android - Self Signed Certificate - Trust anchor not found -


edit: bnk in comments has linked solution found here.

i'm sending off post requests via rest backend server (over lan), done on https. server has self signed certificate .pem file, works okay.

i'm trying connect different web server (over wan, through dns), self signed certificate .crt file (standard, ber/der format). now, although code same, receiving following exception:

java.security.cert.certpathvalidatorexception: trust anchor certification path not found.

i'm not sure why 1 server okay connect other not. not want trust certificates going on public internet.

my network code:

public httpsurlconnection setuphttpsconnection(string urlstring) {     try     {         // load cas inputstream         certificatefactory cf = certificatefactory.getinstance("x.509");          inputstream cainput = new bufferedinputstream(context.getassets().open("server.crt"));         certificate ca = cf.generatecertificate(cainput);         system.out.println("ca=" + ((java.security.cert.x509certificate) ca).getsubjectdn());          // create keystore containing our trusted cas         string keystoretype = keystore.getdefaulttype();         keystore keystore = keystore.getinstance(keystoretype);         keystore.load(null, null);         keystore.setcertificateentry("ca", ca);          // create trustmanager trusts cas in our keystore         string tmfalgorithm = trustmanagerfactory.getdefaultalgorithm();         trustmanagerfactory tmf = trustmanagerfactory.getinstance(tmfalgorithm);         tmf.init(keystore);          // create sslcontext uses our trustmanager         sslcontext sslcontext = sslcontext.getinstance("tls");         sslcontext.init(null, tmf.gettrustmanagers(), null);          // create all-trusting host name verifier         //  avoid following :         //   java.security.cert.certificateexception: no name matching         // because java default verifies certificate cn (common name)         // same host name in url. if not, web service client fails.         hostnameverifier allhostsvalid = new hostnameverifier() {             @override             public boolean verify(string arg0, sslsession arg1) {                 return true;             }         };         // install         httpsurlconnection.setdefaulthostnameverifier(allhostsvalid);          // tell urlconnection use socketfactory our sslcontext         url url = new url(urlstring);         httpsurlconnection urlconnection = null;         urlconnection = (httpsurlconnection)url.openconnection();         urlconnection.setsslsocketfactory(sslcontext.getsocketfactory());          return urlconnection;     }     catch (exception ex)     {         log.e("networkmanager", "failed establish ssl connection server: " + ex.tostring());         return null;     } }  /**  * represents asynchronous login/registration task used authenticate  * user.  */ public class posttask extends asynctask<postrequest, void, stringbuilder> {     posttask()     {     }      @override     protected void onpreexecute() {}      @override     protected stringbuilder doinbackground(postrequest... params)     {         outputstream os = null;          try {             httpsurlconnection urlconnection = setuphttpsconnection(params[0].url);             //sets maximum time wait input stream read complete before giving up.             urlconnection.setreadtimeout(30000);             //sets maximum time in milliseconds wait while connecting.             urlconnection.setconnecttimeout(20000);             urlconnection.setrequestmethod("post");             urlconnection.setdoinput(true);             urlconnection.setdooutput(true);              urlencodedformentity formentity = new urlencodedformentity(params[0].namevaluepairs);             os = urlconnection.getoutputstream();             formentity.writeto(os);              inputstream in = urlconnection.getinputstream();             stringbuilder ret = inputstreamtostring(in);              return ret;          } catch (ioexception e) {             log.i("networkerror", e.tostring());         } catch (exception e) {          } {             if (os != null) {                 try {                     os.close();                 } catch (ioexception ex) {                 }             }         }                      return null;     }      @override     protected void onpostexecute(stringbuilder result) {     }      @override     protected void oncancelled() {     } }

if correctly understand idea "all trusting", hostname verifier in code, can refer following:

let's assume server app hosting inside iis has server certificate in "issued to" "localhost", example. then, inside verify method can verify "localhost". 

hostnameverifier hostnameverifier = new hostnameverifier() {     @override     public boolean verify(string hostname, sslsession session) {         hostnameverifier hv =             httpsurlconnection.getdefaulthostnameverifier();         return hv.verify("localhost", session);     } };

-

Comments

Post a Comment

Popular posts from this blog

c# - Binding a comma separated list to a List<int> in asp.net web api -

the default binder in web api expecst http://url.com/webapi/report/?pageids=3243&pageids=2365 to bind public ihttpactionresult report(list<int> pageids){ // exciting webapi code} i wish bind http://url.com/webapi/report/?pageids=3243,2365 as running out of space in url get . i have created class public class commaseparatedmodelbinder : system.web.http.modelbinding.imodelbinder { public bool bindmodel(httpactioncontext actioncontext, modelbindingcontext bindingcontext) { //binding in here } } and registered in webapiconfig.cs var provider = new simplemodelbinderprovider( typeof(list<int>), new commaseparatedmodelbinder()); config.services.insert(typeof(modelbinderprovider), 0, provider); i have altered method signature use model binder so public ihttpactionresult report( [modelbinder] list<int> pageids){ // exciting webapi code} however break point in binder not being
Read more

Delphi 7 and decode UTF-8 base64 -

in delphi 7, have widestring encoded base64(that received web service widestring result) : pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg== when decoded it, result not utf-8: <?xml version="1.0"?> <string>طھط³طھ</string> but when decoded base64decode.org, result true : <?xml version="1.0"?> <string>تست</string> i have use encddecd unit decodestring function. the problem have using decodestring . function, in delphi 7, treats decoded binary data being ansi encoded. , problem text utf-8 encoded. to continue encddecd unit have couple of options. can switch decodestream . instance, code produce utf-8 encoded text file data: {$apptype console} uses classes, encddecd; const data = 'pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg=='; var input: tstringstream; output: tfilestream; begin input := tstringstream.create(data); try output := tfilestream.
Read more

html - Is there any way to exclude a single element from the style? (Bootstrap) -

so, have img logo, overlaid on div styled background-image: url("...") , , both elements inside 2 div classes .to-color , .to-overlay respectively, black transparent overlay. is there way exclude logo style given these 2 classes? here's jsfiddle example: link html , css example: - html - <div class="to-color"> <div class="to-overlay"> <div class="respo"> <div class="row"> <div class="col-xs-4 col-xs-offset-4 text-center"> <img src="http://ansonalex.com/wp-content/uploads/2011/06/google-logo-768x260.png" alt="..." class="img-responsive"> </div> </div> </div> </div> </div> - css - .to-color { background-color: #000; } .to-overlay { opacity : 0.5; } .respo { background-image: url("https://source.unsplash.com/category/objects/1600x900"); background-position: center center;
Read more