Tuesday, October 16, 2012

Making https connection from Android client if your CA provider is not trusted by Android

Android does not recognize all the SSL certificate issuers. If your certificate happens to be issues by one of them or you have a self signed certificate and you want your android application to talk to the server,  the code can be a bit tricky.  Android requires a special version of the keystore.  Here are 5 steps you need to perform to make it work.

1) Download the correct version of bouncycastle. For clients running API level 8, version 1.46 works fine. It can be downloaded from  http://ftp.uasw.edu/pub/security/bouncycastle/release1.46/bcmail-jdk13-146.jar

2) Extract the certificate from the server using the following command:

echo | openssl s_client -connect server.name.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycert.pem

3) Run the following command to create the keystore

keytool -importcert -v -trustcacerts -file mycert.pem  \
-alias server.name.com -keystore mykeystore.bks \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-providerpath /path/to/your/Download/bcprov-jdk15on-146.jar  \
-storetype BKS -storepass mypass

4) Copy the file to the Android resource directory under the name res/raw/mykeystore.bks

5) Add the following code snippet in your application and have it executed before you make the https url connection.
    public void setDefaultSSL () {
        Context con = getApplicationContext() ;
        TrustManagerFactory tmf;
        try {
            tmf = TrustManagerFactory.getInstance("X509");
            KeyStore ks = KeyStore.getInstance("BKS");
            InputStream in = con.getResources().openRawResource(R.raw.mykeystore);
            ks.load(in, "mypass".toCharArray());
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, tmf.getTrustManagers(), null);
            Log.d("HTTPS", "Setting custom trust store");
        } catch (Exception e) {
            // TODO Auto-generated catch block

Once you have invoked the above code segment, you can make url connection as you normally do and you should be fine.  Here is a code snippet to do that. One point to note in this code below is that the keepAlive header. Without this, you may experience intermittent issues where the response from the call is empty.

    private String getServerContent(String url_str ) throws Exception {
        System.setProperty("http.keepAlive", "false");
        URL url = new URL(url_str);
        HttpsURLConnection urlConnection = (HttpsURLConnection) url
        InputStream ins = urlConnection.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                ins, "iso-8859-1"), 8);
        StringBuilder sb = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null) {
            sb.append(line + "\n");
        return sb.toString();



Jakko Bagci said...

“Do I get a discounted price when you do my first order?” We’ll give you a welcome discount and notify you of exclusive offers whenever they are available after that. So, using our home service for all your paper writing needs can save you a ton of cash.

koe61831 said...

Great opportunities if you plow like a horse, but I am confident in my assistant, on nursing care plan help they do any written work, the texts are written so high quality, all the more competently and quickly

Diasy Martin said...

Once the aforementioned code segment has been executed, you can connect to urls as usual and everything should be alright. Here is some code to accomplish it i have also seen this type of post when i see logo like [url=https://www.uklogodesigns.co.uk/]Logo Design Company[/url].

Tomasik said...

Best platform 1depositcasinouk.com come in and win

Maxwell Lord said...

As well as we need to connect a strong SSL connection for our android software; otherwise, it will be destroyed or harmful in many places. Also, it affects us with the data leak of our credentials. This connection also gives protects me while I take my online course for me to accomplish my work.

LasseNielsen said...

I have no idea how this company managed to do this research paper so quickly and professionally. But the result is magnificent. Well-structured, brilliantly written and with all the elements I asked for. I am already filling out my next order from best ghostwriter service.

Cmolds Creativity said...

Cmolds is a leading provider of top app development services, offering innovative and tailored solutions to businesses and individuals. With their expertise and commitment to excellence, they deliver high-quality mobile applications that drive success and exceed expectations.

Faucetsounds Music App said...

Faucetsounds is a cutting-edge music app that allows you to capture, curate, and customize your favorite music sets, providing an immersive and personalized listening experience. Dive into the world of music with Faucet app and unleash your creativity in creating and sharing customized playlists.

williamsdavid said...

Unlock seamless Ocean Freight Carriers logistics solutions for the digital age with our cutting-edge services. Partner with us to streamline your supply chain, integrating technology for optimal efficiency. Elevate your business with our IT-centric logistics expertise.