Last active
June 7, 2022 18:20
-
-
Save mannodermaus/c24ba9a06825cc271f92 to your computer and use it in GitHub Desktop.
Android SSLSocketFactory for use with custom CA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.github.aurae.ssl; | |
| import android.content.Context; | |
| import android.support.annotation.RawRes; | |
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.security.KeyStore; | |
| import java.security.SecureRandom; | |
| import java.security.cert.Certificate; | |
| import java.security.cert.CertificateFactory; | |
| import javax.net.ssl.SSLContext; | |
| import javax.net.ssl.SSLSocketFactory; | |
| import javax.net.ssl.TrustManagerFactory; | |
| /** | |
| * Creates an SSLSocketFactory instance for use with a custom CA, which would otherwise be considered "not trustworthy". | |
| * This can be fed into HttpsURLConnection, as well as networking libraries such as OkHttp's OkHttpClient. | |
| */ | |
| public final class CustomSSLSocketFactory { | |
| private CustomSSLSocketFactory() { | |
| throw new AssertionError(); | |
| } | |
| /** | |
| * Creates an SSLSocketFactory instance for use with the CA provided in the resource file. | |
| * | |
| * @param context Context used to open up the CA file | |
| * @param caRawFile Raw resource file to the CA (in .crt or .cer format, for instance) | |
| * @return An SSLSocketFactory which trusts the provided CA when provided to network clients | |
| */ | |
| public static SSLSocketFactory create(Context context, @RawRes int caRawFile) { | |
| InputStream caInput = null; | |
| try { | |
| // Generate the CA Certificate from the raw resource file | |
| caInput = context.getResources().openRawResource(caRawFile); | |
| Certificate ca = CertificateFactory.getInstance("X.509").generateCertificate(caInput); | |
| // Load the key store using the CA | |
| KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); | |
| keyStore.load(null, null); | |
| keyStore.setCertificateEntry("ca", ca); | |
| // Initialize the TrustManager with this CA | |
| TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); | |
| tmf.init(keyStore); | |
| // Create an SSL context that uses the created trust manager | |
| SSLContext sslContext = SSLContext.getInstance("TLS"); | |
| sslContext.init(null, tmf.getTrustManagers(), new SecureRandom()); | |
| return sslContext.getSocketFactory(); | |
| } catch (Exception ex) { | |
| throw new RuntimeException(ex); | |
| } finally { | |
| if (caInput != null) { | |
| try { | |
| caInput.close(); | |
| } catch (IOException ignored) { | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
tnx for your code but i got below Exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.