in) throws IOException {
+        String algorithm = null;
+        byte[] pin = null;
+
+        in.beginObject();
+        while (in.hasNext()) {
+            String name = in.nextName();
+            switch (name) {
+                case "algo":
+                    algorithm = in.nextString();
+                    break;
+                case "pin":
+                    pin = readByteArray(in);
+                    break;
+                default:
+                    in.skipValue();
+                    break;
+            }
+        }
+        in.endObject();
+
+        return new CertificatePin(pin, algorithm);
+    }
+
+    private static byte[] readByteArray(JsonReader in) throws IOException {
+        java.util.List<Byte> bytes = new java.util.ArrayList<>();
+        in.beginArray();
+        while (in.hasNext()) {
+            bytes.add((byte) in.nextInt());
+        }
+        in.endArray();
+
+        byte[] result = new byte[bytes.size()];
+        for (int i = 0; i < bytes.size(); i++) {
+            result[i] = bytes.get(i);
+        }
+        return result;
+    }
+}
diff --git a/main/src/main/java/io/split/android/client/network/CertificatePinningConfigurationProvider.java b/main/src/main/java/io/split/android/client/network/CertificatePinningConfigurationProvider.java
@@ -1,10 +1,8 @@
 package io.split.android.client.network;
 
-import com.google.gson.annotations.SerializedName;
 import com.google.gson.reflect.TypeToken;
 
 import java.lang.reflect.Type;
-import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
@@ -15,18 +13,14 @@ public class CertificatePinningConfigurationProvider {
 
     public static CertificatePinningConfiguration getCertificatePinningConfiguration(String pinsJson) {
         try {
-            Type type = new TypeToken<Map<String, Set<CertificatePinDto>>>() {
+            Type type = new TypeToken<Map<String, Set<CertificatePin>>>() {
             }.getType();
-            Map<String, Set<CertificatePinDto>> certificatePins = Json.fromJson(pinsJson, type);
+            Map<String, Set<CertificatePin>> certificatePins = Json.fromJson(pinsJson, type);
 
             if (certificatePins != null && !certificatePins.isEmpty()) {
                 CertificatePinningConfiguration.Builder builder = CertificatePinningConfiguration.builder();
-                for (Map.Entry<String, Set<CertificatePinDto>> entry : certificatePins.entrySet()) {
-                    Set<CertificatePin> pins = new HashSet<>();
-                    for (CertificatePinDto dto : entry.getValue()) {
-                        pins.add(new CertificatePin(dto.pin, dto.algorithm));
-                    }
-                    builder.addPins(entry.getKey(), pins);
+                for (Map.Entry<String, Set<CertificatePin>> entry : certificatePins.entrySet()) {
+                    builder.addPins(entry.getKey(), entry.getValue());
                 }
 
                 return builder
@@ -38,11 +32,4 @@ public static CertificatePinningConfiguration getCertificatePinningConfiguration
 
         return null;
     }
-
-    private static class CertificatePinDto {
-        @SerializedName("pin")
-        byte[] pin;
-        @SerializedName("algo")
-        String algorithm;
-    }
 }
diff --git a/main/src/main/java/io/split/android/client/utils/Json.java b/main/src/main/java/io/split/android/client/utils/Json.java
@@ -15,6 +15,8 @@
 import java.util.Set;
 
 import io.split.android.client.dtos.KeyImpression;
+import io.split.android.client.network.CertificatePin;
+import io.split.android.client.network.CertificatePinSerializer;
 import io.split.android.client.service.impressions.KeyImpressionSerializer;
 import io.split.android.client.utils.serializer.DoubleSerializer;
 
@@ -24,6 +26,7 @@ public class Json {
             .serializeNulls()
             .registerTypeAdapter(Double.class, new DoubleSerializer())
             .registerTypeAdapter(KeyImpression.class, new KeyImpressionSerializer())
+            .registerTypeAdapter(CertificatePin.class, new CertificatePinSerializer())
             .create();
     private static volatile Gson mNonNullJson;
 
