1

In my android application I have to a read an XML file that is stored in a server. Since this is a secured web page[SSL(https)], to access to the location(https://serverAddress/path/) where the XML file resides, normally it requires username/Password Authentication

Following is the Code that I used to read and get the XML Stream. But it always goes to the exception when it trying to execute the HttpResponse httpResponse = httpClient.execute(httpGet); statement. Exception says Not trusted server certificate.

Also have added the internet access permission <uses-permission android:name="android.permission.INTERNET" /> in the Manifest file

If the XML file is stored in a place where it doesn't require any authentication, then it works fine. I searched everywhere but didn't find any example that will do this. If someone can guide through this process I would be really grateful. Thanks in advance...!!!!

   try
   {
         Log.v("State","Started...");

         HttpClient httpClient = new DefaultHttpClient();
         HttpGet httpGet = new HttpGet("https://serverAddress/path/MyXMLFile.xml");
         httpGet.addHeader(BasicScheme.authenticate(new UsernamePasswordCredentials("username", "password"),HTTP.UTF_8, false));
         HttpResponse httpResponse = httpClient.execute(httpGet);
         InputStream xmlInputStream = httpResponse.getEntity().getContent();
         Toast.makeText(getApplicationContext(), this.convertStreamToString(xmlInputStream), Toast.LENGTH_LONG).show();

         Log.v("State","Finish...");
    }
    catch(Exception e)
    {
        Log.v("State",e.getMessage().toString());
    }
JibW
  • 4,538
  • 17
  • 66
  • 101

1 Answers1

1

This is not http question it is https - you are using secure connection. I also had a lot of troubles with those. As a quick fix you can get your client to trust all certificates using this irreplaceable post.

Later on consider trusting only the appropriate certificates.

EDIT: because I know how picky SO users are. Yes it is bad practise to trust all certificates, but this can be done in 3 minutes and you can test the rest of your code. Still never forget this is potential security breach and you should switch to trusting only specified certificate.

Community
  • 1
  • 1
Boris Strandjev
  • 46,145
  • 15
  • 108
  • 135
  • Hi Boris Strandjev, Thanks for the quick response. I went through that POST but didn't really get what exactly has done. Isn't there any way that I can give the credentials and access the XML directly in a simple way? – JibW Apr 24 '12 at 16:34
  • 1
    @JibW When I pointed to the post I actually meant the most popular answer: http://stackoverflow.com/a/4837230/1108032. Just copy-paste the whole code and use it to construct your client. I have done it several times already and it always works. Plus that it is very easy to apply. – Boris Strandjev Apr 25 '12 at 05:04
  • Hi Boris Strandjev. I just applied it but still it gives this exception[java.net.UnknownHostException]. Also I tried with the HttpURLConnection way that have suggested in the same POST, but this time another exception[java.net.SocketException: Permission denied]. I think since this is a secured web page with SSL Certificate it does not allow to access to the location to retrive Xml Stream without proper Authentication. – JibW Apr 25 '12 at 10:04
  • 1
    @JibW actually if I am not wrong the error changed. Wasn't it `Not trusted server certificate` previously? – Boris Strandjev Apr 25 '12 at 10:11
  • When I follow this method that suggests on the POST, it gives me java.net.UnknownHostException. [But in the above code that I have shown gives gives the javax.net.ssl.SSLException: Not trusted server certificate]. And also I am not clear, if we can access the secured resourse without proper authentication, then we would be able to access any resourse and they won't be secured any more. – JibW Apr 25 '12 at 10:27
  • @JibW yes but you still provide username, password don't you? Trusting all certificates will allow your device to trust the server, not the other way round (this was what was failing you). – Boris Strandjev Apr 25 '12 at 10:31
  • Hi Boris Strandjev. Thanks. I checked in both ways. Still the same exception(providing username/password and Without providing them). – JibW Apr 25 '12 at 10:59
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/10489/discussion-between-boris-strandjev-and-jibw) – Boris Strandjev Apr 25 '12 at 11:05
  • Yes, It works. Thank you very much for your time and help Boris Strandjev. Really appreciate....!!!! – JibW Apr 25 '12 at 14:51