Android https - tls on a specific server

Question

I developed an Android app that need to connect to a server for Rest request.

I'm new in https and (despite last 2 days spent to looking for on the on web) I've not understood nothing.

The server has a certificate made with COMODO(or geotrust) and has a KeyStore (NOT made by me).

I tried to use:

• Trusting all certificates using HttpClient over HTTPS (bue cannot able to understand where/how use openssl)
• Java HttpsURLConnection and TLS 1.2 (but didin't work)
• Android java.security.cert.CertPathValidatorException: Trust anchor for certification path not found (tried this too but neither works.)

Then I tried this. Trusting all certificates using HttpClient over HTTPS

And works. The problem is that I need to make it specific fpor the access of the server and none else.

This is my code for GET/DELETE request:

     public static HttpsURLConnection setHttpsURLConnection(String type, URL url, Activity activity) throws IOException {

            trustEveryone(); //from the link above

            HttpsURLConnection response=(HttpsURLConnection) url.openConnection();
            response.setConnectTimeout(Costanti.connectionTimeout);
            response.setReadTimeout(Costanti.connectionTimeout);
            response.setRequestProperty("Content-type", "application/json");
            response.setRequestProperty("Accept", "application/json");
            response.setRequestProperty("Authorization", "Basic tfhtrhsthLkO=");
            response.setRequestMethod(type);
            return response;
        }

I need know what should i do, step by step.

What you need know to help me?

https://www.ssllabs.com/ssltest says:

• TLS 1.2
• TLS 1.1
• TLS 1.0
• Key RSA 2048 bits (e 65537)
• Issuer GeoTrust DV SSL CA - G3
• Signature algorithm SHA256withRSA
• Certificate Transparency Yes (certificate)

Answer 1

Thanks for answer me, both. @pedrofb your link doeasn't work.

I found the solution reading andorid documentation having a morning-clear-mind.

My certificate is made by GEOTRUST (a CA -> someone who says "your certificate is 'more' valide through us"). Andorid has a range of Trusted CA (in that way the configuration is simple).

When your CA is not present in the Android favorite you need say andorid that you can trust this certificate from that CA --> https://developer.android.com/training/articles/security-ssl.html

What i did is take the certificate of server and use it in the next code (from link above) in order to generate the SSLSOCKETFACTORY and use it in the httpsURLConnection.setSSLSocketFactory(socket):

  public static final String CERTIFICATO=("-----BEGIN CERTIFICATE-----\n" +
             "MIIFuDCCBKCgA....kqhkiG9w0BAQsFADBm\n" +
             "MQswCQYDVQQGEwJ...SW5jLjEdMBsGA1UECxMU\n" +
             "RG9tYWluIFZhbGlk....ERWIFNTTCBD\n" +
             "QSAtIEczMB4XDTE....k1OVowGzEZMBcGA1UE\n" +
             "AwwQdGVzdDIuYmNzb2....ADggEPADCCAQoC\n" +
             "ggEBAMEIbF7hHdy2...d6nWJE0zRSG1IzL6qTe\n" +
             "tan8UGyIUdHTx0Cy...VRhchXab628VxP\n" +
             "1Ngd2ffFUKBO9...N0/Fphr\n" +
             "9yKJCwgbcb2PAsH....knT5q\n" +
             "T6qkfug0jBVdKmaG5...Vg694vGZYVkFi\n" +
             "NbDFAaF7f1oS...BKCEHRl\n" +
             "c3QyLmJjc29mdC....hpodHRw\n" +
             "Oi8vZ3Quc3ltY2I...gZngQwBAgEw\n" +
             "gYQwPwYIKwY...N0LmNvbS9yZXNvdXJj\n" +
             "ZXMvcmVw...RwczovL3d3dy5n\n" +
             "ZW90cnVzdC5jb...WwwHwYDVR0jBBgw\n" +
             "FoAUrWUihZ...B0GA1UdJQQW\n" +
             "MBQGCCsGAQU....wHwYIKwYBBQUH\n" +
             "MAGGE2h0d...0dHA6Ly9ndC5z\n" +
             "eW1jYi5jb20vZ3Q...wDxAHYA3esdK3oN\n" +
             "T6Ygi4GtgWhwf...RzBFAiBp54lk\n" +
             "UV/yv5lgSW0w...K4uzyiBfJQMMe1\n" +
             "OVzA+x/INw9...5G9+443fNDsgN\n" +
             "3BAAAAFc9Ao..WRNuoF/GR\n" +
             "ckf1umsC...NBgkqhkiG\n" +
             "9w0BAQsFAA...lcKFn1fk\n" +
             "N6tnsHI...JKA4fjAgV\n" +
             "k5VMllg...pkVGqing\n" +
             "h+pkAJg19u...suEdhrpK8c\n" +
             "6ZU6kjpyNuIiVX9nAEA2..LkKM3Yi6LE\n" +
             "N9TlYfz4B...nQd3bZAg==\n" +
             "-----END CERTIFICATE-----\n");

public static SSLSocketFactory socket=null;

 static {
     // Load CAs from an InputStream
     // (could be from a resource or ByteArrayInputStream or ...)
     InputStream in=null;
     try {
         CertificateFactory cf = CertificateFactory.getInstance("X.509");

         Certificate ca;

         in = new ByteArrayInputStream(Costanti.CERTIFICATO.getBytes());

         ca = cf.generateCertificate(in);

         // Create a KeyStore containing our trusted CAs
         String keyStoreType = KeyStore.getDefaultType();
         KeyStore keyStore = KeyStore.getInstance(keyStoreType);
         keyStore.load(null, null);
         keyStore.setCertificateEntry("ca", ca);

         // Create a TrustManager that trusts the CAs in our KeyStore
         String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
         TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
         tmf.init(keyStore);

         // Create an SSLContext that uses our TrustManager
         SSLContext context = SSLContext.getInstance("TLS");
         context.init(null, tmf.getTrustManagers(), null);
         socket=context.getSocketFactory();
     }catch (Exception e){
         e.printStackTrace();
         LogManage.logError(LogManage.Type.Connection, Costanti.class, null, "Problema con SSL conf");
         socket=null;
     }
     finally {
         if (in!=null)
             try {
                 in.close();
             } catch (IOException e) {
                 e.printStackTrace();
             }
     }
 }