Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save CMingTseng/5cbdee349fdb8c15ee1a18db2692a292 to your computer and use it in GitHub Desktop.
Save CMingTseng/5cbdee349fdb8c15ee1a18db2692a292 to your computer and use it in GitHub Desktop.
Android SSLSocketFactory for use with custom CA
package com.github.aurae.ssl;
import android.content.Context;
import android.support.annotation.RawRes;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
/**
* Creates an SSLSocketFactory instance for use with a custom CA, which would otherwise be considered "not trustworthy".
* This can be fed into HttpsURLConnection, as well as networking libraries such as OkHttp's OkHttpClient.
*/
public final class CustomSSLSocketFactory {
private CustomSSLSocketFactory() {
throw new AssertionError();
}
/**
* Creates an SSLSocketFactory instance for use with the CA provided in the resource file.
*
* @param context Context used to open up the CA file
* @param caRawFile Raw resource file to the CA (in .crt or .cer format, for instance)
* @return An SSLSocketFactory which trusts the provided CA when provided to network clients
*/
public static SSLSocketFactory create(Context context, @RawRes int caRawFile) {
InputStream caInput = null;
try {
// Generate the CA Certificate from the raw resource file
caInput = context.getResources().openRawResource(caRawFile);
Certificate ca = CertificateFactory.getInstance("X.509").generateCertificate(caInput);
// Load the key store using the CA
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Initialize the TrustManager with this CA
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
// Create an SSL context that uses the created trust manager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception ex) {
throw new RuntimeException(ex);
} finally {
if (caInput != null) {
try {
caInput.close();
} catch (IOException ignored) {
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment