3

I am trying to connect to REST Service that has to use self signed certificates (it's a Unify PBXs Web Services Interface). The System will regenerate it's Certificates on Software updates and unless you load a certificate into the system there will always be a self signed one. When trying to connect with ion the connection is closed because of the self signed certificate (as far as google took me...). What do i need to add to my implementation to make io accept this cert? I am using ion as follows.

Ion.with(context)
     .load(...)
     .asString()
     .setCallback(new FutureCallback<String>() {
           @Override
           public void onCompleted(Exception e, String result) {
           }
      });
Jonas Köritz
  • 2,606
  • 21
  • 33
  • Working as intended. Why not fix the REST service to produce valid certificates signed by a trusted certificate authority? – Michael Aaron Safyan Aug 19 '14 at 09:35
  • What do you mean saying "working as intended?" my intention is to trust any certificate so this is clearly not working as intended.I can not change the REST Service. It's built into the system. – Jonas Köritz Aug 19 '14 at 09:39
  • It was a joking way of saying that Ion is doing the right thing. What you are intending to do would make your system insecure. – Michael Aaron Safyan Aug 19 '14 at 09:40
  • The system is insecure any way...my app just needs to connect to that insecure web service...i can't change anything about the fact that the service is insecure. – Jonas Köritz Aug 19 '14 at 09:41

1 Answers1

7

You can specify custom SSL Contexts and trust managers to use self signed certificates.

Here's an example from a unit test:

public void testKeys() throws Exception {
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

    ks.load(getContext().getResources().openRawResource(R.raw.keystore), "storepass".toCharArray());
    kmf.init(ks, "storepass".toCharArray());


    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
    ts.load(getContext().getResources().openRawResource(R.raw.keystore), "storepass".toCharArray());
    tmf.init(ts);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);

    AsyncHttpServer httpServer = new AsyncHttpServer();
    httpServer.listenSecure(8888, sslContext);
    httpServer.get("/", new HttpServerRequestCallback() {
        @Override
        public void onRequest(AsyncHttpServerRequest request, AsyncHttpServerResponse response) {
            response.send("hello");
        }
    });

    Thread.sleep(1000);

    AsyncHttpClient.getDefaultInstance().getSSLSocketMiddleware().setSSLContext(sslContext);
    AsyncHttpClient.getDefaultInstance().getSSLSocketMiddleware().setTrustManagers(tmf.getTrustManagers());
    AsyncHttpClient.getDefaultInstance().executeString(new AsyncHttpGet("https://localhost:8888/"), null).get();
}

You'll need to access ion's underlying http client instance as follows:

Ion.getDefault(getContext()).getHttpClient().getSSLSocketMiddleware().setTrustManagers(...);
Ion.getDefault(getContext()).getHttpClient().getSSLSocketMiddleware().setSSLContext(...);

The key is a bks key store, bouncy castle.

koush
  • 2,972
  • 28
  • 31