Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Https Connection Android

Tags:

java

android

ssl

I am doing a https post and I'm getting an exception of ssl exception Not trusted server certificate. If i do normal http it is working perfectly fine. Do I have to accept the server certificate somehow?

like image 686
Sam97305421562 Avatar asked Jun 15 '09 11:06

Sam97305421562


People also ask

Do Android apps use HTTPS?

HTTPS will now be the default for all Android Apps.


2 Answers

This is what I am doing. It simply doesn't check the certificate anymore.

// always verify the host - dont check for certificate final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {     public boolean verify(String hostname, SSLSession session) {         return true;     } };  /**  * Trust every server - dont check for any certificate  */ private static void trustAllHosts() {     // Create a trust manager that does not validate certificate chains     TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {         public java.security.cert.X509Certificate[] getAcceptedIssuers() {             return new java.security.cert.X509Certificate[] {};         }          public void checkClientTrusted(X509Certificate[] chain,                 String authType) throws CertificateException {         }          public void checkServerTrusted(X509Certificate[] chain,                 String authType) throws CertificateException {         }     } };      // Install the all-trusting trust manager     try {         SSLContext sc = SSLContext.getInstance("TLS");         sc.init(null, trustAllCerts, new java.security.SecureRandom());         HttpsURLConnection                 .setDefaultSSLSocketFactory(sc.getSocketFactory());     } catch (Exception e) {         e.printStackTrace();     } } 

and

    HttpURLConnection http = null;      if (url.getProtocol().toLowerCase().equals("https")) {         trustAllHosts();         HttpsURLConnection https = (HttpsURLConnection) url.openConnection();         https.setHostnameVerifier(DO_NOT_VERIFY);         http = https;     } else {         http = (HttpURLConnection) url.openConnection();     } 
like image 143
Ulrich Scheller Avatar answered Oct 18 '22 14:10

Ulrich Scheller


I'm making a guess, but if you want an actual handshake to occur, you have to let android know of your certificate. If you want to just accept no matter what, then use this pseudo-code to get what you need with the Apache HTTP Client:

SchemeRegistry schemeRegistry = new SchemeRegistry ();  schemeRegistry.register (new Scheme ("http",     PlainSocketFactory.getSocketFactory (), 80)); schemeRegistry.register (new Scheme ("https",     new CustomSSLSocketFactory (), 443));  ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager (     params, schemeRegistry);   return new DefaultHttpClient (cm, params); 

CustomSSLSocketFactory:

public class CustomSSLSocketFactory extends org.apache.http.conn.ssl.SSLSocketFactory { private SSLSocketFactory FACTORY = HttpsURLConnection.getDefaultSSLSocketFactory ();  public CustomSSLSocketFactory ()     {     super(null);     try         {         SSLContext context = SSLContext.getInstance ("TLS");         TrustManager[] tm = new TrustManager[] { new FullX509TrustManager () };         context.init (null, tm, new SecureRandom ());          FACTORY = context.getSocketFactory ();         }     catch (Exception e)         {         e.printStackTrace();         }     }  public Socket createSocket() throws IOException {     return FACTORY.createSocket(); }   // TODO: add other methods like createSocket() and getDefaultCipherSuites().  // Hint: they all just make a call to member FACTORY  } 

FullX509TrustManager is a class that implements javax.net.ssl.X509TrustManager, yet none of the methods actually perform any work, get a sample here.

Good Luck!

like image 29
Nate Avatar answered Oct 18 '22 14:10

Nate