Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

way to Ignore ssl certificate using HttpsURLConnection

I use two approaches to try to consumes HTTPS URL:

The old deprecated and return response with the right values.

Here is the code it didn't need ignore ssl certificate it ignore it by itself or may use other technique:

  public String newApiPost(String url,String p1,String p2,String p3){

    HttpClient httpClient = new DefaultHttpClient();
    // replace with your url
    HttpPost httpPost = new HttpPost(url);

    //Post Data
    List<NameValuePair> nameValuePair = new ArrayList<NameValuePair>
    ();
    nameValuePair.add(new BasicNameValuePair("cliend_id",p1));
    nameValuePair.add(new BasicNameValuePair("client_secret", p2));
    nameValuePair.add(new BasicNameValuePair("key",p3));


    //Encoding POST data
    try {
        httpPost.setEntity(new UrlEncodedFormEntity(nameValuePair));
     } catch (UnsupportedEncodingException e) {
        // log exception
        e.printStackTrace();
    }

    //making POST request.
    try {
        HttpResponse response = httpClient.execute(httpPost);
        HttpEntity httpEntity = response.getEntity();
          String   result = EntityUtils.toString(httpEntity,     
      HTTP.UTF_8);
       Log.d("response", result);

        // write response to log
        Log.d("zzuu", result.toString());
    } catch (ClientProtocolException e) {
        // Log exception
        e.printStackTrace();
    } catch (IOException e) {
        // Log exception
        e.printStackTrace();
        Log.d("dddfg", e.toString());

    }catch (Exception e){
        Log.d("dddfg", e.toString());

    }

    return "";
 }

Then I used un-deprecated method HttpsUrlConnections which need ignore ssl certificate I use many way but didn't work:

   public void sendNew (String urls,String paramValue1,String   
        paramValue2,String paramValue3){
    URL url = null;
    BufferedReader reader = null;
    StringBuilder stringBuilder;
    String data="";

    try {
        url = new URL(urls);
     HttpsURLConnection conn = (HttpsURLConnection)  
     url.openConnection();

         conn.setReadTimeout(10000);
    conn.setConnectTimeout(15000);
        conn.setRequestMethod("POST");
    conn.setRequestProperty("Content-Type", "application/x-www-form- 
     urlencoded");
    conn.setRequestProperty("charset", "utf-8");
    conn.setDoInput(true);
       conn.setDoOutput(true);
    Uri.Builder builder = new Uri.Builder()
            .appendQueryParameter("cliend_id", paramValue1)
            .appendQueryParameter("client_secret", paramValue2)
            .appendQueryParameter("apikey", paramValue3);
    String query = builder.build().getEncodedQuery();

    OutputStream os = conn.getOutputStream();
    BufferedWriter writer = new BufferedWriter(
            new OutputStreamWriter(os, "UTF-8"));
    writer.write(query);
    writer.flush();
    writer.close();
    os.close();

    conn.connect();

         reader = new BufferedReader(new   
         InputStreamReader(conn.getErrorStream()));
        stringBuilder = new StringBuilder();

        String line = null;
        while ((line = reader.readLine()) != null)
        {
            stringBuilder.append(line + "\n");

        }
        data= stringBuilder.toString();
        Log.d("zzuu", data);

    } catch (MalformedURLException e) {
    e.printStackTrace();
   } catch (ProtocolException e) {
        e.printStackTrace();
        Log.d("dddfg", e.toString());

    } catch (IOException e) {
        e.printStackTrace();
        Log.d("dddfg", e.toString());

    }catch (Exception e){
        Log.d("dddfg", e.toString());

    }
}

It responds with this error:

10-12 17:06:06.135  16052-16075/  W/System.err﹕ java.io.IOException: Hostname 'xxxxxxxx' was not verified
10-12 17:06:06.139  16052-16075/  W/System.err﹕ at libcore.net.http.HttpConnection.verifySecureSocketHostname(HttpConnection.java:223)
10-12 17:06:06.139  16052-16075/  W/System.err﹕ at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:446)
10-12 17:06:06.139  16052-16075/  W/System.err﹕ at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290)
10-12 17:06:06.170  16052-16075/  W/System.err﹕ at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240)
10-12 17:06:06.171  16052-16075/  W/System.err﹕ at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:292)
10-12 17:06:06.175  16052-16075/ W/System.err﹕ at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:185)
10-12 17:06:06.175  16052-16075/  W/System.err﹕ at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:271)
10-12 17:06:06.176  16052-16075/  W/System.err﹕ at ubicall.sand.ubicall.helper.JSONParser.method(JSONParser.java:422)
10-12 17:06:06.177  16052-16075/  W/System.err﹕ at ubicall.sand.ubicall.activity.SplashActivity$Access.doInBackground(SplashActivity.java:111)
10-12 17:06:06.177  16052-16075/  W/System.err﹕ at ubicall.sand.ubicall.activity.SplashActivity$Access.doInBackground(SplashActivity.java:106)
10-12 17:06:06.177  16052-16075/  W/System.err﹕ at android.os.AsyncTask$2.call(AsyncTask.java:287)

I didn't understand when problem exactly it work good in restclient and postman the data send in body of url using post method then I discover that I need ignore ssl certificate when using HttpsURLConnection but I try many way to ignore but didn't work

   I use 

       private void trustEveryone() {
       try {
         HttpsURLConnection.setDefaultHostnameVerifier(new 
        HostnameVerifier(){
            public boolean verify(String hostname, SSLSession session) 
     {
                 return true;
              }});
           SSLContext context = SSLContext.getInstance("TLS");
          context.init(null, new X509TrustManager[]{new 
        X509TrustManager(){
            public void checkClientTrusted(X509Certificate[] chain,
                                           String authType) throws 
                 CertificateException {}
            public void checkServerTrusted(X509Certificate[] chain,
                                           String authType) throws 
          CertificateException {}
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }}}, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(
                context.getSocketFactory());
      } catch (Exception e) { // should never happen
        e.printStackTrace();
      }
   }
like image 906
androidAhmed Avatar asked Oct 12 '15 15:10

androidAhmed


People also ask

How do I ignore SSL certificate in curl?

You need to pass the -k or --insecure option to the curl command. This option explicitly allows curl to perform “insecure” SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default.


1 Answers

From your logcat information, I think you should read the following links:

  1. HostnameVerifier

    It is to be used during a handshake if the URL's hostname does not match the peer's identification hostname.

  2. Common Problems with Hostname Verification

    One reason this can happen is due to a server configuration error. The server is configured with a certificate that does not have a subject or subject alternative name fields that match the server you are trying to reach...

Then, you can refer to my answer to the following question:

OkHttp trusting certificate


EDIT: Relating to your idea 'ignore ssl', you can try the following (however, it's said that this is not recommended):

public class HttpsTrustManager implements X509TrustManager {
    private static TrustManager[] trustManagers;
    private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};

    @Override
    public void checkClientTrusted(
            X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    @Override
    public void checkServerTrusted(
            X509Certificate[] x509Certificates, String s)
            throws java.security.cert.CertificateException {

    }

    public boolean isClientTrusted(X509Certificate[] chain) {
        return true;
    }

    public boolean isServerTrusted(X509Certificate[] chain) {
        return true;
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return _AcceptedIssuers;
    }

    public static void allowAllSSL() {
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }

        });

        SSLContext context = null;
        if (trustManagers == null) {
            trustManagers = new TrustManager[]{new HttpsTrustManager()};
        }

        try {
            context = SSLContext.getInstance("TLS");
            context.init(null, trustManagers, new SecureRandom());
        } catch (NoSuchAlgorithmException | KeyManagementException e) {
            e.printStackTrace();
        }

        HttpsURLConnection.setDefaultSSLSocketFactory(context != null ? context.getSocketFactory() : null);
    }
}

Then, in your activity, call HttpsTrustManager.allowAllSSL();

like image 139
BNK Avatar answered Oct 27 '22 06:10

BNK