Tuesday, October 16, 2012

Making https connection from Android client if your CA provider is not trusted by Android

Android does not recognize all the SSL certificate issuers. If your certificate happens to be issues by one of them or you have a self signed certificate and you want your android application to talk to the server,  the code can be a bit tricky.  Android requires a special version of the keystore.  Here are 5 steps you need to perform to make it work.

1) Download the correct version of bouncycastle. For clients running API level 8, version 1.46 works fine. It can be downloaded from  http://ftp.uasw.edu/pub/security/bouncycastle/release1.46/bcmail-jdk13-146.jar

2) Extract the certificate from the server using the following command:

echo | openssl s_client -connect server.name.com:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycert.pem

3) Run the following command to create the keystore

keytool -importcert -v -trustcacerts -file mycert.pem  \
-alias server.name.com -keystore mykeystore.bks \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-providerpath /path/to/your/Download/bcprov-jdk15on-146.jar  \
-storetype BKS -storepass mypass

4) Copy the file to the Android resource directory under the name res/raw/mykeystore.bks

5) Add the following code snippet in your application and have it executed before you make the https url connection.
    public void setDefaultSSL () {
        Context con = getApplicationContext() ;
        TrustManagerFactory tmf;
        try {
            tmf = TrustManagerFactory.getInstance("X509");
            KeyStore ks = KeyStore.getInstance("BKS");
            InputStream in = con.getResources().openRawResource(R.raw.mykeystore);
            ks.load(in, "mypass".toCharArray());
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, tmf.getTrustManagers(), null);
            Log.d("HTTPS", "Setting custom trust store");
        } catch (Exception e) {
            // TODO Auto-generated catch block

Once you have invoked the above code segment, you can make url connection as you normally do and you should be fine.  Here is a code snippet to do that. One point to note in this code below is that the keepAlive header. Without this, you may experience intermittent issues where the response from the call is empty.

    private String getServerContent(String url_str ) throws Exception {
        System.setProperty("http.keepAlive", "false");
        URL url = new URL(url_str);
        HttpsURLConnection urlConnection = (HttpsURLConnection) url
        InputStream ins = urlConnection.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(
                ins, "iso-8859-1"), 8);
        StringBuilder sb = new StringBuilder();
        String line = null;
        while ((line = reader.readLine()) != null) {
            sb.append(line + "\n");
        return sb.toString();



Theo Sanders said...

“Do I get a discounted price when you do my first order?” We’ll give you a welcome discount and notify you of exclusive offers whenever they are available after that. So, using our home service for all your paper writing needs can save you a ton of cash.

mike buxter said...

The company's specialists https://essaykeeper.com/ know how many pages should be in a term paper, how to check the originality of a term paper. Themes of term papers can be selected by our authors, which will be relevant to the subject. After choosing the topic of work, you need to approve the plan for future coursework. All this will be done at the highest level!

koe61831 said...

Great opportunities if you plow like a horse, but I am confident in my assistant, on nursing care plan help they do any written work, the texts are written so high quality, all the more competently and quickly

Diasy Martin said...

Once the aforementioned code segment has been executed, you can connect to urls as usual and everything should be alright. Here is some code to accomplish it i have also seen this type of post when i see logo like [url=https://www.uklogodesigns.co.uk/]Logo Design Company[/url].

Tomasik said...

Best platform 1depositcasinouk.com come in and win

Maxwell Lord said...

As well as we need to connect a strong SSL connection for our android software; otherwise, it will be destroyed or harmful in many places. Also, it affects us with the data leak of our credentials. This connection also gives protects me while I take my online course for me to accomplish my work.

LasseNielsen said...

I have no idea how this company managed to do this research paper so quickly and professionally. But the result is magnificent. Well-structured, brilliantly written and with all the elements I asked for. I am already filling out my next order from best ghostwriter service.