[android-developers] Re: Yet another HTTPS problem with HttpClient in Android SDK v1.0r1

Wed, 05 Nov 2008 00:02:58 -0800 

Yes that's what I see everywhere. but, i can't change my API or
cartificate...
So I'm destine to search & search solution...

I try to put a certificate in keystore, and to load it from my app.
but i have an IOexception : Wrong verion of Key Store.
I really don't understand.

Source :
KeyStore trustStore  =
KeyStore.getInstance(KeyStore.getDefaultType());//
KeyStore.getDefaultType()
FileInputStream in =  new FileInputStream(new File("data/data/
com.alu.myic.android/my.trustore3"));
try {
      trustStore.load(in, "coucou".toCharArray());
} finally {
      in.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", socketFactory, 443));


regards,
SC

On 4 nov, 10:09, "Guillaume Perrot" <[EMAIL PROTECTED]> wrote:
> We have a trusted one at our software company which is working but I wanted
> to add an option to trust self signed certificate in the application.
> I still don't have a solution for that, except using URLConnection API which
> works well with the AllowAllHostnameVerifier. The problem is with the
> HTTPClient API.
>
> 2008/11/4 [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>
>
>
> > have you success your https connection?
> > I don't know how to do with the not trusted certificate.
>
> > thx
>
> > On 23 oct, 09:23, Guillaume Perrot <[EMAIL PROTECTED]> wrote:
> > > Caused by:
> > > java.security.cert.CertPathValidatorException: TrustAnchor for
> > > CertPath not found.
>
> > > On 23 oct, 10:20, "Guillaume Perrot" <[EMAIL PROTECTED]> wrote:
>
> > > > Yes I had, though it's not in my sample code.
> > > > The verification that fails is not the hostname, but later when
> > checking the
> > > > certificate.
> > > > And I didn't find a class such as "AllowAllSelfSignedCertificates".
>
> > > > 2008/10/23 Sean Sullivan <[EMAIL PROTECTED]>
>
> > > > > Have you tried using
> > > > > org.apache.http.conn.ssl.AllowAllHostnameVerifier ?
>
> >http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/module-c...
>
> > > > > Sean
>
> > > > > On Oct 17, 7:07 am, Guillaume Perrot <[EMAIL PROTECTED]>
> > wrote:
> > > > > > On android 1.0 I tried to connect to myhttpsserver which uses a
> > self-
> > > > > > signed certificate:
> > > > > > Here is my code, which uses a custom hostname verifier:
> > > > > > /* Create and initialize HTTP parameters */
> > > > > >     HttpParams params = new BasicHttpParams();
> > > > > >     ConnManagerParams.setMaxTotalConnections(params, 2);
> > > > > >     HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
>
> > > > > >     /* Create and initialize scheme registry */
> > > > > >     SchemeRegistry schemeRegistry = new SchemeRegistry();
> > > > > >     schemeRegistry.register(new Scheme("http", PlainSocketFactory
> > > > > >       .getSocketFactory(), 80));
> > > > > >     SSLSocketFactory sslSocketFactory =
> > > > > > SSLSocketFactory.getSocketFactory();
> > > > > >     sslSocketFactory.setHostnameVerifier(new X509HostnameVerifier()
> > > > > >     {
> > > > > >       @Override
> > > > > >       public boolean verify(String host, SSLSession session)
> > > > > >       {
> > > > > >         return true;
> > > > > >       }
>
> > > > > >       @Override
> > > > > >       public void verify(String host, SSLSocket ssl) throws
> > > > > > IOException
> > > > > >       {
> > > > > >         /* Nothing to do */
> > > > > >       }
>
> > > > > >       @Override
> > > > > >       public void verify(String host, X509Certificate cert) throws
> > > > > > SSLException
> > > > > >       {
> > > > > >         /* Nothing to do */
> > > > > >       }
>
> > > > > >       @Override
> > > > > >       public void verify(String host, String[] cns, String[]
> > > > > > subjectAlts)
> > > > > >         throws SSLException
> > > > > >       {
> > > > > >         /* Nothing to do */
> > > > > >       }
> > > > > >     });
> > > > > >     schemeRegistry.register(new Scheme("https", sslSocketFactory,
> > > > > > 443));
>
> > > > > >     /* Allow multiple threads (two in our case) to access the HTTP
> > > > > > client */
> > > > > >     ClientConnectionManager cm = new
> > > > > > ThreadSafeClientConnManager(params,
> > > > > >       schemeRegistry);
> > > > > >     mHttpClient = new DefaultHttpClient(cm, params);
>
> > > > > > try
> > > > > >     {
> > > > > >       HttpGet ping = new HttpGet(mConnectionManagerURL);
> > > > > >       HttpResponse response = mHttpClient.execute(ping);
> > > > > >       HttpEntity entity = response.getEntity();
> > > > > >       if (entity != null)
> > > > > >         entity.consumeContent();
> > > > > >     }
> > > > > >     catch (IOException ioe)
> > > > > >     {
