https posting on android

Question

I am needing to https post to a database server. I have been looking around SO and google and found a few examples and posts on this problem but am still having trouble understanding what people are posting for solutions. Can someone please analyze what i have and tell me what i need to change to get this to work? I am ok with accepting all certificates, I just need the quickest and easiest way to solve this problem. I am on a deadline and this is bottle necking my work. The error i am getting is posted along with the code.

The code i posted below is part of a helper class that i made for helping with all of my http posting.

If you need more information let me know, thanks in advance! Thank you thank you!

public static synchronized int authenticate(String uName, String pWord) {
    ArrayList<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
    nameValuePairs.add(new BasicNameValuePair("action", "authentication"));
    nameValuePairs.add(new BasicNameValuePair("username", "uName"));
    nameValuePairs.add(new BasicNameValuePair("password", "pWord"));

    try {
        HttpClient httpclient = new DefaultHttpClient();
        HttpPost httppost = new HttpPost("https://ipaddress/link/admin.php");
        httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
        HttpResponse response = httpclient.execute(httppost);
        String responseBody = EntityUtils.toString(response.getEntity());
        Log.v("smartdbhelper authenticate", responseBody);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return 0;
}   

---

04-05 03:47:19.415: WARN/System.err(279): javax.net.ssl.SSLException: Not trusted server certificate
04-05 03:47:19.437: WARN/System.err(279):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:371)
04-05 03:47:19.446: WARN/System.err(279):     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:92)
04-05 03:47:19.446: WARN/System.err(279):     at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
04-05 03:47:19.476: WARN/System.err(279):     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164)
04-05 03:47:19.476: WARN/System.err(279):     at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
04-05 03:47:19.486: WARN/System.err(279):     at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
04-05 03:47:19.486: WARN/System.err(279):     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:348)
04-05 03:47:19.495: WARN/System.err(279):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
04-05 03:47:19.506: WARN/System.err(279):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
04-05 03:47:19.506: WARN/System.err(279):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)
04-05 03:47:19.516: WARN/System.err(279):     at cpe495.smartapp.SmartDBHelper.authenticate(SmartDBHelper.java:50)
04-05 03:47:19.525: WARN/System.err(279):     at cpe495.smartapp.DataSender.submitData(DataSender.java:22)
04-05 03:47:19.525: WARN/System.err(279):     at cpe495.smartapp.DataSender.sendData(DataSender.java:17)
04-05 03:47:19.525: WARN/System.err(279):     at cpe495.smartapp.SmartApp$1.dataReceivedReceived(SmartApp.java:48)
04-05 03:47:19.536: WARN/System.err(279):     at cpe495.smartapp.ConnectDevice.fireDataReceivedEvent(ConnectDevice.java:79)
04-05 03:47:19.536: WARN/System.err(279):     at cpe495.smartapp.ConnectDevice.run(ConnectDevice.java:46)
04-05 03:47:19.536: WARN/System.err(279):     at java.lang.Thread.run(Thread.java:1096)
04-05 03:47:19.547: WARN/System.err(279): Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
04-05 03:47:19.566: WARN/System.err(279):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:168)
04-05 03:47:19.566: WARN/System.err(279):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:366)
04-05 03:47:19.576: WARN/System.err(279):     ... 16 more
04-05 03:47:19.576: WARN/System.err(279): Caused by: java.security.cert.CertPathValidatorException: TrustAnchor for CertPath not found.
04-05 03:47:19.616: WARN/System.err(279):     at org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi.engineValidate(PKIXCertPathValidatorSpi.java:149)
04-05 03:47:19.616: WARN/System.err(279):     at java.security.cert.CertPathValidator.validate(CertPathValidator.java:202)
04-05 03:47:19.626: WARN/System.err(279):     at org.apache.harmony.xnet.provider.jsse.TrustManagerImpl.checkServerTrusted(TrustManagerImpl.java:164)
04-05 03:47:19.626: WARN/System.err(279):     ... 17 more

Answer 1

I just got finished implementing the concept from this link:

http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

Which worked out fine for me. Bit of a longer solution than I was after but I haven't found any other way using HttpClient. Also check out this question for some more ideas:

Https Connection Android

Answer 2

It looks like you need to tell the client which certificate authority (CA) certificate to use when validating the server's certificate.

If you have administrative control over the server in question, you can either select a certificate authority that is already in the "trusted" list on Android (at least, I assume Android comes with a few dozen pre-installed, as do most web browsers), or you can add a CA under your control via a TrustAnchor that would be specific to your application. (Which is probably the cheaper approach, but if you ever want people to use your website outside the application, you might just want to pony up the $100 / year for a certificate.)