Skip to content

Instantly share code, notes, and snippets.

@mosabua

mosabua/AndroidInsecureKeepAliveHttpsTransportSE

Created April 7, 2011 15:51
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save mosabua/908048 to your computer and use it in GitHub Desktop.
Save mosabua/908048 to your computer and use it in GitHub Desktop.
Download ZIP
AndroidInsecureHttpsServiceConnectionSE implements the service connection that will allow any SSL cert on Android 2.1 (api level 7) and below, this disables SSL for old platform version, be careful
Raw
AndroidInsecureKeepAliveHttpsTransportSE
import org.ksoap2.transport.HttpsTransportSE;
import org.ksoap2.transport.ServiceConnection;
import java.io.IOException;
public class AndroidInsecureKeepAliveHttpsTransportSE extends HttpsTransportSE {
private AndroidInsecureHttpsServiceConnectionSE conn = null;
private final String host;
private final int port;
private final String file;
private final int timeout;
public AndroidInsecureKeepAliveHttpsTransportSE(String host, int port, String file, int timeout) {
super(host, port, file, timeout);
this.host = host;
this.port = port;
this.file = file;
this.timeout = timeout;
}
protected ServiceConnection getServiceConnection() throws IOException {
conn = new AndroidInsecureHttpsServiceConnectionSE(host, port, file, timeout);
conn.setRequestProperty("Connection", "keep-alive");
return conn;
}
}
Raw
KSoap2 Android SSL workaround
public class AndroidInsecureHttpsServiceConnectionSE implements ServiceConnection
{
private HttpsURLConnection connection;
public AndroidInsecureHttpsServiceConnectionSE(String host, int port, String file, int timeout) throws IOException {
connection = (HttpsURLConnection) new URL("https", host, port, file).openConnection();
updateConnectionParameters(timeout);
}
private static TrustManager[] trustManagers;
public static class FakeX509TrustManager implements X509TrustManager {
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{};
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
public boolean isClientTrusted(X509Certificate[] chain) {
return (true);
}
public boolean isServerTrusted(X509Certificate[] chain) {
return (true);
}
public X509Certificate[] getAcceptedIssuers() {
return (_AcceptedIssuers);
}
}
/**
* Allow all SSL certificates by setting up a host name verifier that passes everything and as well setting up a
* SocketFactory with the #FakeX509TrustManager.
*/
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[]{new FakeX509TrustManager()};
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
Ln.e("allowAllSSL", e.toString());
} catch (KeyManagementException e) {
Ln.e("allowAllSSL", e.toString());
}
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
}
/**
* update the connection with the timeout parameter as well as allowing SSL if the Android version is 7 or lower
* (since these versions have a broken certificate manager, which throws a SSL exception saying "Not trusted
* security certificate"
*
* @param timeout
*/
private void updateConnectionParameters(int timeout) {
connection.setConnectTimeout(timeout); // 20 seconds
connection.setReadTimeout(timeout); // even if we connect fine we want to time out if we cant read anything..
connection.setUseCaches(false);
connection.setDoOutput(true);
connection.setDoInput(true);
int buildVersion = Build.VERSION.SDK_INT;
if (buildVersion <= 7) {
Log.d("Detected old operating system version " + buildVersion + " with SSL certificate problems. Allowing " +
"all certificates.");
allowAllSSL();
} else {
Log.d("Full SSL active on new operating system version " + buildVersion);
}
}
public void connect() throws IOException {
connection.connect();
}
public void disconnect() {
connection.disconnect();
}
public List getResponseProperties() {
Map properties = connection.getHeaderFields();
Set keys = properties.keySet();
List retList = new LinkedList();
for (Iterator i = keys.iterator(); i.hasNext();) {
String key = (String) i.next();
List values = (List) properties.get(key);
for (int j = 0; j < values.size(); j++) {
retList.add(new HeaderProperty(key, (String) values.get(j)));
}
}
return retList;
}
public void setRequestProperty(String key, String value) {
// We want to ignore any setting of "Connection: close" because
// it is buggy with Android SSL.
if ("Connection".equalsIgnoreCase(key) && "close".equalsIgnoreCase(value)) {
// do nothing
} else {
connection.setRequestProperty(key, value);
}
}
public void setRequestMethod(String requestMethod) throws IOException {
connection.setRequestMethod(requestMethod);
}
public OutputStream openOutputStream() throws IOException {
return connection.getOutputStream();
}
public InputStream openInputStream() throws IOException {
return connection.getInputStream();
}
public InputStream getErrorStream() {
return connection.getErrorStream();
}
public String getHost() {
return connection.getURL().getHost();
}
public int getPort() {
return connection.getURL().getPort();
}
public String getPath() {
return connection.getURL().getPath();
}
}
Raw
Usage
androidHttpTransport = new AndroidInsecureKeepAliveHttpsTransportSE(webserviceHost, port, path, timeout)
host is the domain of the url
port is the http port
path is the rest of the url including the file
timeout is the connection timeout in milliseconds
and then do the usual .call and so on
@dwivedi
Copy link

dwivedi commented Apr 2, 2012

what value should be pass a port argument

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment