5

Possible Duplicate:
javax.net.ssl.SSLException: Not trusted server certificate

I am trying to connect to server using "https" scheme with .bks keystore but i am unable to connect due to this issue.

Can any one tell me what's the reason for this and how to solve this.

Here is my code

public String httpRestGetCallwithCertificate(String url, String payLoad) {
        String result = null;
        DefaultHttpClient httpClient = null;
        KeyStore trustStore = null;
        try {
            httpClient = new DefaultHttpClient(getHttpParams());
            HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

            HttpHost targetHost = new HttpHost("hostname","portno","https");
            httpClient.getCredentialsProvider().setCredentials(
                    new AuthScope(targetHost.getHostName(), targetHost.getPort()),
                    new UsernamePasswordCredentials("username","password"));
            trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());

            InputStream instream = mContext.getResources().openRawResource(R.raw.truststore);
            try {
                trustStore.load(instream, "password".toCharArray());

            } finally {
                try { instream.close(); } catch (Exception ignore) {}
            }
            SchemeRegistry registry = new SchemeRegistry();
            SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
            socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
            Scheme sch = new Scheme("https", socketFactory, 443);
            registry.register(sch);
            HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
            httpClient.getConnectionManager().getSchemeRegistry().register(sch);
            HttpGet httpget = new HttpGet(url);
            HttpResponse response = httpClient.execute(httpget);
            if (response != null && response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
                return "success"
            }
        } catch (UnsupportedEncodingException exception) {
            exception.printStackTrace();
        } catch (ConnectTimeoutException exception) {
            Log.e(TAG, "Network connetcion is not available");
            exception.printStackTrace();
        }catch(SocketTimeoutException exception){
            Log.e(TAG, "Socket timed out.");
            exception.printStackTrace();
        } catch (IOException exception) {
            Log.v("IO Exception", exception.toString());
            exception.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } finally {
            if (httpClient.getConnectionManager() != null) {
                httpClient.getConnectionManager().shutdown();
            }
            httpPost = null;
        }
        return "fail";
    }

and below is my stack trace

03-06 16:53:50.460: W/System.err(1655): javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
03-06 16:53:50.460: W/System.err(1655):     at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:137)
03-06 16:53:50.470: W/System.err(1655):     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93)
03-06 16:53:50.470: W/System.err(1655):     at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381)
03-06 16:53:50.470: W/System.err(1655):     at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:165)
03-06 16:53:50.470: W/System.err(1655):     at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164)
03-06 16:53:50.470: W/System.err(1655):     at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119)
03-06 16:53:50.470: W/System.err(1655):     at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360)
03-06 16:53:50.480: W/System.err(1655):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555)
03-06 16:53:50.480: W/System.err(1655):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487)
03-06 16:53:50.480: W/System.err(1655):     at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465)

And i am getting the exception while executing below line

HttpResponse response = httpClient.execute(httpget);

Community
  • 1
  • 1
Sankar
  • 1,685
  • 2
  • 16
  • 27

1 Answers1

-1

As Danial said while answering below question, we should create a custom class from org.apache.http.conn.ssl.SSLSocketFactory, not the one org.apache.http.conn.ssl.SSLSocketFactory itself

Trusting all certificates using HttpClient over HTTPS

Community
  • 1
  • 1
Sankar
  • 1,685
  • 2
  • 16
  • 27
  • 15
    Please don't use these sort of trustmanagers. They're insecure and partly defeat the point of using HTTPS in the first place. – Bruno May 09 '12 at 14:15