0

I have an application that has a piece of code that is responsible for authorization. I sent the encrypted data to the server, the data on the server will be checked, if everything is fine with the data, then I return the code 200 and additional data. I tested this code on the server without protection (http). But now when I started debugging this application with a server that has a certificate (https) I had a problem. Maybe someone knows how to solve this problem? Here is the problem code:

E/flutter (23247): [ERROR:flutter/lib/ui/ui_dart_state.cc(177)] Unhandled Exception: HandshakeException: Handshake error in client (OS Error: E/flutter (23247): CERTIFICATE_VERIFY_FAILED: unable to get local issuer certificate(handshake.cc:354))

Here is my code:

  signIn(String login, pass) async {

    SharedPreferences sharedPreferences = await SharedPreferences.getInstance();

    var AESLogin = login;
    var AESpass = pass;
    //generate a 16-byte random key
    var key = '33CC2E0DD531B761316FE1231231211';

    print(key);
    //encrypt
    var encryptLogin = await FlutterAesEcbPkcs5.encryptString(AESLogin, key);
    var encryptPass = await FlutterAesEcbPkcs5.encryptString(AESpass, key);

    var jsonResponse = null;

    var response = await http.post(
      global.urlVar + "/auth_user", body: json.encode(
        {
          "login": encryptLogin,
          "pass": encryptPass
        }),
    );
    if (response.statusCode == 200) {
      jsonResponse = json.decode(response.body);
      print('Response body: ${response.body}');
      if (jsonResponse['message'] ==
          '200') { //if( jsonResponse['message'] == '200') {
        setState(() {
          _isLoading = false;
        });

        global.nameUser = jsonResponse['name'];
        global.dataArea = jsonResponse['data_area'];
        Navigator.push(
          context,
          MaterialPageRoute(builder: (context) => MyApp()),
        );
      }
      else {
        Navigator.push(
          context,
          MaterialPageRoute(builder: (context) => Error_Auth()),
        );
      }
    }

    else   {
      setState(() {
        _isLoading = false;
      });
      print(response.body);
    }
  }
Andrii Havrylyak
  • 675
  • 6
  • 16
  • Is you `global.urlVar` https? – Huthaifa Muayyad Apr 05 '21 at 16:57
  • @HuthaifaMuayyad , yes , in global.urlVar - https – Andrii Havrylyak Apr 05 '21 at 17:04
  • [This should help](https://stackoverflow.com/questions/54285172/how-to-solve-flutter-certificate-verify-failed-error-while-performing-a-post-req) – Huthaifa Muayyad Apr 05 '21 at 17:08
  • @HuthaifaMuayyad , Thanks for the help, I found this discussion, but I understand that the example data is not safe, (I'm just new to flutter, and my question may seem strange or funny), do you think this is the safest option? – Andrii Havrylyak Apr 05 '21 at 17:12
  • To make one thing very clear, no question is funny and nobody thinks that, everybody was at a level of asking the simplest of questions during any journey. In general, HTTPS is always preferred. I'm not an expert, but I can't think of any scenario off the top of my head where http is preferred. Especially since your handling and encrypting login data, might as well secure it. – Huthaifa Muayyad Apr 05 '21 at 17:15
  • @HuthaifaMuayyad thanks for understanding) can I ask you to help, add this version to my code, because I found this example before, and could not change my code to take into account that discussion, so I asked a new question! – Andrii Havrylyak Apr 05 '21 at 17:20
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/230788/discussion-between-andrii-havrylyak-and-huthaifa-muayyad). – Andrii Havrylyak Apr 06 '21 at 07:45

0 Answers0