Not trusted certificate using ksoap2-android
I'm using ksoap2-android to make a call to wcf service over SSL. I can get it to work without SSL, but now I want to make the call over SSL, but I've run in to some problems.
I'm using the HttpsTransportSE instead of HttpTransportSE, but I'm getting the error: javax.net.ssl.SSLException: Not trusted server certificate
How can I fix this?
Can I add the server certificate to the Keystore in Android to solve the problem?
private static final String SOAP_ACTION = "http://example.com/Service/GetInformation";
private static final String METHOD_NAME = "GetInformation";
private static final String NAMESPACE = "http://example.com";
private static final String URL = "dev.example.com/Service.svc";
public static Result GetInformation()
{
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
PropertyInfo property = new PropertyInfo();
property.name = "request";
Request request =
new Request("12", "13", "Ben");
userInformationProperty.setValue(request);
userInformationProperty.setType(request.getClass());
request.addProperty(property);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
envelope.dotNet = true;
envelope.setOutputSoapObject(request);
envelope.addMapping(NAMESPACE, "Request",new Request().getClass());
HttpsTransportSE transport = new HttpsTransportSE(URL, 443, "", 1000);
//HttpTransportSE androidHttpTransport = new HttpTransportSE(URL);
transport.debug = true;
try
{
transport.call(SOAP_ACTION, envelope);
return Result.FromSoapResponse((SoapObject)envelope.getResponse());
}
catch (IOException e)
{
e.printStackTrace();
}
catch (XmlPullParserException e)
{
e.printStackTrace();
}
return null;
}
Answer
To complement the answer of Vedran with some source code, sorry I can't comment.
The trustManager:
private static TrustManager[] trustManagers;
public static class _FakeX509TrustManager implements
javax.net.ssl.X509TrustManager {
private static final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {};
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
public boolean isClientTrusted(X509Certificate[] chain) {
return (true);
}
public boolean isServerTrusted(X509Certificate[] chain) {
return (true);
}
public X509Certificate[] getAcceptedIssuers() {
return (_AcceptedIssuers);
}
}
public static void allowAllSSL() {
javax.net.ssl.HttpsURLConnection
.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
javax.net.ssl.SSLContext context = null;
if (trustManagers == null) {
trustManagers = new javax.net.ssl.TrustManager[] { new _FakeX509TrustManager() };
}
try {
context = javax.net.ssl.SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
Log.e("allowAllSSL", e.toString());
} catch (KeyManagementException e) {
Log.e("allowAllSSL", e.toString());
}
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
}
The call at your method:
allowAllSSL();
HttpsTransportSE httpsTransport = new HttpsTransportSE(Server,443, URL, 1000);
Notes:
- Server is the server url.
- 443 is the default https port, you still have to specify a port since the constructor expects one.
- URL the path to the WS operation
- 1000 es the timeout
Which is constructed as: [https://Server:443/URL]