1

I am connecting to a server via HTTPS. I accept all x509 certificates from the server. Now I just need to add authentication user name and password to the httpclient. I am using HTTPClient not DefaultHTTPClient. All code is listed below:

Send file with HTTPClient:

   protected void sendFile(String url, File file)
{
    try
    {
        HttpClient httpclient = new DefaultHttpClient();

        httpclient = sslClient(httpclient);

        CredentialsProvider credProvider = new BasicCredentialsProvider();
        credProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
            new UsernamePasswordCredentials("YOUR USER NAME HERE", "YOUR PASSWORD HERE"));

        ((AbstractHttpClient) httpclient).setCredentialsProvider(credProvider);

        HttpPost httppost = new HttpPost(url);

        InputStreamEntity reqEntity = new InputStreamEntity(new FileInputStream(file), -1);
        reqEntity.setContentType("binary/octet-stream");
        reqEntity.setChunked(true); // Send in multiple parts if needed
        httppost.setEntity(reqEntity);

        HttpResponse response = httpclient.execute(httppost);
        int status = response.getStatusLine().getStatusCode();
        // Do something with response...
        Log.d(CLASSNAME, "Response: " + Integer.toString(status) + response.toString());

    }
    catch(Exception e)
    {
        Log.e(CLASSNAME, "Caught exception: " + e.getMessage());
        e.printStackTrace();
    }
}

private HttpClient sslClient(HttpClient client) {
    try {
        X509TrustManager tm = new X509TrustManager() { 
            public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        SSLContext ctx = SSLContext.getInstance("TLS");
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new MySSLSocketFactory(ctx);
        ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = client.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", ssf, 443));
        return new DefaultHttpClient(ccm, client.getParams());
    } catch (Exception ex) {
        return null;
    }
}

This class accepts the certificates:

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.conn.ssl.SSLSocketFactory;

public class MySSLSocketFactory extends SSLSocketFactory {
    SSLContext sslContext = SSLContext.getInstance("TLS");

public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
    super(truststore);

    TrustManager tm = new X509TrustManager() {

        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };

    sslContext.init(null, new TrustManager[] { tm }, null);
}

public MySSLSocketFactory(SSLContext context) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
   super(null);
   sslContext = context;
}

@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
    return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}

@Override
public Socket createSocket() throws IOException {
    return sslContext.getSocketFactory().createSocket();
}
}

I get the following exception:

org.apache.http.client.ClientProtocolException

Any reason why?

wwjdm
  • 2,568
  • 7
  • 32
  • 61
  • Look I don't know about your case but we had an issue with https on Android and the only thing that worked on all versions was `SSLSocket`. For some reason Apache and Java client didn't want to work at all. It is not properly documented and it has a lot of issues so good luck. – Marko Lazić May 20 '13 at 23:14

1 Answers1

0

I'm not sure exactly what you're issue is, but have a look this blog entry that I posted a while back showing how to do HTTPS on Android, including how to accept a self-signed server certificate without just blindly accepting all certificates.

Edit: To do BasicAuth with HTTPUrlConnection (as used in the blog post example), you'd do the following with the connection:

String encoded = Base64.encode(username+":"+password); 
connection.setRequestProperty("Authorization", "Basic "+encoded);

See also Preemptive Basic Auth with HttpUrlConnection?

Community
  • 1
  • 1
GreyBeardedGeek
  • 29,460
  • 2
  • 47
  • 67
  • I believe it has to do with HttpClient httpclient = new DefaultHttpClient(); as it does not have a setCredentialProvider method so I have to cast the HTTPClient. – wwjdm May 20 '13 at 23:28
  • Also, how would you add authentication – wwjdm May 20 '13 at 23:30
  • Your actual answer should not be a link to a blog post (which was now broken), if cant just link you might as well place a comment. – Rui Marques Mar 17 '16 at 16:55