Skip to content

Instantly share code, notes, and snippets.

@muhammad-naderi
Last active June 22, 2020 03:41
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save muhammad-naderi/fad2c163ac61e0b7282209c07f5dadf5 to your computer and use it in GitHub Desktop.
Save muhammad-naderi/fad2c163ac61e0b7282209c07f5dadf5 to your computer and use it in GitHub Desktop.
this gist is gathered from here or there on the internet, and I made a few adjustment to support all of Ion getInstance/getDefault models. You just need to call #setSelfSignedSSL() before you make your Ion call to a self signed https endpoint. also put the .cer file in the assets folder
public void setSelfSignedSSL(Context mContext, @Nullable String instanceName){
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// cert file stored in \app\src\main\assets
InputStream caInput = new BufferedInputStream(mContext.getAssets().open("certificate.cer"));
Certificate ca = cf.generateCertificate(caInput);
caInput.close();
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, wrappedTrustManagers, null);
AsyncSSLSocketMiddleware sslMiddleWare;
if(TextUtils.isEmpty(instanceName)){
sslMiddleWare = Ion.getDefault(mContext).getHttpClient().getSSLSocketMiddleware();
}else {
sslMiddleWare = Ion
.getInstance(mContext, instanceName)
.getHttpClient().getSSLSocketMiddleware();
}
sslMiddleWare.setTrustManagers(wrappedTrustManagers);
sslMiddleWare.setHostnameVerifier(getHostnameVerifier());
sslMiddleWare.setSSLContext(sslContext);
}catch (Exception e){
e.printStackTrace();
}
}
private HostnameVerifier getHostnameVerifier() {
return new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
// or the following:
// HostnameVerifier hv = HttpsURLConnection.getDefaultHostnameVerifier();
// return hv.verify("www.yourserver.com", session);
}
};
}
private TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkClientTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkClientTrusted", e.toString());
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
try {
if (certs != null && certs.length > 0){
certs[0].checkValidity();
} else {
originalTrustManager.checkServerTrusted(certs, authType);
}
} catch (CertificateException e) {
Log.w("checkServerTrusted", e.toString());
}
}
}
};
}
@muhammad-naderi
Copy link
Author

uses https://github.com/koush/ion
related to this issue : koush/ion#3

@abbasalim
Copy link

very very very thaaaaaaaaanks,

@sajadsoft1
Copy link

my problem is "Trust anchor for certification path not found" when use https and i see this gist and you read certificate.cer in your code
Where do I get this file?
And is the problem solved with this code?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment