0

So I wanted to use this XML parser class to parse an XML file from one of my sites, which acts as an API. So I came across this XMLParser class over here: XMLParser.java

Since I use https over at my site, I quickly found out this isn't going to work with it, unless SSL is implemented within the code, where it fetches XML file from the URL using the following method:

getXmlFromUrl(String url)

So for my test environment I was quick to create a new httpClient method, which would accept any SSL certificate from.

public static HttpClient createHttpClient()
    {
        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, HTTP.DEFAULT_CONTENT_CHARSET);
        HttpProtocolParams.setUseExpectContinue(params, true);

        SchemeRegistry schReg = new SchemeRegistry();
        schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        schReg.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
        ClientConnectionManager conMgr = new ThreadSafeClientConnManager(params, schReg);

        return new DefaultHttpClient(conMgr, params);
    }

So this is my final XMLParser.java after I did it. XMLParser_New.java

But this all went in vain, as I am repeatedly getting the following exception.

javax.net.ssl.SSLPeerUnverifiedException: No peer certificate

Where have I gone wrong or what is it that I don't understand. Thank you :)

Arfan
  • 17
  • 6
  • Although Https is certainly supported in `HttpClient`, you should be aware that `HttpClient` is not supported for Android any more. [OkHttp](http://square.github.io/okhttp/) is a great alternative library. – Knossos Jan 15 '16 at 10:34
  • @Knossos oh, I wasn't aware of that. :O – Arfan Jan 15 '16 at 10:35
  • [Here is the official documentation regarding the change](http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#behavior-apache-http-client). – Knossos Jan 15 '16 at 10:36
  • http://stackoverflow.com/questions/2703161/how-to-ignore-ssl-certificate-errors-in-apache-httpclient-4-0 http://stackoverflow.com/questions/19517538/ignoring-ssl-certificate-in-apache-httpclient-4-3 for similar ssl issues in android – Robert Rowntree Jan 15 '16 at 11:32

1 Answers1

0

How are you implementing SSL. Have you followed these steps to implement it:

  1. Need to create X.509 certificate on Server.
  2. Store trusted CAs on terminal side.
  3. Encrypt and decrypt messages on both ends.

Are you using self signed certificate. Then you need to store that certificate on device and load your own trust store to check the SSL certificates, rather than android default trust store.

Here is very good article to implement SSL on android: http://www.codeproject.com/Articles/826045/Android-security-Implementation-of-Self-signed-SSL

I think in your case trust certificate on terminal side is missing. That's why it is throwing this exception.

Rohit Sharma
  • 2,017
  • 1
  • 20
  • 22