// Usage example... | |
HttpsURLConnection connection = (HttpsURLConnection) new URL("https://someurl.com").openConnection(); | |
connection.setSSLSocketFactory(buildSslSocketFactory()); | |
private static SSLSocketFactory buildSslSocketFactory(Context context) { | |
// Add support for self-signed (local) SSL certificates | |
// Based on http://developer.android.com/training/articles/security-ssl.html#UnknownCa | |
try { | |
// Load CAs from an InputStream | |
// (could be from a resource or ByteArrayInputStream or ...) | |
CertificateFactory cf = CertificateFactory.getInstance("X.509"); | |
// From https://www.washington.edu/itconnect/security/ca/load-der.crt | |
InputStream is = context.getResources().getAssets().openAsset("somefolder/somecertificate.crt"); | |
InputStream caInput = new BufferedInputStream(is); | |
Certificate ca; | |
try { | |
ca = cf.generateCertificate(caInput); | |
// System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); | |
} finally { | |
caInput.close(); | |
} | |
// Create a KeyStore containing our trusted CAs | |
String keyStoreType = KeyStore.getDefaultType(); | |
KeyStore keyStore = KeyStore.getInstance(keyStoreType); | |
keyStore.load(null, null); | |
keyStore.setCertificateEntry("ca", ca); | |
// Create a TrustManager that trusts the CAs in our KeyStore | |
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); | |
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); | |
tmf.init(keyStore); | |
// Create an SSLContext that uses our TrustManager | |
SSLContext context = SSLContext.getInstance("TLS"); | |
context.init(null, tmf.getTrustManagers(), null); | |
return context.getSocketFactory(); | |
} catch (NoSuchAlgorithmException e) { | |
e.printStackTrace(); | |
} catch (KeyStoreException e) { | |
e.printStackTrace(); | |
} catch (KeyManagementException e) { | |
e.printStackTrace(); | |
} catch (CertificateException e) { | |
e.printStackTrace(); | |
} catch (IOException e) { | |
e.printStackTrace(); | |
} | |
return null; | |
} |
This comment has been minimized.
This comment has been minimized.
Thank u. this code helpful for me. |
This comment has been minimized.
This comment has been minimized.
Hi, I have issue in load-der.crt, How can I get the .crt? Thank you |
This comment has been minimized.
This comment has been minimized.
Hi, this code is great but is giving me a problem with the Google Maps API, can anyone, please, help me? Thank you! |
This comment has been minimized.
This comment has been minimized.
This is the gold I was looking for |
This comment has been minimized.
This comment has been minimized.
@erickok is it save to place certificate in assets ? what if someone decompile code and get our certificate from code. he can use it for api calling. waiting for your valuable comment. |
This comment has been minimized.
This comment has been minimized.
@amjadislam10 I hope you have realised this by now, but for anyone else, here you are loading your public key, if your api is only secured by the ssl keys you are doing something wrong. |
This comment has been minimized.
This comment has been minimized.
@erickok what if i have |
This comment has been minimized.
This comment has been minimized.
CA.crt is used for signing only |
This comment has been minimized.
This comment has been minimized.
In my android app, I can only see the context.getResources().getAssets().openNonAssetFd(filename) function, not openAsset(filename). This code is very helpful but I still don't know where to put the certificate into. Any directory on an android device? Thanks. |
This comment has been minimized.
This comment has been minimized.
It is solved: put the file under "app/src/main/res/raw" with a name such as "mycertificate.crt".
|
This comment has been minimized.
This comment has been minimized.
you can also solve it by :
where you have your *.crt file in src/main/assets folder. https://developer.android.com/training/articles/security-ssl.html#CommonProblems |
This comment has been minimized.
hi what is load-er.crt