Https Connection Android

Question

I am doing a https post and I m getting an exception of ssl exception Not trusted server certificate  If i do normal http it is working perfectly fine  Do I have to accept the server certificate somehow

User · Answer

Any of this answers didn t work for me so here is code which trust any certificates   import java io IOException       import java net Socket      import java security KeyManagementException      import java security KeyStoreException      import java security NoSuchAlgorithmException      import java security UnrecoverableKeyException      import java security cert CertificateException      import java security cert X509Certificate       import javax net ssl SSLContext      import javax net ssl TrustManager      import javax net ssl X509TrustManager       import org apache http client ClientProtocolException      import org apache http client HttpClient      import org apache http client methods HttpPost      import org apache http conn scheme PlainSocketFactory      import org apache http conn scheme Scheme      import org apache http conn scheme SchemeRegistry      import org apache http conn ssl SSLSocketFactory      import org apache http conn ssl X509HostnameVerifier      import org apache http impl client DefaultHttpClient      import org apache http impl conn tsccm ThreadSafeClientConnManager      import org apache http params BasicHttpParams  import org apache http params HttpConnectionParams  import org apache http params HttpParams       public class HttpsClientBuilder           public static DefaultHttpClient getBelieverHttpsClient                  DefaultHttpClient client   null               SchemeRegistry Current Scheme   new SchemeRegistry                Current Scheme register new Scheme  http   PlainSocketFactory getSocketFactory    80                try                   Current Scheme register new Scheme  https   new Naive SSLSocketFactory    8443                  catch  KeyManagementException e                       TODO Auto-generated catch block                 e printStackTrace                  catch  UnrecoverableKeyException e                       TODO Auto-generated catch block                 e printStackTrace                  catch  NoSuchAlgorithmException e                       TODO Auto-generated catch block                 e printStackTrace                  catch  KeyStoreException e                       TODO Auto-generated catch block                 e printStackTrace                              HttpParams Current Params   new BasicHttpParams                int timeoutConnection   8000              HttpConnectionParams setConnectionTimeout Current Params  timeoutConnection               int timeoutSocket   10000              HttpConnectionParams setSoTimeout Current Params  timeoutSocket               ThreadSafeClientConnManager Current Manager   new ThreadSafeClientConnManager Current Params  Current Scheme               client   new DefaultHttpClient Current Manager  Current Params                 HttpPost httpPost   new HttpPost url                 client execute httpPost             return client                  public static class Naive SSLSocketFactory extends SSLSocketFactory               protected SSLContext Cur SSL Context   SSLContext getInstance  TLS             public Naive SSLSocketFactory                    throws NoSuchAlgorithmException  KeyManagementException                  KeyStoreException  UnrecoverableKeyException                       super null  null  null  null  null   X509HostnameVerifier null               Cur SSL Context init null  new TrustManager     new X509 Trust Manager      null                       Override         public Socket createSocket Socket socket  String host  int port                  boolean autoClose  throws IOException                       return Cur SSL Context getSocketFactory   createSocket socket  host  port  autoClose                       Override         public Socket createSocket   throws IOException                       return Cur SSL Context getSocketFactory   createSocket                         private static class X509 Trust Manager implements X509TrustManager                public void checkClientTrusted X509Certificate   chain  String authType                  throws CertificateException                  TODO Auto-generated method stub                     public void checkServerTrusted X509Certificate   chain  String authType                  throws CertificateException                  TODO Auto-generated method stub                     public X509Certificate   getAcceptedIssuers                    TODO Auto-generated method stub             return null

User · Answer

Just use this method as your HTTPClient   public static  HttpClient getNewHttpClient         try           KeyStore trustStore   KeyStore getInstance KeyStore getDefaultType             trustStore load null  null            SSLSocketFactory sf   new MySSLSocketFactory trustStore           sf setHostnameVerifier SSLSocketFactory ALLOW ALL HOSTNAME VERIFIER            HttpParams params   new BasicHttpParams            HttpProtocolParams setVersion params  HttpVersion HTTP 1 1           HttpProtocolParams setContentCharset params  HTTP UTF 8            SchemeRegistry registry   new SchemeRegistry            registry register new Scheme  http   PlainSocketFactory getSocketFactory    80            registry register new Scheme  https   sf  443             ClientConnectionManager ccm   new ThreadSafeClientConnManager params  registry            return new DefaultHttpClient ccm  params         catch  Exception e            return new DefaultHttpClient

User · Answer

This is a known problem with Android 2 x  I was struggling with this problem for a week until I came across the following question  which not only gives a good background of the problem but also provides a working and effective solution devoid of any security holes     39 No peer certificate  39  error in Android 2 3 but NOT in 4

User · Answer

http   madurangasblogs blogspot in 2013 08 avoiding-javaxnetsslsslpeerunverifiedex html  Courtesy Maduranga   When developing an application that uses https  your test server doesn t have a valid SSL certificate  Or sometimes the web site is using a self-signed certificate or the web site is using free SSL certificate  So if you try to connect to the server using Apache HttpClient  you will get a exception telling that the  peer not authenticated   Though it is not a good practice to trust all the certificates in a production software  you may have to do so according to the situation  This solution resolves the exception caused by  peer not authenticated    But before we go to the solution  I must warn you that this is not a good idea for a production application  This will violate the purpose of using a security certificate  So unless you have a good reason or if you are sure that this will not cause any problem  don t use this solution   Normally you create a HttpClient like this   HttpClient httpclient   new DefaultHttpClient     But you have to change the way you create the HttpClient   First you have to create a class extending org apache http conn ssl SSLSocketFactory   import org apache http conn ssl SSLSocketFactory  import java io IOException  import java net Socket  import java net UnknownHostException  import java security KeyManagementException  import java security KeyStore  import java security KeyStoreException  import java security NoSuchAlgorithmException  import java security UnrecoverableKeyException  import java security cert CertificateException  import java security cert X509Certificate   import javax net ssl SSLContext  import javax net ssl TrustManager  import javax net ssl X509TrustManager   public class MySSLSocketFactory extends SSLSocketFactory            SSLContext sslContext   SSLContext getInstance  TLS         public MySSLSocketFactory KeyStore truststore  throws NoSuchAlgorithmException  KeyManagementException  KeyStoreException  UnrecoverableKeyException           super truststore            TrustManager tm   new X509TrustManager                 public void checkClientTrusted X509Certificate   chain  String authType  throws CertificateException                              public void checkServerTrusted X509Certificate   chain  String authType  throws CertificateException                              public X509Certificate   getAcceptedIssuers                     return null                                    sslContext init null  new TrustManager     tm    null               Override     public Socket createSocket Socket socket  String host  int port  boolean autoClose  throws IOException  UnknownHostException           return sslContext getSocketFactory   createSocket socket  host  port  autoClose               Override     public Socket createSocket   throws IOException           return sslContext getSocketFactory   createSocket              Then create a method like this   public HttpClient getNewHttpClient          try            KeyStore trustStore   KeyStore getInstance KeyStore getDefaultType              trustStore load null  null             SSLSocketFactory sf   new MySSLSocketFactory trustStore            sf setHostnameVerifier SSLSocketFactory ALLOW ALL HOSTNAME VERIFIER             HttpParams params   new BasicHttpParams             HttpProtocolParams setVersion params  HttpVersion HTTP 1 1            HttpProtocolParams setContentCharset params  HTTP UTF 8             SchemeRegistry registry   new SchemeRegistry             registry register new Scheme  http   PlainSocketFactory getSocketFactory    80             registry register new Scheme  https   sf  443              ClientConnectionManager ccm   new ThreadSafeClientConnManager params  registry             return new DefaultHttpClient ccm  params          catch  Exception e             return new DefaultHttpClient               Then you can create the HttpClient   HttpClient httpclient   getNewHttpClient     If you are trying to send a post request to a login page the rest of the code would be like this   private URI url   new URI  url of the action of the form    HttpPost httppost    new HttpPost url   List lt NameValuePair gt  nameValuePairs   new ArrayList lt NameValuePair gt       nameValuePairs add new BasicNameValuePair  username    user       nameValuePairs add new BasicNameValuePair  password    password     try       httppost setEntity new UrlEncodedFormEntity nameValuePairs        HttpResponse response   httpclient execute httppost       HttpEntity entity   response getEntity        InputStream is   entity getContent      catch  UnsupportedEncodingException e           TODO Auto-generated catch block     e printStackTrace      catch  ClientProtocolException e           TODO Auto-generated catch block     e printStackTrace      catch  IOException e           TODO Auto-generated catch block     e printStackTrace        You get the html page to the InputStream  Then you can do whatever you want with the returned html page   But here you will face a problem  If you want to manage a session using cookies  you will not be able to do it with this method  If you want to get the cookies  you will have to do it via a browser  Then only you will receive cookies

User · Answer

I m making a guess  but if you want an actual handshake to occur  you have to let android know of your certificate   If you want to just accept no matter what  then use this pseudo-code to get what you need with the Apache HTTP Client   SchemeRegistry schemeRegistry   new SchemeRegistry      schemeRegistry register  new Scheme   http       PlainSocketFactory getSocketFactory     80    schemeRegistry register  new Scheme   https       new CustomSSLSocketFactory     443     ThreadSafeClientConnManager cm   new ThreadSafeClientConnManager       params  schemeRegistry     return new DefaultHttpClient  cm  params     CustomSSLSocketFactory   public class CustomSSLSocketFactory extends org apache http conn ssl SSLSocketFactory   private SSLSocketFactory FACTORY   HttpsURLConnection getDefaultSSLSocketFactory      public CustomSSLSocketFactory              super null       try                   SSLContext context   SSLContext getInstance   TLS            TrustManager   tm   new TrustManager     new FullX509TrustManager               context init  null  tm  new SecureRandom               FACTORY   context getSocketFactory                   catch  Exception e                    e printStackTrace                     public Socket createSocket   throws IOException       return FACTORY createSocket           TODO  add other methods like createSocket   and getDefaultCipherSuites        Hint  they all just make a call to member FACTORY      FullX509TrustManager is a class that implements javax net ssl X509TrustManager  yet none of the methods actually perform any work  get a sample here   Good Luck

User · Answer

I don t know about the Android specifics for ssl certificates  but it would make sense that Android won t accept a self signed ssl certificate off the bat  I found this post from android forums which seems to be addressing the same issue  http   androidforums com android-applications 950-imap-self-signed-ssl-certificates html

User · Answer

Probably you can try something like this  This helped me      SslContextFactory sec   new SslContextFactory        sec setValidateCerts false       sec setTrustAll true        org eclipse jetty websocket client WebSocketClient client   new WebSocketClient sec

User · Answer

If you are using a StartSSL or Thawte certificate  it will fail for Froyo and older versions  You can use a newer version s CAcert repository instead of trusting every certificate

User · Answer

This is what I am doing  It simply doesn t check the certificate anymore      always verify the host - dont check for certificate final static HostnameVerifier DO NOT VERIFY   new HostnameVerifier         public boolean verify String hostname  SSLSession session            return true                   Trust every server - dont check for any certificate     private static void trustAllHosts            Create a trust manager that does not validate certificate chains     TrustManager   trustAllCerts   new TrustManager     new X509TrustManager             public java security cert X509Certificate   getAcceptedIssuers                 return new java security cert X509Certificate                          public void checkClientTrusted X509Certificate   chain                  String authType  throws CertificateException                      public void checkServerTrusted X509Certificate   chain                  String authType  throws CertificateException                              Install the all-trusting trust manager     try           SSLContext sc   SSLContext getInstance  TLS            sc init null  trustAllCerts  new java security SecureRandom             HttpsURLConnection                  setDefaultSSLSocketFactory sc getSocketFactory           catch  Exception e            e printStackTrace              and      HttpURLConnection http   null       if  url getProtocol   toLowerCase   equals  https              trustAllHosts            HttpsURLConnection https    HttpsURLConnection  url openConnection            https setHostnameVerifier DO NOT VERIFY           http   https        else           http    HttpURLConnection  url openConnection

User · Answer

For some reason the solution mentioned for httpClient above didn t worked for me  At the end I was able to make it work by correctly overriding the method when implementing the custom SSLSocketFactory class    Override public Socket createSocket Socket socket  String host  int port  boolean autoClose                                 throws IOException  UnknownHostException            return sslFactory createSocket socket  host  port  autoClose       Override public Socket createSocket   throws IOException       return sslFactory createSocket        This is how it worked perfectly for me  You can see the full custom class and implementing on the following thread  http   blog syedgakbar com 2012 07 21 android-https-and-not-trusted-server-certificate-error

