Making a HTTPS request using Android Volley

Question

I am trying to make a https request using this code:

RequestQueue queue = Volley.newRequestQueue(getApplicationContext()); request = new Request<String>(Request.Method.GET,"https://devblahblahblah.com/service/etc",errListener); 

but I am getting this error:

com.android.volley.NoConnectionError: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Two points to be noted:

1. The HTTPS cert is valid. Easily opens without any warning on browser.
2. The above code works fine with HTTP links.

I actually need to know if there are any switches/options in the Android Volley framework by using which I'll successfully hit a HTTPS URL?

Answer 1

Warning: The following code should not be used in production because it is vulnerable to SSL attacks

Probably these codes below will be helpful for you:

1.Create a HttpsTrustManager class that implements X509TrustManager:

public class HttpsTrustManager implements X509TrustManager {      private static TrustManager[] trustManagers;     private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};      @Override     public void checkClientTrusted(             java.security.cert.X509Certificate[] x509Certificates, String s)             throws java.security.cert.CertificateException {      }      @Override     public void checkServerTrusted(             java.security.cert.X509Certificate[] x509Certificates, String s)             throws java.security.cert.CertificateException {      }      public boolean isClientTrusted(X509Certificate[] chain) {         return true;     }      public boolean isServerTrusted(X509Certificate[] chain) {         return true;     }      @Override     public X509Certificate[] getAcceptedIssuers() {         return _AcceptedIssuers;     }      public static void allowAllSSL() {         HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {              @Override             public boolean verify(String arg0, SSLSession arg1) {                 return true;             }          });          SSLContext context = null;         if (trustManagers == null) {             trustManagers = new TrustManager[]{new HttpsTrustManager()};         }          try {             context = SSLContext.getInstance("TLS");             context.init(null, trustManagers, new SecureRandom());         } catch (NoSuchAlgorithmException e) {             e.printStackTrace();         } catch (KeyManagementException e) {             e.printStackTrace();         }          HttpsURLConnection.setDefaultSSLSocketFactory(context                 .getSocketFactory());     }  } 

2.Add HttpsTrustManager.allowAllSSL() before you make a https request:

HttpsTrustManager.allowAllSSL(); String  tag_string_req = "string_req"; StringRequest strReq = new StringRequest(Request.Method.POST,         your_https_url, new Response.Listener<String>() {     @Override     public void onResponse(String response) {         Log.d(TAG, "response :"+response);     } }, new Response.ErrorListener() {     @Override     public void onErrorResponse(VolleyError error) {         VolleyLog.d(TAG, "Error: " + error.getMessage());     } }){     @Override     protected Map<String, String> getParams() {         Map<String, String> params = new HashMap<String, String>();         params.put("username", "max");         params.put("password", "123456");         return params;     } }; AppController.getInstance().addToRequestQueue(strReq, tag_string_req); 

Answer 2

you can add this class and execut it from onCreate method

new NukeSSLCerts().nuke(); 

it will make volley to Trust all SSL certificates.