Hello Android Developers,
We had received mail regarding “You are using an unsafe implementation of
X509TrustManagfer”.
To resolve this issue we have applied solution from
*http://transoceanic.blogspot.in/2011/11/android-import-ssl-certificate-and-use.html
<http://transoceanic.blogspot.in/2011/11/android-import-ssl-certificate-and-use.html>*
Here we have generated *new BKS key store* and pass this Key Store
SSLSocketFactory. This Factory is responsible for verification of Server
certificate. We have already existing Keystore but it is not in .BKS
formate . That’s why we have created new one for specially HTTPS call.
Please find attachment to review code.
Can you please check and confirm that with this solution our application
would be safe?
Let us know if you have any other best solution.
Thanks,
Dev Concept
--
You received this message because you are subscribed to the Google Groups
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/android-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-developers/327010f2-d87c-4bd6-9886-089d4e086682%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DefaultHttpClient sslClient = new MyHttpClient(StartupActivity.activity);
public class MyHttpClient extends DefaultHttpClient {
final Context context;
public MyHttpClient(Context context) {
this.context = context;
}
@Override
protected ClientConnectionManager
createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory
.getSocketFactory(), 80));
// Register for port 443 our SSLSocketFactory with our
keystore
// to the ConnectionManager
registry.register(new Scheme("https",
newSslSocketFactory(), 443));
return new SingleClientConnManager(getParams(),
registry);
}
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle
KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the
keystore with
// your trusted certificates (root and any
intermediate certs)
InputStream in =
context.getResources().openRawResource(
R.raw.mykeystore);
try {
// Initialize the keystore with the
provided trusted
// certificates
// Also provide the password of the
keystore
trusted.load(in,
"keystore_password".toCharArray());
} finally {
in.close();
}
// Pass the keystore to the SSLSocketFactory.
The factory is
// responsible
// for the verification of the server
certificate.
SSLSocketFactory sf = new
SSLSocketFactory(trusted);
// Hostname verification from certificate
//
http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
}
