how to make HTTPS calls using AsyncHttpClient?

r4jiv007 picture r4jiv007 · Feb 17, 2014 · Viewed 31.3k times · Source

i was using AsyncHttpClient link for making http calls but now our server has migrated to HTTPS and I am getting exception javax.net.ssl.SSLPeerUnverifiedException: No peer certificate . Has anyone tried making https call using this library ?

initialization of AsyncHttpClient :-

AsyncHttpClient client = new AsyncHttpClient();
            PersistentCookieStore myCookieStore = new PersistentCookieStore(
                    getActivity());
            // List<Cookie> cookies = myCookieStore.getCookies();
            myCookieStore.clear();
            // cookies = myCookieStore.getCookies();
            client.setCookieStore(myCookieStore);

            client.get(loginUrl, new JsonHttpResponseHandler() {

                @Override
                public void onStart() {
                    super.onStart();
                    progressBar.setVisibility(View.VISIBLE);
                }

                @Override
                public void onFinish() {
                    super.onFinish();
                    progressBar.setVisibility(View.GONE);
                }

                @Override
                public void onSuccess(int statusCode, JSONObject userInfo) {
                    super.onSuccess(statusCode, userInfo);

                    String errorMsg = null;
                    try {
                        errorMsg = userInfo.getString("error");
                    } catch (JSONException e) {
                        e.printStackTrace();
                    }

                    if (errorMsg != null) {
                        errorMsg = getActivity().getResources().getString(
                                R.string.loginFailure)
                                + "\nError: " + errorMsg;
                        tvLoginFailure.setText(errorMsg);
                        tvLoginFailure.setVisibility(View.VISIBLE);

                    } else {
                        Subscriber.setEmail(email);
                        Subscriber.setPassword(password);
                        LoginUtility.saveUserInfo(getActivity(), userInfo);

                        if (Subscriber.getStatus().contentEquals("ACTIVE")) {
                            Intent intent;
                            if (MyApplication.ottMode) {
                                intent = new Intent(getActivity(),
                                        OTTMainScreen.class);

                            } else {
                                intent = new Intent(getActivity(),
                                        MainActivity.class);
                                intent.putExtra("SIGNEDIN", true);
                            }
                            if (MyApplication.ottMode) {
                                Utility.playSound(getActivity());
                            }
                            startActivity(intent);
                            getActivity().finish();

                        } else if (Subscriber.getStatus().contentEquals(
                                "SUSPENDED")) {
                            try {
                                String suspendedReason = userInfo
                                        .getString("suspendreason");
                                if (suspendedReason != null
                                        && suspendedReason
                                                .contentEquals("NO_SUBSCRIPTION")) {

                                    new AlertDialog.Builder(getActivity())
                                            .setIcon(
                                                    android.R.drawable.ic_dialog_alert)
                                            .setTitle("Account Suspended")
                                            .setMessage(
                                                    "Your account doesn't have any active subscription. You need to subscribe to a Package before you can proceed.")
                                            .setPositiveButton(
                                                    "Subscribe",
                                                    new DialogInterface.OnClickListener() {
                                                        public void onClick(
                                                                DialogInterface dialog,
                                                                int which) {
                                                            recreatePackage();
                                                        }
                                                    })
                                            .setNegativeButton("Cancel", null)
                                            .show();

                                } else {
                                    // TODO
                                }
                            } catch (JSONException e) {
                                e.printStackTrace();
                            }

                        } else if (Subscriber.getStatus().contentEquals("INIT")) {
                            // TODO
                        }
                    }
                }

                @Override
                public void onFailure(int statusCode,
                        org.apache.http.Header[] headers, String responseBody,
                        Throwable e) {
                    super.onFailure(statusCode, headers, responseBody, e);
                    String msg = getActivity().getResources().getString(
                            R.string.loginFailure)
                            + "\nError: " + responseBody;
                    tvLoginFailure.setText(msg);
                    tvLoginFailure.setVisibility(View.VISIBLE);
                }
            });

Answer

vzamanillo picture vzamanillo · Feb 17, 2014

You need import the public server certificate into your default keystore, or if you are not interested in the authentication of your client you can initialize the AsyncHttpClient with

AsyncHttpClient asycnHttpClient = new AsyncHttpClient(true, 80, 443);

but this trick is not secure because use a custom SSLSocketFactory implementation whos omit the SSL certificate validation, take a look at the AsyncHttpClient source code.

More information about SSLSocketFactory at https://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html