Connect to HTTPS from Android - REST and SOAP web service

Question

I am facing a problem to call https from Android. Can any one please help with steps to connect to the https server.

I tried to connect to google with https and its working fine but when I try to connect to my local server, I am facing problems.

1. want to connect a RESTful web service with https

2. want to connect a SOAP based web service developed using JAX-WS with https.

3. Code to connect with RESTFul

   HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
   
   DefaultHttpClient client = new DefaultHttpClient();
   
   SchemeRegistry registry = new SchemeRegistry();
   SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();
   socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
   registry.register(new Scheme("https", socketFactory, 443));
   SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);
   DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());
   
   // Set verifier     
   HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
   
   // Example send http request
    //final String url = "https://encrypted.google.com/";
    final String url = "https://ipaddress:8181/RESTTest/cars";
    HttpPost httpPost = new HttpPost(url);
     try{
        HttpResponse response = httpClient.execute(httpPost);
        System.out.println(response);
    }catch(Exception e){
        e.printStackTrace();
    }
   

   its working fine for google but not working for my server and it's giving

   javax.net.ssl.SSLException: Not trusted server certificate

4. Code for connect with SOAP:

   public String getString(final String methodName, Map<String, Object>        params)        throws     Exception {
   HttpTransportSE httpsTransportSE = new         HttpTransportSE("https://ipaddress:8181/BankingWS/banking?wsdl");
   
   try {
       SoapObject request = new SoapObject("https://test/",
               methodName);
       if(params != null && params.size() > 0){
           Set<String> keys = params.keySet();
           Iterator<String> iterator = keys.iterator();
           while(iterator.hasNext()){
               String key = iterator.next();
               request.addProperty(key, params.get(key));
               key = null;
           }
       }
       SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(
               SoapEnvelope.VER11);
       envelope.setOutputSoapObject(request);
   
       TrustManagerManipulator.allowAllSSL();
       httpsTransportSE.call(methodName, envelope);
   
       SoapPrimitive sp = (SoapPrimitive) envelope.getResponse();
   
       return sp.toString();
   } catch (Exception exception) {
       System.out.println(exception.toString());
       throw exception;
   }
   }
   

   In above code using the TrustManagerManipulator from following link: http://abhinavasblog.blogspot.com/2011/07/allow-untrusted-certificate-for-https.html

This is also not working and when I check the response code it's giving

SoapFault - faultcode: 'S:Client' faultstring: 'Cannot find dispatch method for {test.WSEndPointPort}authenticate' faultactor: 'null' detail: null

Please help to fix this problem, as I am not able to call https from Android by any way :(

Thank you very much for your time and efforts.

Thank you, Ishan

Answer 1

You need to create a X509TrustManager which bypass all the security check. You can find an example in this similar questions:

Make a connection to a HTTPS server from Java and ignore the validity of the security certificate

or

How to ignore SSL certificate errors in Apache HttpClient 4.0