User · Answer

Sources that helped me get to work with my self signed certificate on my AWS Apache server and connect with HttpsURLConnection from android device  SSL on aws instance - amazon tutorial on ssl Android Security with HTTPS and SSL - creating your own trust manager on client for accepting your certificate Creating self signed certificate - easy script for creating your certificates  Then I did the following    Made sure the server supports https  sudo yum install -y mod24 ssl  Put this script in a file create my certs sh        bin bash FQDN  1    make directories to work from mkdir -p server  client  all     Create your very own Root Certificate Authority openssl genrsa     -out all my-private-root-ca privkey pem     2048    Self-sign your Root Certificate Authority   Since this is private  the details can be as bogus as you like openssl req     -x509     -new     -nodes     -key all my-private-root-ca privkey pem     -days 1024     -out all my-private-root-ca cert pem     -subj   C US ST Utah L Provo O ACME Signing Authority Inc CN example com     Create a Device Certificate for each domain    such as example com    example com  awesome example com   NOTE  You MUST match CN to the domain name or ip address you want to use openssl genrsa     -out all privkey pem     2048    Create a request from your Device  which your Root CA will sign openssl req -new     -key all privkey pem     -out all csr pem     -subj   C US ST Utah L Provo O ACME Tech Inc CN   FQDN      Sign the request from Device with your Root CA openssl x509     -req -in all csr pem     -CA all my-private-root-ca cert pem     -CAkey all my-private-root-ca privkey pem     -CAcreateserial     -out all cert pem     -days 500    Put things in their proper place rsync -a all  privkey cert  pem server  cat all cert pem  gt  server fullchain pem           we have no intermediates in this case rsync -a all my-private-root-ca cert pem server  rsync -a all my-private-root-ca cert pem client      Run bash create my certs sh yourdomain com Place the certificates in their proper place on the server  you can find configuration in  etc httpd conf d ssl conf   All these should be set  SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile SSLCACertificateFile Restart httpd using sudo service httpd restart and make sure httpd started  Stopping httpd     OK    Starting httpd     OK    Copy my-private-root-ca cert to your android project assets folder Create your trust manager   SSLContext SSLContext   CertificateFactory cf   CertificateFactory getInstance  X 509              InputStream caInput   context getAssets   open  my-private-root-ca cert pem              Certificate ca            try               ca   cf generateCertificate caInput               finally               caInput close                      Create a KeyStore containing our trusted CAs   String keyStoreType   KeyStore getDefaultType      KeyStore keyStore   KeyStore getInstance keyStoreType     keyStore load null  null     keyStore setCertificateEntry  ca   ca         Create a TrustManager that trusts the CAs in our KeyStore   String tmfAlgorithm   TrustManagerFactory getDefaultAlgorithm      TrustManagerFactory tmf   TrustManagerFactory getInstance tmfAlgorithm     tmf init keyStore         Create an SSLContext that uses our TrustManager   SSLContext   SSLContext getInstance  TLS      SSSLContext init null  tmf getTrustManagers    null    And make the connection using HttpsURLConnection   HttpsURLConnection connection    HttpsURLConnection  url openConnection    connection setSSLSocketFactory SSLContext getSocketFactory     Thats it  try your https connection

User · Answer

None of these worked for me  aggravated by the Thawte bug as well   Eventually I got it fixed with Self-signed SSL acceptance on Android and Custom SSL handling stopped working on Android 2 2 FroYo

User · Answer

While trying to answer this question I found a better tutorial   With it you don t have to compromise the certificate check   http   blog crazybob org 2010 02 android-trusting-ssl-certificates html   I did not write this but thanks to Bob Lee for the work

User · Answer

I make this class and found  package com example fakessl   import java security KeyManagementException  import java security NoSuchAlgorithmException  import java security SecureRandom  import java security cert CertificateException  import java security cert X509Certificate   import javax net ssl HostnameVerifier  import javax net ssl SSLSession  import javax net ssl TrustManager   import android util Log   public class CertificadoAceptar       private static TrustManager   trustManagers       public static class  FakeX509TrustManager implements             javax net ssl X509TrustManager           private static final X509Certificate    AcceptedIssuers   new X509Certificate                public void checkClientTrusted X509Certificate   arg0  String arg1                  throws CertificateException                      public void checkServerTrusted X509Certificate   arg0  String arg1                  throws CertificateException                      public boolean isClientTrusted X509Certificate   chain                return  true                      public boolean isServerTrusted X509Certificate   chain                return  true                      public X509Certificate   getAcceptedIssuers                 return   AcceptedIssuers                        public static void allowAllSSL              javax net ssl HttpsURLConnection                  setDefaultHostnameVerifier new HostnameVerifier                         public boolean verify String hostname  SSLSession session                            return true                                                     javax net ssl SSLContext context   null           if  trustManagers    null                trustManagers   new javax net ssl TrustManager     new  FakeX509TrustManager                         try               context   javax net ssl SSLContext getInstance  TLS                context init null  trustManagers  new SecureRandom               catch  NoSuchAlgorithmException e                Log e  allowAllSSL   e toString               catch  KeyManagementException e                Log e  allowAllSSL   e toString                       javax net ssl HttpsURLConnection setDefaultSSLSocketFactory context                  getSocketFactory               in you code white this  CertificadoAceptar ca   new CertificadoAceptar    ca allowAllSSL    HttpsTransportSE Transport   new HttpsTransportSE  iphost or host name   8080    WS wsexample asmx WSDL   30000

User · Answer

You can also look at my blog article  very similar to crazybobs   This solution also doesn t compromise certificate checking and explains how to add the trusted certs in your own keystore   http   blog antoine li index php 2010 10 android-trusting-ssl-certificates

[java] Https Connection Android

Examples related to java

Examples related to android

Examples related to ssl