how to make HTTPS calls using AsyncHttpClient?
i was using AsyncHttpClient link for making http calls but now our server has migrated to HTTPS and I am getting exception javax.net.ssl.SSLPeerUnverifiedException: No peer certificate .
Has anyone tried making https call using this library ?
initialization of AsyncHttpClient :-
AsyncHttpClient client = new AsyncHttpClient();
PersistentCookieStore myCookieStore = new PersistentCookieStore(
getActivity());
// List<Cookie> cookies = myCookieStore.getCookies();
myCookieStore.clear();
// cookies = myCookieStore.getCookies();
client.setCookieStore(myCookieStore);
client.get(loginUrl, new JsonHttpResponseHandler() {
@Override
public void onStart() {
super.onStart();
progressBar.setVisibility(View.VISIBLE);
}
@Override
public void onFinish() {
super.onFinish();
progressBar.setVisibility(View.GONE);
}
@Override
public void onSuccess(int statusCode, JSONObject userInfo) {
super.onSuccess(statusCode, userInfo);
String errorMsg = null;
try {
errorMsg = userInfo.getString("error");
} catch (JSONException e) {
e.printStackTrace();
}
if (errorMsg != null) {
errorMsg = getActivity().getResources().getString(
R.string.loginFailure)
+ "\nError: " + errorMsg;
tvLoginFailure.setText(errorMsg);
tvLoginFailure.setVisibility(View.VISIBLE);
} else {
Subscriber.setEmail(email);
Subscriber.setPassword(password);
LoginUtility.saveUserInfo(getActivity(), userInfo);
if (Subscriber.getStatus().contentEquals("ACTIVE")) {
Intent intent;
if (MyApplication.ottMode) {
intent = new Intent(getActivity(),
OTTMainScreen.class);
} else {
intent = new Intent(getActivity(),
MainActivity.class);
intent.putExtra("SIGNEDIN", true);
}
if (MyApplication.ottMode) {
Utility.playSound(getActivity());
}
startActivity(intent);
getActivity().finish();
} else if (Subscriber.getStatus().contentEquals(
"SUSPENDED")) {
try {
String suspendedReason = userInfo
.getString("suspendreason");
if (suspendedReason != null
&& suspendedReason
.contentEquals("NO_SUBSCRIPTION")) {
new AlertDialog.Builder(getActivity())
.setIcon(
android.R.drawable.ic_dialog_alert)
.setTitle("Account Suspended")
.setMessage(
"Your account doesn't have any active subscription. You need to subscribe to a Package before you can proceed.")
.setPositiveButton(
"Subscribe",
new DialogInterface.OnClickListener() {
public void onClick(
DialogInterface dialog,
int which) {
recreatePackage();
}
})
.setNegativeButton("Cancel", null)
.show();
} else {
// TODO
}
} catch (JSONException e) {
e.printStackTrace();
}
} else if (Subscriber.getStatus().contentEquals("INIT")) {
// TODO
}
}
}
@Override
public void onFailure(int statusCode,
org.apache.http.Header[] headers, String responseBody,
Throwable e) {
super.onFailure(statusCode, headers, responseBody, e);
String msg = getActivity().getResources().getString(
R.string.loginFailure)
+ "\nError: " + responseBody;
tvLoginFailure.setText(msg);
tvLoginFailure.setVisibility(View.VISIBLE);
}
});
Answer
You need import the public server certificate into your default keystore, or if you are not interested in the authentication of your client you can initialize the AsyncHttpClient with
AsyncHttpClient asycnHttpClient = new AsyncHttpClient(true, 80, 443);
but this trick is not secure because use a custom SSLSocketFactory implementation whos omit the SSL certificate validation, take a look at the AsyncHttpClient source code.
More information about SSLSocketFactory at https://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html