All geek questions in one place

Way to ignore ssl certificate using HttpsURLConnection

I use two approaches to try using HTTPS URLs:

Old deprecated and returned answer with correct values.

Here is the code that you don’t need to ignore the ssl certificate, it ignores it by itself or can use a different technique:

public String newApiPost(String url,String p1,String p2,String p3){ HttpClient httpClient = new DefaultHttpClient(); // replace with your url HttpPost httpPost = new HttpPost(url); //Post Data List<NameValuePair> nameValuePair = new ArrayList<NameValuePair> (); nameValuePair.add(new BasicNameValuePair("cliend_id",p1)); nameValuePair.add(new BasicNameValuePair("client_secret", p2)); nameValuePair.add(new BasicNameValuePair("key",p3)); //Encoding POST data try { httpPost.setEntity(new UrlEncodedFormEntity(nameValuePair)); } catch (UnsupportedEncodingException e) { // log exception e.printStackTrace(); } //making POST request. try { HttpResponse response = httpClient.execute(httpPost); HttpEntity httpEntity = response.getEntity(); String result = EntityUtils.toString(httpEntity, HTTP.UTF_8); Log.d("response", result); // write response to log Log.d("zzuu", result.toString()); } catch (ClientProtocolException e) { // Log exception e.printStackTrace(); } catch (IOException e) { // Log exception e.printStackTrace(); Log.d("dddfg", e.toString()); }catch (Exception e){ Log.d("dddfg", e.toString()); } return ""; }

Then I used the deprecated HttpsUrlConnections method, which needs to ignore the ssl certificate, which I use repeatedly but did not work:

  public void sendNew (String urls,String paramValue1,String paramValue2,String paramValue3){ URL url = null; BufferedReader reader = null; StringBuilder stringBuilder; String data=""; try { url = new URL(urls); HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); conn.setReadTimeout(10000); conn.setConnectTimeout(15000); conn.setRequestMethod("POST"); conn.setRequestProperty("Content-Type", "application/x-www-form- urlencoded"); conn.setRequestProperty("charset", "utf-8"); conn.setDoInput(true); conn.setDoOutput(true); Uri.Builder builder = new Uri.Builder() .appendQueryParameter("cliend_id", paramValue1) .appendQueryParameter("client_secret", paramValue2) .appendQueryParameter("apikey", paramValue3); String query = builder.build().getEncodedQuery(); OutputStream os = conn.getOutputStream(); BufferedWriter writer = new BufferedWriter( new OutputStreamWriter(os, "UTF-8")); writer.write(query); writer.flush(); writer.close(); os.close(); conn.connect(); reader = new BufferedReader(new InputStreamReader(conn.getErrorStream())); stringBuilder = new StringBuilder(); String line = null; while ((line = reader.readLine()) != null) { stringBuilder.append(line + "\n"); } data= stringBuilder.toString(); Log.d("zzuu", data); } catch (MalformedURLException e) { e.printStackTrace(); } catch (ProtocolException e) { e.printStackTrace(); Log.d("dddfg", e.toString()); } catch (IOException e) { e.printStackTrace(); Log.d("dddfg", e.toString()); }catch (Exception e){ Log.d("dddfg", e.toString()); } }

He responds with this error:

 10-12 17:06:06.135 16052-16075/ W/System.errīš• java.io.IOException: Hostname 'xxxxxxxx' was not verified 10-12 17:06:06.139 16052-16075/ W/System.errīš• at libcore.net.http.HttpConnection.verifySecureSocketHostname(HttpConnection.java:223) 10-12 17:06:06.139 16052-16075/ W/System.errīš• at libcore.net.http.HttpsURLConnectionImpl$HttpsEngine.connect(HttpsURLConnectionImpl.java:446) 10-12 17:06:06.139 16052-16075/ W/System.errīš• at libcore.net.http.HttpEngine.sendSocketRequest(HttpEngine.java:290) 10-12 17:06:06.170 16052-16075/ W/System.errīš• at libcore.net.http.HttpEngine.sendRequest(HttpEngine.java:240) 10-12 17:06:06.171 16052-16075/ W/System.errīš• at libcore.net.http.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:292) 10-12 17:06:06.175 16052-16075/ W/System.errīš• at libcore.net.http.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:185) 10-12 17:06:06.175 16052-16075/ W/System.errīš• at libcore.net.http.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:271) 10-12 17:06:06.176 16052-16075/ W/System.errīš• at ubicall.sand.ubicall.helper.JSONParser.method(JSONParser.java:422) 10-12 17:06:06.177 16052-16075/ W/System.errīš• at ubicall.sand.ubicall.activity.SplashActivity$Access.doInBackground(SplashActivity.java:111) 10-12 17:06:06.177 16052-16075/ W/System.errīš• at ubicall.sand.ubicall.activity.SplashActivity$Access.doInBackground(SplashActivity.java:106) 10-12 17:06:06.177 16052-16075/ W/System.errīš• at android.os.AsyncTask$2.call(AsyncTask.java:287)

I did not understand when the problem is that it works well in restclient and postman data is sent to the url body using the mail method, I found that I need to ignore the ssl certificate when using HttpsURLConnection, but I try to ignore a lot, but it didn’t work .

  I use private void trustEveryone() { try { HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){ public boolean verify(String hostname, SSLSession session) { return true; }}); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, new X509TrustManager[]{new X509TrustManager(){ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {} public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {} public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; }}}, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory( context.getSocketFactory()); } catch (Exception e) { // should never happen e.printStackTrace(); } }
+5
source share
1 answer

From your logcat info, I think you should read the following links:

  • HostnameVerifier

    It should be used during a handshake if the hostname of the URL does not match the name of the peer authentication node.

  • Common host name verification issues

    One of the reasons for this may be due to a server configuration error. the server is configured with a certificate that does not have an object or specify alternative name fields that correspond to the server on which you are trying to reach ...

Then you can refer to my answer to the following question:

Trusted OkHttp Certificate

EDIT: Regarding your idea of ​​“ignore ssl”, you can try the following (however, he said this is not recommended):

 public class HttpsTrustManager implements X509TrustManager { private static TrustManager[] trustManagers; private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[]{}; @Override public void checkClientTrusted( X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { } @Override public void checkServerTrusted( X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { } public boolean isClientTrusted(X509Certificate[] chain) { return true; } public boolean isServerTrusted(X509Certificate[] chain) { return true; } @Override public X509Certificate[] getAcceptedIssuers() { return _AcceptedIssuers; } public static void allowAllSSL() { HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }); SSLContext context = null; if (trustManagers == null) { trustManagers = new TrustManager[]{new HttpsTrustManager()}; } try { context = SSLContext.getInstance("TLS"); context.init(null, trustManagers, new SecureRandom()); } catch (NoSuchAlgorithmException | KeyManagementException e) { e.printStackTrace(); } HttpsURLConnection.setDefaultSSLSocketFactory(context != null ? context.getSocketFactory() : null); } }

Then in your activity call HttpsTrustManager.allowAllSSL();

+3
source

Source: https://habr.com/ru/post/1233530/

More articles:


All Articles