Add SSL Certificate in Android using Volley

 

🏁 Intro

So after reading this tutorial we’re going to be familiarized with:

  • πŸ€” What the hell is the .crt files.
  • 😎 How to add certificates to my app.



This tutorial is going to be based on a project using Volley to make calls to an API, but you can always adapt it for your specific case.



πŸ“„ Let’s talk about the certificates

πŸ“‡ CA's

certificate authority (CA) is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.

So basically the CAs give us a way to authenticate ourselves by serving as credentials to validate our identity, encrypt our data for secure communication over insecure networks such as the internet, and give us a way to be sure nothing has been altered by a third party in transit because of the signature of the certificate.

Typically, an applicant for a digital certificate will generate a key pair consisting of a private key and a public key, along with a certificate signing request (CSR). A CSR is an encoded text file that includes the public key and other information that will be included in the certificate (e.g. domain name, organization, email address, etc.). Key pair and CSR generation are usually done on the server or workstation.

The .crt  the file is CSR encoded.

What is CER (or .CRT) files:

 CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web server's security. The file contains information about the certificate owner and public key.



😬 Give me the implementation!






put .crt file into assets folder in andoid.

code to use 
Volley use HurlStack to add .crt file



import android.content.Context;
import android.util.Log;

import com.android.volley.toolbox.HurlStack;

import java.io.BufferedInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class SslUtils {
    public static SslUtils getInstance() {
        if (instance == null)
            instance = new SslUtils();
        return instance;
    }

    public static SslUtils instance;

    public HurlStack handleCertificationOnOlderDevices(Context context_) {
        try {

            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream caInput = new
                    BufferedInputStream(context_.getAssets().open("test.cer"));
            Certificate ca;
            try {
                ca = cf.generateCertificate(caInput);
                Log.d("certificate", ((X509Certificate) ca).getSubjectDN().toString());
            } finally {
                caInput.close();
            }

            String keyStoreType = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", ca);

            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(keyStore);

            TrustManager[] trustManagers = tmf.getTrustManagers();
            final X509TrustManager origTrustmanager =
                    (X509TrustManager) trustManagers[0];

            TrustManager[] wrappedTrustManagers = new TrustManager[]{
                    new X509TrustManager() {
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return origTrustmanager.getAcceptedIssuers();
                        }

                        public void checkClientTrusted(X509Certificate[] certs,
                                                       String authType) {
                            try {
                                origTrustmanager.checkClientTrusted(certs, authType);
                            } catch (CertificateException e) {
                                e.printStackTrace();
                            }
                        }

                        public void checkServerTrusted(X509Certificate[] certs,
                                                       String authType) {
                            try {
                                origTrustmanager.checkServerTrusted(certs, authType);
                            } catch (CertificateException e) {
                                e.printStackTrace();
                            }
                        }
                    }
            };

            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, tmf.getTrustManagers(), null);

            SSLSocketFactory sslSocketFactory = context.getSocketFactory();
            return new HurlStack(null, sslSocketFactory);

        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;

    }
}


That's It


Now you just want to initialize Volley do this things

RequestQueue requestQueue=Volley.newRequestQueue(getApplicationContext(),SslUtils.getInstance().handleCertificationOnOlderDevices(getApplicationContext()));

now use this requestQueue instance.

Is this permanent solution?

NO
there is one disadvandage of this thing 
if your ssl sertificate expire then you have to release new build.
see official documentation for more details.


Thanks






Comments

Post a Comment

Popular posts from this blog

how to convert URI to File Android 10 and above

    how to convert URI to File Android 10 and above how to get file object from URI OR convert URI to file object in android 10 and above versions. some libraries are required File Objects for a process like a retrofit, some image editor e.t.c. to convert URI to file object or anything similar we have a way which is  to support all android old versions and upcoming versions. Step 1: you have to create a new file inside FilesDir which is nonreadable to other Apps with the same name as our file and extension. Step 2: you have to copy the content of the URI to create a file by using InputStream. After these two steps it will return your File object File f = getFile( getApplicationContext (), uri) ; For example  This method provide you file object and it supports all available andoid versions and upcomming version too public static File getFile (Context context, Uri uri) throws IOException { File destinationFilename = new File(context.getFilesDir().getPath() + File.separatorChar
Read more

Export & Download — SSL Certificate from URL for android and other use

Image
  You can export the SSL certificate from the URL below methods. Google Chrome Export the SSL certificate of a website using Google Chrome: 1.Click the  Secure  button (a padlock) in an address bar. 2. Click the  Certificate(Valid) . 3. Go to the  Details  tab 4.Click the  Copy to File…  button 5.Click the  Next  button. 6.Select the “Base-64 encoded X.509 (.CER)” format and click the  Next  button. 7.Specify the name of the file you want to save the SSL certificate to 8.Click the  Next  and the  Finish  buttons Mozilla Firefox Export the SSL certificate of a website using Mozilla Firefox: 1.Click the  Site Identity  button (a padlock) in an address bar. 2.Clic k  the  Show connection details  arrow 3.Click the  More Information  button 4.Click the  View Certificate  button 5.Go to the  Details  tab 6.Click the  Export  button 7.Specify the name of the file you want to save the SSL certificate too, keep the “X.509 Certificate (PEM)” format and click the  Save  button Internet Explorer
Read more