Add SSL Certificate in Android using Volley

 

🏁 Intro

So after reading this tutorial we’re going to be familiarized with:

  • πŸ€” What the hell is the .crt files.
  • 😎 How to add certificates to my app.



This tutorial is going to be based on a project using Volley to make calls to an API, but you can always adapt it for your specific case.



πŸ“„ Let’s talk about the certificates

πŸ“‡ CA's

certificate authority (CA) is a company or organization that acts to validate the identities of entities (such as websites, email addresses, companies, or individual persons) and bind them to cryptographic keys through the issuance of electronic documents known as digital certificates.

So basically the CAs give us a way to authenticate ourselves by serving as credentials to validate our identity, encrypt our data for secure communication over insecure networks such as the internet, and give us a way to be sure nothing has been altered by a third party in transit because of the signature of the certificate.

Typically, an applicant for a digital certificate will generate a key pair consisting of a private key and a public key, along with a certificate signing request (CSR). A CSR is an encoded text file that includes the public key and other information that will be included in the certificate (e.g. domain name, organization, email address, etc.). Key pair and CSR generation are usually done on the server or workstation.

The .crt  the file is CSR encoded.

What is CER (or .CRT) files:

 CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web server's security. The file contains information about the certificate owner and public key.



😬 Give me the implementation!






put .crt file into assets folder in andoid.

code to use 
Volley use HurlStack to add .crt file



import android.content.Context;
import android.util.Log;

import com.android.volley.toolbox.HurlStack;

import java.io.BufferedInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class SslUtils {
    public static SslUtils getInstance() {
        if (instance == null)
            instance = new SslUtils();
        return instance;
    }

    public static SslUtils instance;

    public HurlStack handleCertificationOnOlderDevices(Context context_) {
        try {

            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream caInput = new
                    BufferedInputStream(context_.getAssets().open("test.cer"));
            Certificate ca;
            try {
                ca = cf.generateCertificate(caInput);
                Log.d("certificate", ((X509Certificate) ca).getSubjectDN().toString());
            } finally {
                caInput.close();
            }

            String keyStoreType = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", ca);

            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(keyStore);

            TrustManager[] trustManagers = tmf.getTrustManagers();
            final X509TrustManager origTrustmanager =
                    (X509TrustManager) trustManagers[0];

            TrustManager[] wrappedTrustManagers = new TrustManager[]{
                    new X509TrustManager() {
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return origTrustmanager.getAcceptedIssuers();
                        }

                        public void checkClientTrusted(X509Certificate[] certs,
                                                       String authType) {
                            try {
                                origTrustmanager.checkClientTrusted(certs, authType);
                            } catch (CertificateException e) {
                                e.printStackTrace();
                            }
                        }

                        public void checkServerTrusted(X509Certificate[] certs,
                                                       String authType) {
                            try {
                                origTrustmanager.checkServerTrusted(certs, authType);
                            } catch (CertificateException e) {
                                e.printStackTrace();
                            }
                        }
                    }
            };

            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, tmf.getTrustManagers(), null);

            SSLSocketFactory sslSocketFactory = context.getSocketFactory();
            return new HurlStack(null, sslSocketFactory);

        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;

    }
}


That's It


Now you just want to initialize Volley do this things

RequestQueue requestQueue=Volley.newRequestQueue(getApplicationContext(),SslUtils.getInstance().handleCertificationOnOlderDevices(getApplicationContext()));

now use this requestQueue instance.

Is this permanent solution?

NO
there is one disadvandage of this thing 
if your ssl sertificate expire then you have to release new build.
see official documentation for more details.


Thanks






Comments

Post a Comment

Popular posts from this blog

how to convert URI to File Android 10 and above

    how to convert URI to File Android 10 and above how to get file object from URI OR convert URI to file object in android 10 and above versions. some libraries are required File Objects for a process like a retrofit, some image editor e.t.c. to convert URI to file object or anything similar we have a way which is  to support all android old versions and upcoming versions. Step 1: you have to create a new file inside FilesDir which is nonreadable to other Apps with the same name as our file and extension. Step 2: you have to copy the content of the URI to create a file by using InputStream. After these two steps it will return your File object File f = getFile( getApplicationContext (), uri) ; For example  This method provide you file object and it supports all available andoid versions and upcomming version too public static File getFile (Context context, Uri uri) throws IOException { File destinationFilename = new File(context.getFilesDir().getPat...
Read more

Export & Download — SSL Certificate from URL for android and other use

Image
  You can export the SSL certificate from the URL below methods. Google Chrome Export the SSL certificate of a website using Google Chrome: 1.Click the  Secure  button (a padlock) in an address bar. 2. Click the  Certificate(Valid) . 3. Go to the  Details  tab 4.Click the  Copy to File…  button 5.Click the  Next  button. 6.Select the “Base-64 encoded X.509 (.CER)” format and click the  Next  button. 7.Specify the name of the file you want to save the SSL certificate to 8.Click the  Next  and the  Finish  buttons Mozilla Firefox Export the SSL certificate of a website using Mozilla Firefox: 1.Click the  Site Identity  button (a padlock) in an address bar. 2.Clic k  the  Show connection details  arrow 3.Click the  More Information  button 4.Click the  View Certificate  button 5.Go to the  Details  tab 6.Click the  Export  button 7.Specify the nam...
Read more

Never set this picture as wallpaper!!

Image
  As many people reported that their android device is stopped working after use this image as wallpaper. after search about it and I got some awesome information about the android device. let's start. right now android supports 1440 X 2560 screen resolution. when see the original photo i saw its a ProPhoto RGB is this the  problem ?  Let's find out this is the colors scale that human see android device under stands sRGB color scale. like this, not only android there are tons of hardware supports this range of colors. there are another color scale we have like adobe RGB as you see here it covers larger color then sRGB. and now comes pro photoRGB so prophoto rgb is the problem lets see google use convert prophoto RGB or adobe RGB to srgb by luminance effect so the luminance of pixel is calculated by this formula 0.2126 X (RED)+0.7152 X (GREEN)+0.0722 X (BLUE) =255(MAX) in case of pro photo rgb lets see a pixel calculation. 0.2126 X (255)+0.7152 X (255)+0.0722 X (243) 54.21...
Read more