Hi,
I've been developing a rss reader which needs to make a mutal ssl authentication. Ive managed to get the user certificate using the Keychain API and have got what seems to a mostly working SSLSocketFactory. But whenever i try to make a connection to the server i get a 401 Unauthorized error, i feel its probably something to do with the way i am setting up my SSL Connection and my general code. If anyone can help point out what im doing wrong and what i need to do i would be very appreciative.
Main Activity:
public class AliasLoader extends AsyncTask<Void, Void, X509Certificate[]>
{
X509Certificate[] chain = null;
@Override protected X509Certificate[] doInBackground(Void... params) {
android.os.Debug.waitForDebugger();
if(!SavedAlias.isEmpty())
{
try {
PrivateKey key2 = KeyChain.getPrivateKey(getApplicationContext(), SavedAlias);
setPrivateKey(key2);
chain = KeyChain.getCertificateChain(getApplicationContext(),SavedAlias);
setCertificate(chain);
} catch (Exception e) {
Log.e(TAG, e.getMessage());
}
}
else
{
this.cancel(true);
}
return chain;
}
@Override
protected void onPostExecute(X509Certificate[] chain)
{
if(chain != null)
{
HttpClient client = CustomSSLSocketFactory.getNewHttpClient(context, getAlias(), chain, key);
String formDataServiceUrl = "https://android.diif.r.mil.uk";
WebView wv = (WebView) findViewById(R.id.rssFeedItemView);
HttpPost post = new HttpPost(formDataServiceUrl);
final HttpGet request = new HttpGet(formDataServiceUrl);
HttpResponse result = null;
try {
result = client.execute(post);
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
wv.loadUrl(formDataServiceUrl);
}
else
{
Toast.makeText(getApplicationContext(), "Certificate is Empty", Toast.LENGTH_LONG).show();
}
}
}
CustomSSLSocketFactory:
public class CustomSSLSocketFactory extends SSLSocketFactory {
public static KeyStore rootCAtrustStore = null;
public static KeyStore clientKeyStore = null;
SSLContext sslContext = SSLContext.getInstance("TLS");
Context context;
/**
* Constructor.
*/
public CustomSSLSocketFactory(Context context, KeyStore keystore, String keyStorePassword, KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(keystore, keyStorePassword, truststore);
this.context = context;
// custom TrustManager,trusts all servers
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
Log.i("CLIENT CERTIFICATES", "Loaded client certificates: " + keystore.size());
// initialize key manager factory with the client certificate
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore,null);
sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { tm }, null);
//sslContext.init(null, new TrustManager[]{tm}, null);
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
/**
* Create new HttpClient with CustomSSLSocketFactory.
*/
public static HttpClient getNewHttpClient(Context context, String alias, X509Certificate[] chain, PrivateKey key) {
try {
// This is method from tutorial ----------------------------------------------------
//The root CA Trust Store
rootCAtrustStore = KeyStore.getInstance("BKS");
rootCAtrustStore.load(null);
//InputStream in = context.getResources().openRawResource(com.DII.RSS_Viewer.R.raw.rootca);
//rootCAtrustStore.load(in, "PASSWORD".toCharArray());
//The Keystore with client certificates.
//clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
clientKeyStore = KeyStore.getInstance("pkcs12");
clientKeyStore.load(null);
// client certificate is stored in android's keystore
if((alias != null) && (chain != null))
{
Key pKey = key;
clientKeyStore.setKeyEntry(alias, pKey, "password".toCharArray(), chain);
}
//SSLSocketFactory sf = new CustomSSLSocketFactory(context, clientKeyStore, "password", rootCAtrustStore);
SSLSocketFactory sf = new SSLSocketFactory(clientKeyStore, "password");
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", (SocketFactory) sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
}
catch (Exception e)
{
return new DefaultHttpClient();
}
}
}
Hello,
This is a 2 year old post, but I've just had to work with this subject, and I used Apache HTTP Client new version for Android. I think ti's HttpClient 4.3.5.
