Now that SSLSocketFactory is deprecated on Android, what would be the best way to handle Client Certificate Authentication?
I am working on an Android app that requires Client Certificate Authentication (with PKCS 12 files).
Following the deprecation of all that's apache.http.*, we have started a pretty big work of refactoring on our network layer, and we have decided to go with OkHttp as a replacement, and so far I like that very much.
However, I haven't found any other way to handle client certificate auth without using SSLSocketFactory, with OkHttp or anything else for that matter. So what would be the best course of action in this particular case?
Is there another way with OkHttp to handle this sort of authentication?
Answer
if you are using https, you have to use a valid certificate. During your dev stage you have to trust the certificate, how?
sslSocketFactory(SSLSocketFactory sslSocketFactory) is deprecated and it's replaced by sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager), you have to update your gradle file
the piece of code below will help you to get a trusted OkHttpClient that trusts any ssl certificate.
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { trustManager }, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient client = new OkHttpClient.Builder().sslSocketFactory(sslSocketFactory, trustManager);