-
-
Save erickok/7692592 to your computer and use it in GitHub Desktop.
| // Usage example... | |
| HttpsURLConnection connection = (HttpsURLConnection) new URL("https://someurl.com").openConnection(); | |
| connection.setSSLSocketFactory(buildSslSocketFactory()); | |
| private static SSLSocketFactory buildSslSocketFactory(Context context) { | |
| // Add support for self-signed (local) SSL certificates | |
| // Based on http://developer.android.com/training/articles/security-ssl.html#UnknownCa | |
| try { | |
| // Load CAs from an InputStream | |
| // (could be from a resource or ByteArrayInputStream or ...) | |
| CertificateFactory cf = CertificateFactory.getInstance("X.509"); | |
| // From https://www.washington.edu/itconnect/security/ca/load-der.crt | |
| InputStream is = context.getResources().getAssets().openAsset("somefolder/somecertificate.crt"); | |
| InputStream caInput = new BufferedInputStream(is); | |
| Certificate ca; | |
| try { | |
| ca = cf.generateCertificate(caInput); | |
| // System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); | |
| } finally { | |
| caInput.close(); | |
| } | |
| // Create a KeyStore containing our trusted CAs | |
| String keyStoreType = KeyStore.getDefaultType(); | |
| KeyStore keyStore = KeyStore.getInstance(keyStoreType); | |
| keyStore.load(null, null); | |
| keyStore.setCertificateEntry("ca", ca); | |
| // Create a TrustManager that trusts the CAs in our KeyStore | |
| String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); | |
| TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); | |
| tmf.init(keyStore); | |
| // Create an SSLContext that uses our TrustManager | |
| SSLContext context = SSLContext.getInstance("TLS"); | |
| context.init(null, tmf.getTrustManagers(), null); | |
| return context.getSocketFactory(); | |
| } catch (NoSuchAlgorithmException e) { | |
| e.printStackTrace(); | |
| } catch (KeyStoreException e) { | |
| e.printStackTrace(); | |
| } catch (KeyManagementException e) { | |
| e.printStackTrace(); | |
| } catch (CertificateException e) { | |
| e.printStackTrace(); | |
| } catch (IOException e) { | |
| e.printStackTrace(); | |
| } | |
| return null; | |
| } |
@amjadislam10 I hope you have realised this by now, but for anyone else, here you are loading your public key, if your api is only secured by the ssl keys you are doing something wrong.
@erickok what if i have CA.crt, restClient.crt and restClient.key files.... I am totally confused... :(
@erickok what if i have
CA.crt,restClient.crtandrestClient.keyfiles.... I am totally confused... :(
CA.crt is used for signing only
restClient.crt is going to loaded by function above
restclient.key is going to used by your server that your android use
In my android app, I can only see the context.getResources().getAssets().openNonAssetFd(filename) function, not openAsset(filename). This code is very helpful but I still don't know where to put the certificate into. Any directory on an android device? Thanks.
It is solved:
put the file under "app/src/main/res/raw" with a name such as "mycertificate.crt".
int identifier = context.getResources().getIdentifier("mycertificate","raw",context.getPackageName());
InputStream is = context.getResources().openRawResource(identifier);
you can also solve it by :
InputStream is = context.getResources().getAssets().open("certs_server.crt");
where you have your *.crt file in src/main/assets folder.
In the 37th line of the above code, the "context" variable should be renamed to "sslContext"/other as it already exists or needed to call a static method from activity. Everything is just working fine. To understand all the detail and related security issues just follow this official documentation from where the above code snippet has come :
https://developer.android.com/training/articles/security-ssl.html#CommonProblems
how can you use crt file in swift code?
Usage says: connection.setSSLSocketFactory(buildSslSocketFactory());
private static SSLSocketFactory buildSslSocketFactory(Context context) {
what is Context ?
@erickok is it save to place certificate in assets ? what if someone decompile code and get our certificate from code. he can use it for api calling. waiting for your valuable comment.