public void sendRequestToServer(Context context, HttpUriRequest httpUriRequest,
ResponseExecution responseExecution, boolean clientCertAuthenticated)
{
KeyStore trustStore = clientAuthAuthenticator.initializeTrustStore(context);
SSLContext sslcontext = null;
CloseableHttpClient httpclient = null;
try
{
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
if(clientCertAuthenticated)
{
KeyStore keyStore = clientAuthAuthenticator
.initializeKeyStore(context, ClientAuthAuthenticator.CLIENT_KEYSTORE_DATA_FILE);
sslContextBuilder.loadKeyMaterial(keyStore, "password".toCharArray());
}
sslcontext = sslContextBuilder.build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] {"TLSv1"}, null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
);
httpclient = HttpClients
.custom()
.setHostnameVerifier(
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER
)
.setSSLSocketFactory(sslsf).build();
CloseableHttpResponse response = httpclient.execute(httpUriRequest);
try
{
responseExecution.execute(context, response);
HttpEntity entity = response.getEntity();
if(entity != null)
{
entity.consumeContent();
}
}
finally
{
response.close();
}
}
catch(IOException e)
{
Log.d(ClientCertWebRequestor.class.getName(), "Error in network communication.", e);
}
catch(NoSuchAlgorithmException e)
{
Log.d(ClientCertWebRequestor.class.getName(), "Error in loading keystore.", e);
}
catch(KeyManagementException e)
{
Log.d(ClientCertWebRequestor.class.getName(), "Error in loading keystore.", e);
}
catch(KeyStoreException e)
{
Log.d(ClientCertWebRequestor.class.getName(), "Error in loading keystore.", e);
}
catch(UnrecoverableKeyException e)
{
Log.d(ClientCertWebRequestor.class.getName(), "Error in loading keystore.", e);
}
finally
{
try
{
if(httpclient != null)
{
httpclient.close();
}
}
catch(IOException e)
{
Log.d(ClientCertWebRequestor.class.getName(), "Error in closing network communication.", e);
}
}
}
public static interface ResponseExecution
{
void execute(Context context, CloseableHttpResponse httpResponse) throws IOException;
}
This might help someone in the future. The keystore has the client certificate, it is a PKCS12 keystore (private key + certificate). The trust store is a BKS which stores the server certificate. I did not use the Keychain API though.
I have some code to create an album on Facebook when a Button is clicked.
I have tried (and failed) to work out why this is happening. I have a feeling it is something to so with the fact the call is async, and something to do with callbacks. But I can't find any solid information on this.
I thought that the request in the code might be getting called when the session state changed, so that is why I check that the Session is Open, and that the Sessionstate is OPENED.
So an enlightened soul look at the code below and let me know why this is happening?
Code:
public void createNewAlbum(String albumName) {
Session session = Session.getActiveSession();
if (session.isOpened()) {
SessionState state = session.getState();
//if (state.isOpened()) {
Bundle params = new Bundle();
params.putString("name", albumName);
Request.Callback callback = new Request.Callback() {
[user=439709]@override[/user]
public void onCompleted(Response response) {
//need to get the newly created album ID.
try
{
JSONObject graphResponse =response.getGraphObject().getInnerJSONObject();
try
{
albID = graphResponse.getString("id");
//commenting the upload method call as two albums are being created
//and multiple uploads are occurring too
//UploadToAlbum(Session.getActiveSession(), albID);
}
catch (JSONException e)
{
Log.d( "JSON error "+ e.getMessage(), albID );
albID =null;
}
}
catch (Exception e) {
e.printStackTrace();
albID = null;
}
}
};
if (state.isOpened()) { // only call the request is the Session state is OPENED
Request request = new Request(session, "me/albums",params, HttpMethod.POST,callback);
request.executeAsync();
}//end state session is opened
}//end session if
}
Any Java experts able to help out?
I'm developing a module in Xposed Framework which tries to access to Wifi p2p service to modify it. This is perfectly working on an Samsung Galaxy S3 by the code found in other posts:
Code:
@Override
public void handleLoadPackage(LoadPackageParam lpparam) {
try {
Class<?> wifiP2pService = Class.forName("android.net.wifi.p2p.WifiP2pService", false, lpparam.classLoader);
for (Class<?> c : wifiP2pService.getDeclaredClasses()) {
//XposedBridge.log("inner class " + c.getSimpleName());
if ("P2pStateMachine".equals(c.getSimpleName())) {
XposedBridge.log("Class " + c.getName() + " found");
Method notifyInvitationReceived = c.getDeclaredMethod("notifyInvitationReceived");
final Method sendMessage = c.getMethod("sendMessage", int.class);
XposedBridge.hookMethod(notifyInvitationReceived, new XC_MethodReplacement() {
@Override
protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
final int PEER_CONNECTION_USER_ACCEPT = 0x00023000 + 2;
sendMessage.invoke(param.thisObject, PEER_CONNECTION_USER_ACCEPT);
return null;
}
});
break;
}
}
} catch (Throwable t) {
XposedBridge.log(t);
}
}
It uses the class name "android.net.wifi.p2p.WifiP2pService" to access the method. My problem comes when trying to run it on a Moto E device, the logs say:
Code:
E/Xposed: java.lang.ClassNotFoundException: android.net.wifi.p2p.WifiP2pService
So I guess there must have been a change in the name of the class. ¿Does anyone have a reference on what could be going on with wifi p2p service on MOTO E (2nd generetion)? The version is lollipop 5.0.2
Hi all,
I know how to set proxy in a webview under Android 4.4 and less, using java reflection.