> > > > > >       ioe.printStackTrace();
> > > > > >       shutdown();
> > > > > >       throw ioe;
> > > > > >     }
> > > > > >     catch (Exception e)
> > > > > >     {
> > > > > >       e.printStackTrace();
> > > > > >       shutdown();
> > > > > >       throw new IOException(e.getMessage());
> > > > > >     }
>
> > > > > > I have the following exception in stack trace:
>
> > > > > > 10-17 13:46:23.484: ERROR/ubikim-streams(783):
> > > > > > javax.net.ssl.SSLException: Not trusted server certificate
> > > > > > 10-17 13:46:23.554: ERROR/ubikim-streams(783):     at
>
> > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
> > > > > > 353)
> > > > > > 10-17 13:46:23.654: ERROR/ubikim-streams(783):     at
> > > > > > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
> > > > > > $SSLInputStream.<init>(OpenSSLSocketImpl.java:491)
> > > > > > 10-17 13:46:23.704: ERROR/ubikim-streams(783):     at
>
> > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:
> > > > > > 432)
> > > > > > 10-17 13:46:23.784: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:
> > > > > > 93)
> > > > > > 10-17 13:46:23.844: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:
> > > > > > 83)
> > > > > > 10-17 13:46:23.894: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:
> > > > > > 170)
> > > > > > 10-17 13:46:23.944: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:
> > > > > > 106)
> > > > > > 10-17 13:46:24.035: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:
> > > > > > 129)
> > > > > > 10-17 13:46:24.085: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:
> > > > > > 136)
> > > > > > 10-17 13:46:24.135: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:
> > > > > > 164)
> > > > > > 10-17 13:46:24.185: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:
> > > > > > 119)
> > > > > > 10-17 13:46:24.275: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:
> > > > > > 348)
> > > > > > 10-17 13:46:24.325: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> > > > > > 555)
> > > > > > 10-17 13:46:24.375: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> > > > > > 487)
> > > > > > 10-17 13:46:24.425: ERROR/ubikim-streams(783):     at
>
> > org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:
> > > > > > 465)
> > > > > > 10-17 13:46:24.504: ERROR/ubikim-streams(783):     at
> > > > > > com.ubikod.smackx.bosh.BoshSession.<init>(BoshSession.java:105)
> > > > > > 10-17 13:46:24.554: ERROR/ubikim-streams(783):     at
> > > > > > com.ubikod.smackx.bosh.BoshSocket.<init>(BoshSocket.java:15)
> > > > > > 10-17 13:46:24.594: ERROR/ubikim-streams(783):     at
>
> > com.ubikod.smackx.bosh.BoshSocketFactory.createSocket(BoshSocketFactory.java:
> > > > > > 27)
> > > > > > 10-17 13:46:24.644: ERROR/ubikim-streams(783):     at
>
> > org.jivesoftware.smack.XMPPConnection.connectUsingConfiguration(XMPPConnection.java:
> > > > > > 818)
> > > > > > 10-17 13:46:24.734: ERROR/ubikim-streams(783):     at
> > > > > > org.jivesoftware.smack.XMPPConnection.connect(XMPPConnection.java:
> > > > > > 1276)
> > > > > > 10-17 13:46:24.774: ERROR/ubikim-streams(783):     at
> > > > > > com.ubikod.android.ubikim.service.UbikIMService
> > > > > > $1.run(UbikIMService.java:476)
> > > > > > 10-17 13:46:24.844: ERROR/ubikim-streams(783): Caused by:
> > > > > > java.security.cert.CertificateException:
> > > > > > java.security.cert.CertPathValidatorException: TrustAnchor for
> > > > > > CertPath not found.
> > > > > > 10-17 13:46:24.945: ERROR/ubikim-streams(783):     at
>
> > org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
> > > > > > 158)
> > > > > > 10-17 13:46:25.005: ERROR/ubikim-streams(783):     at
>
> > org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:
> > > > > > 349)
> > > > > > 10-17 13:46:25.035: ERROR/ubikim-streams(783):     ... 20 more
> > > > > > 10-17 13:46:25.095: ERROR/ubikim-streams(783): Caused by:
> > > > > > java.security.cert.CertPathValidatorException: TrustAnchor for
> > > > > > CertPath not found.
> > > > > > 10-17 13:46:25.205: ERROR/ubikim-streams(783):     at
>
> > org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:
> > > > > > 144)
> > > > > > 10-17 13:46:25.245: ERROR/ubikim-streams(783):     at
>
> > java.security.cert.CertPathValidator.validate(CertPathValidator.java:
> > > > > > 153)
> > > > > > 10-17 13:46:25.305: ERROR/ubikim-streams(783):     at
>
> > org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:
> > > > > > 154)
> > > > > > 10-17 13:46:25.335: ERROR/ubikim-streams(783):     ... 21 more
>
> > > > > > The code of my custom hostname verifier is called, but another
> > check
> > > > > > fails later and I didn't find a way to override this behavior.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to