package com.loopj.android.http; import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.net.Socket; import java.net.UnknownHostException; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ssl.SSLSocketFactory; import com.samknows.libcore.SKPorting; /** * This file is introduced to fix HTTPS Post bug on API < ICS see * http://code.google.com/p/android/issues/detail?id=13117#c14 <p> </p> Warning! This omits SSL * certificate validation on every device, use with caution */ public class MySSLSocketFactory extends SSLSocketFactory { final SSLContext sslContext = SSLContext.getInstance("TLS"); /** * Creates a new SSL Socket Factory with the given KeyStore. * * @param truststore A KeyStore to create the SSL Socket Factory in context of * @throws NoSuchAlgorithmException * @throws KeyManagementException * @throws KeyStoreException * @throws UnrecoverableKeyException */ public MySSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { super(truststore); X509TrustManager tm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } }; sslContext.init(null, new TrustManager[] { tm }, null); } public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose); } @Override public Socket createSocket() throws IOException { return sslContext.getSocketFactory().createSocket(); } /** * Makes HttpsURLConnection trusts a set of certificates specified by the KeyStore */ public void fixHttpsURLConnection() { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } /** * Gets a KeyStore containing the Certificate * * @param cert InputStream of the Certificate * @return KeyStore */ public static KeyStore getKeystoreOfCA(InputStream cert) { // Load CAs from an InputStream InputStream caInput = null; Certificate ca = null; try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); caInput = new BufferedInputStream(cert); ca = cf.generateCertificate(caInput); } catch (CertificateException e1) { SKPorting.sAssert(MySSLSocketFactory.class, false); } finally { try { if (caInput != null) { caInput.close(); } } catch (IOException e) { SKPorting.sAssert(MySSLSocketFactory.class, false); } } // Create a KeyStore containing our trusted CAs String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = null; try { keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca); } catch (Exception e) { e.printStackTrace(); } return keyStore; } /** * Gets a Default KeyStore * * @return KeyStore */ public static KeyStore getKeystore() { KeyStore trustStore = null; try { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); } catch (Throwable t) { t.printStackTrace(); } return trustStore; } /** * Returns a SSlSocketFactory which trusts all certificates * * @return */ public static SSLSocketFactory getFixedSocketFactory() { SSLSocketFactory socketFactory; try { socketFactory = new MySSLSocketFactory(getKeystore()); socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (Throwable t) { t.printStackTrace(); socketFactory = SSLSocketFactory.getSocketFactory(); } return socketFactory; } }