diff --git a/main/src/test/java/io/split/android/client/network/CertificatePinSerializerTest.java b/main/src/test/java/io/split/android/client/network/CertificatePinSerializerTest.java
@@ -0,0 +1,129 @@
+package io.split.android.client.network;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.reflect.TypeToken;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+import java.util.Set;
+
+public class CertificatePinSerializerTest {
+
+    private Gson mGson;
+
+    @Before
+    public void setUp() {
+        mGson = new GsonBuilder()
+                .registerTypeAdapter(CertificatePin.class, new CertificatePinSerializer())
+                .create();
+    }
+
+    @Test
+    public void serializeSinglePin() {
+        CertificatePin pin = new CertificatePin(new byte[]{1, 2, 3}, "sha256");
+
+        String json = mGson.toJson(pin);
+
+        assertEquals("{\"algo\":\"sha256\",\"pin\":[1,2,3]}", json);
+    }
+
+    @Test
+    public void serializeNegativeByteValues() {
+        CertificatePin pin = new CertificatePin(new byte[]{-80, 50, -99, -126, 11}, "sha256");
+
+        String json = mGson.toJson(pin);
+
+        assertEquals("{\"algo\":\"sha256\",\"pin\":[-80,50,-99,-126,11]}", json);
+    }
+
+    @Test
+    public void deserializeSinglePin() {
+        String json = "{\"algo\":\"sha1\",\"pin\":[-116,-73,-94,-80,55]}";
+
+        CertificatePin pin = mGson.fromJson(json, CertificatePin.class);
+
+        assertNotNull(pin);
+        assertEquals("sha1", pin.getAlgorithm());
+        assertArrayEquals(new byte[]{-116, -73, -94, -80, 55}, pin.getPin());
+    }
+
+    @Test
+    public void roundTripPreservesData() {
+        CertificatePin original = new CertificatePin(new byte[]{-116, -123, 30, -25}, "sha256");
+
+        String json = mGson.toJson(original);
+        CertificatePin deserialized = mGson.fromJson(json, CertificatePin.class);
+
+        assertNotNull(deserialized);
+        assertEquals(original.getAlgorithm(), deserialized.getAlgorithm());
+        assertArrayEquals(original.getPin(), deserialized.getPin());
+    }
+
+    @Test
+    public void roundTripMapOfSets() {
+        String expectedJson = "{\"events.split.io\":[{\"algo\":\"sha256\",\"pin\":[-80,50,-99,-126,11]},{\"algo\":\"sha1\",\"pin\":[-116,-73,-94,-80,55]}],\"sdk.split.io\":[{\"algo\":\"sha256\",\"pin\":[-116,-123,30,-25]}]}";
+
+        Type type = new TypeToken<Map<String, Set<CertificatePin>>>() {
+        }.getType();
+        Map<String, Set<CertificatePin>> deserialized = mGson.fromJson(expectedJson, type);
+
+        assertNotNull(deserialized);
+        assertEquals(2, deserialized.size());
+        assertEquals(2, deserialized.get("events.split.io").size());
+        assertEquals(1, deserialized.get("sdk.split.io").size());
+
+        // Re-serialize and deserialize 
+        String reserialized = mGson.toJson(deserialized, type);
+        Map<String, Set<CertificatePin>> roundTripped = mGson.fromJson(reserialized, type);
+
+        assertNotNull(roundTripped);
+        assertEquals(deserialized.size(), roundTripped.size());
+        for (Map.Entry<String, Set<CertificatePin>> entry : deserialized.entrySet()) {
+            Set<CertificatePin> originalPins = entry.getValue();
+            Set<CertificatePin> roundTrippedPins = roundTripped.get(entry.getKey());
+            assertNotNull(roundTrippedPins);
+            assertEquals(originalPins.size(), roundTrippedPins.size());
+            assertEquals(originalPins, roundTrippedPins);
+        }
+    }
+
+    @Test
+    public void deserializeWithUnknownFieldsIsIgnored() {
+        String json = "{\"algo\":\"sha256\",\"pin\":[1,2],\"extra\":\"ignored\"}";
+
+        CertificatePin pin = mGson.fromJson(json, CertificatePin.class);
+
+        assertNotNull(pin);
+        assertEquals("sha256", pin.getAlgorithm());
+        assertArrayEquals(new byte[]{1, 2}, pin.getPin());
+    }
+
+    @Test
+    public void deserializeMissingFieldsResultsInNulls() {
+        String json = "{}";
+
+        CertificatePin pin = mGson.fromJson(json, CertificatePin.class);
+
+        assertNotNull(pin);
+        assertNull(pin.getAlgorithm());
+        assertNull(pin.getPin());
+    }
+
+    @Test
+    public void serializeEmptyPinArray() {
+        CertificatePin pin = new CertificatePin(new byte[]{}, "sha256");
+
+        String json = mGson.toJson(pin);
+
+        assertEquals("{\"algo\":\"sha256\",\"pin\":[]}", json);
+    }
+}
