0

I'm trying to create a group room using Twilio REST API, but i am facing a crash:

Process: com.example.twilioroom, PID: 25401
    java.lang.NoSuchFieldError: No static field INSTANCE of type Lorg/apache/http/conn/ssl/AllowAllHostnameVerifier; in class Lorg/apache/http/conn/ssl/AllowAllHostnameVerifier; or its superclasses (declaration of 'org.apache.http.conn.ssl.AllowAllHostnameVerifier' appears in /system/framework/framework.jar!classes2.dex)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.<clinit>(SSLConnectionSocketFactory.java:151)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.getSystemSocketFactory(SSLConnectionSocketFactory)

Here is my code where i'm trying to verify hostname:

Twilio.init(multiAccountSID,multiAccountAuthToken)

        val httpClientBuilder = HttpClientBuilder.create()
        httpClientBuilder.setSSLHostnameVerifier(object : HostnameVerifier{
            override fun verify(hostname: String?, session: SSLSession?): Boolean {
                certs = try {
                            session!!.peerCertificates
                        } catch (e: SSLException) {
                            return false
                        }

                        val x509: X509Certificate = certs[0] as X509Certificate
                        val hostName = hostname!!.trim().toLowerCase(Locale.ENGLISH)
                        val firstCn: String = getFirstCn(x509)

                        if (Pattern.matches(hostName, firstCn)) {
                            return true
                        }

                        for (cn in getDNSSubjectAlts(x509)) {
                            if (Pattern.matches(hostName, cn!!)) {
                                return true
                            }
                        }

                        return true
            }

        })

        val verifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER

        val sslSocketFactory = SSLConnectionSocketFactory.getSocketFactory()


        httpClientBuilder.setSSLSocketFactory(sslSocketFactory)
        httpClientBuilder.build()
        val networkHttpClient = NetworkHttpClient(httpClientBuilder)


        val twilioRestClient = TwilioRestClient.Builder(multiAccountSID,multiAccountAuthToken).httpClient(networkHttpClient).build()

        Log.d("networkHttpClient", "getAccessToken: "+networkHttpClient.lastResponse.statusCode)

but i'm getting error on:

    val sslSocketFactory = SSLConnectionSocketFactory.getSocketFactory()

Can someone help me what I'm doing wrong?

philnash
  • 70,667
  • 10
  • 60
  • 88
Jerry
  • 3
  • 2

1 Answers1

0

The Twilio Java library is not built to be used in an Android application. This is because the Twilio library requires your account credentials in order to make requests to the API and if your application is handling those credentials a malicious user could decompile the application, extract the credentials and use them to abuse your account.

Instead, you should make the requests to the Twilio API from a server side application, where you can keep the API credentials safe, and trigger that request from your application.

Here is more about why you should not make API requests from your Android application and an example how to build a server side application that can make these requests for your application (the example is to send an SMS, but you can switch that out for using the Verify API).

philnash
  • 70,667
  • 10
  • 60
  • 88
  • Okay, so I can't create android application using REST API? – Jerry Aug 24 '22 at 04:50
  • You should not call the Twilio REST API directly from your Android application. If someone were to get hold of your account credentials then they could use them to make thousands of calls to premium rate numbers from numbers in your account. So you cannot keep your Twilio API credentials in the application. – philnash Aug 24 '22 at 04:59
  • Okay okay I got that. Thanks – Jerry Aug 25 '22 at 05:08