But anyone knows how to set a webview proxy under Android 6.0 ? Unfortunatly my methods don't work on this Android version ...
Thanks a lot in advance !
[EDIT] Solved, see post #2
Solved by projection :
Code:
private static boolean setProxyKKPlus(WebView webView, String host, int port, String exclusion, String applicationClassName) {
LOG.warn("try to setProxyKKPlus");
Context appContext = webView.getContext().getApplicationContext();
System.setProperty("http.proxyHost", host);
System.setProperty("http.proxyPort", port + "");
System.setProperty("http.nonProxyHosts", exclusion);
System.setProperty("https.proxyHost", host);
System.setProperty("https.proxyPort", port + "");
System.setProperty("https.nonProxyHosts", exclusion);
try {
Class applictionCls = Class.forName(applicationClassName);
Field loadedApkField = applictionCls.getField("mLoadedApk");
loadedApkField.setAccessible(true);
Object loadedApk = loadedApkField.get(appContext);
Class loadedApkCls = Class.forName("android.app.LoadedApk");
Field receiversField = loadedApkCls.getDeclaredField("mReceivers");
receiversField.setAccessible(true);
ArrayMap receivers = (ArrayMap) receiversField.get(loadedApk);
for (Object receiverMap : receivers.values()) {
for (Object rec : ((ArrayMap) receiverMap).keySet()) {
Class clazz = rec.getClass();
if (clazz.getName().contains("ProxyChangeListener")) {
Method onReceiveMethod = clazz.getDeclaredMethod("onReceive", Context.class, Intent.class);
Intent intent = new Intent(Proxy.PROXY_CHANGE_ACTION);
Bundle extras = new Bundle();
List<String> exclusionsList = new ArrayList<>(1);
exclusionsList.add(exclusion);
ProxyInfo proxyInfo = ProxyInfo.buildDirectProxy(host, port, exclusionsList);
extras.putParcelable("android.intent.extra.PROXY_INFO", proxyInfo);
intent.putExtras(extras);
onReceiveMethod.invoke(rec, appContext, intent);
}
}
}
} catch (Exception e) {
LOG.warn("setProxyKKPlus - exception : {}", e);
return false;
}
return true;
}
parameters
what is exclusion and applicationClassName parameters? Im trying to setup proxy on Api 21+
Is anyone able to use buildPacProxy method instead of buildDirectProxy method of ProxyInfo to set the proxy of webview?
Hello together
since more than 4 Days i stuck on my current app project with the message: "admin componentinfo does not own the profile".
I tried many things - Added an Work Profile programmaticaly - Gave Profile Owner via adb and i dont find the result.
Someone have an Idea, what im doing wrong?
Code to add managed profile:
Java:
private void provisionManagedProfile()
{
Activity activity = this;
if (null == activity) {
return;
}
Intent intent = new Intent(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE);
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) {
intent.putExtra(
DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME,
activity.getApplicationContext().getPackageName()
);
} else {
final ComponentName component = new ComponentName(activity,
DeviceAdmin.class.getName());
intent.putExtra(
DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME,
component
);
}
if (intent.resolveActivity(activity.getPackageManager()) != null) {
startActivityForResult(intent, 1);
Toast.makeText(activity, "Already used!",
Toast.LENGTH_SHORT).show();
activity.finish();
} else {
Toast.makeText(activity, "Device provisioning is not enabled. Stopping.",
Toast.LENGTH_SHORT).show();
}
}
Code to use:
Java:
DevicePolicyManager dpm = (DevicePolicyManager) getApplicationContext().getSystemService(Context.DEVICE_POLICY_SERVICE);
dpm.setProfileEnabled(compName);
compName is:
Java:
compName = new ComponentName(this, DeviceAdmin.class);
#Edit
If i start the manged Profile, its crashed after the end before the "next" button showing.
But if i take an look on my settings its showing that this profile was created.
Greetings