I am writing a simple https client that will pull down the html of a webpage over https. I can connect to the webpage fine however the html I pull down is gibberish.
public String GetWebPageHTTPS(String URI){
BufferedReader read;
URL inputURI;
String line;
String renderedPage = "";
try{
inputURI = new URL(URI);
HttpsURLConnection connect;
connect = (HttpsURLConnection)inputURI.openConnection();
connect.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401");
read = new BufferedReader (new InputStreamReader(connect.getInputStream()));
while ((line = read.readLine()) != null)
renderedPage += line;
read.close();
}
catch (MalformedURLException e){
e.printStackTrace();
}
catch (IOException e){
e.printStackTrace();
}
return renderedPage;
}
When I pass it a string like https://kat.ph/ around 10,000 characters of gibberish is returned
EDIT
Here is my modified code for self-signing certs however I'm still getting the encrypted stream:
public String GetWebPageHTTPS(String URI){
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
}
}
};
try {
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (GeneralSecurityException e) {
}
try {
System.out.println("URI: " + URI);
URL url = new URL(URI);
} catch (MalformedURLException e) {
}
BufferedReader read;
URL inputURI;
String line;
String renderedPage = "";
try{
inputURI = new URL(URI);
HttpsURLConnection connect;
connect = (HttpsURLConnection)inputURI.openConnection();
read = new BufferedReader (new InputStreamReader(connect.getInputStream()));
while ((line = read.readLine()) != null)
renderedPage += line;
read.close();
}
catch (MalformedURLException e){
e.printStackTrace();
}
catch (IOException e){
e.printStackTrace();
}
return renderedPage;
}
"is it compressed by any chance? stackoverflow.com/questions/8249522/…" – Mahesh Guruswamy
yes, turns out it was just gzip compressed here is my work around for this
public String GetWebPageGzipHTTP(String URI){
String html = "";
try {
URLConnection connect = new URL(URI).openConnection();
BufferedReader in = null;
connect.setReadTimeout(10000);
connect.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401");
if (connect.getHeaderField("Content-Encoding")!=null && connect.getHeaderField("Content-Encoding").equals("gzip")){
in = new BufferedReader(new InputStreamReader(new GZIPInputStream(connect.getInputStream())));
} else {
in = new BufferedReader(new InputStreamReader(connect.getInputStream()));
}
String inputLine;
while ((inputLine = in.readLine()) != null){
html+=inputLine;
}
in.close();
return html;
} catch (Exception e) {
return html;
}
}
}
HTTPS always presents a Certificate and the further communication happens on a secure encrypted channel. That is why what you are receiving looks like gibberish.
For any signed certificates, HttpsURLConnection will do the work for you and everything works. Things become muddy when the Certificate is not signed by a certificate authority. In such instances if you open that URL from a browser, it will present the Certificate for you to examine and accept before continuing.
Looks like you have the similar issue here. What you need to do is to tell Java to accept self-signed certificates without complaining. You have two options here, either download the certificate (just open the URL in any browser and it will show you how to) and add it to the keystore inn your JVM or create your own TrustManager and disable the Certificate Validate.
See this SO answer for details of both these options. https://stackoverflow.com/a/2893932/2385178
Related
I'm writing a desktop app which needs to download a few config files from my HTTPS only server which runs a valid Let's Encrypt certificate which is trusted in Chrome and Firefox, and Java 8. I want the app to be as compatible as possible so I am targeting Java 7 as a minimum. In Java 7 the app cannot connect with the error Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I've tried many solutions and this appears to be the closest to my problem:
"PKIX path building failed" despite valid Verisign certificate
Unfortunately nothing appears wrong with my server and https://www.ssllabs.com/ssltest/analyze.html?d=baldeonline.com
shows that Java 7 SHOULD connect.
How would I use a different (or system) certificate store programmatically? Obviously it's not user friendly if the user has to dig around in their java installation folder so I'd want to make any changes with the program itself.
The function which raises the error:
try {
URL obj = new URL(urlPointer);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");//I have also tries TLSv1 but no difference
sslContext.init(null, null, new SecureRandom());
con.setSSLSocketFactory(sslContext.getSocketFactory());
con.setRequestMethod("GET");
con.setRequestProperty("User-Agent", USER_AGENT);
int responseCode = 0;
try {
responseCode = con.getResponseCode();
} catch (IOException e) {
}
System.out.println("POST Response Code : " + responseCode);
if (responseCode >= 400) {
BufferedReader in = new BufferedReader(new InputStreamReader(
con.getErrorStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
return response.toString();
} else {
BufferedReader in = new BufferedReader(new InputStreamReader(
con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
return response.toString();
}
} catch (IOException e) {
e.printStackTrace();
return "";
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
return "";
} catch (KeyManagementException e1) {
e1.printStackTrace();
return "";
}
}```
As I can't seem to find a good example anywhere online here's my general purpose solution to the problem. Use a bunch of root certificates stored INSIDE the jar file, and unzip them at run-time. Then use the certificates in a trust manager, replacing the old Java ones. Certificate Pinning is only an acceptable solution if you only want to connect to one server, this solution however should cover most of the internet. You'll need to get the root certificates from somewhere, I used the Windows Trust store to export X.509 base64 encoded certificates.
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
public class CertificateHandler {
public String thisJar = "";
public CertificateHandler() {
try {
thisJar = getJarFile().toString();
thisJar = thisJar.substring(6).replace("%20", " ");
} catch (IOException e) {
thisJar = "truststore.zip";
e.printStackTrace();
}
//truststore.zip is used in place of the jar file during development and isn't needed once the jar is exported
}
public static TrustManagerFactory buildTrustManagerFactory() {
try {
TrustManagerFactory trustManager = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
try {
KeyStore ks;
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
File dir = new File(Launcher.launcherSafeDirectory + "truststore");
File[] directoryListing = dir.listFiles();
if (directoryListing != null) {
for (File child : directoryListing) {
try {
InputStream is = new FileInputStream(child);
System.out.println("Trusting Certificate: "+child.getName().substring(0, child.getName().length() - 4));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate)cf.generateCertificate(is);
ks.setCertificateEntry(child.getName().substring(0, child.getName().length() - 4), caCert);
} catch (FileNotFoundException e2) {
e2.printStackTrace();
}
}
}
trustManager.init(ks);
} catch (KeyStoreException | CertificateException | IOException | NoSuchAlgorithmException e1) {
e1.printStackTrace();
}
return trustManager;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return null;
}
}
public static TrustManager[] getTrustManagers() {
TrustManagerFactory trustManager = buildTrustManagerFactory();
return trustManager.getTrustManagers();
}
public void loadCertificates() {
try {
UnzipLib.unzipFolder(thisJar, "truststore", Launcher.launcherSafeDirectory + "truststore");
System.out.println("Extracted truststore to "+ Launcher.launcherSafeDirectory);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
private File getJarFile() throws FileNotFoundException {
String path = Launcher.class.getResource(Launcher.class.getSimpleName() + ".class").getFile();
if(path.startsWith("/")) {
throw new FileNotFoundException("This is not a jar file: \n" + path);
}
path = ClassLoader.getSystemClassLoader().getResource(path).getFile();
return new File(path.substring(0, path.lastIndexOf('!')));
}
}
The code above handles creating a TrustManager[] array that can be used in HTTPS connections as follows:
private static final String USER_AGENT = "Mozilla/5.0";
static String sendPOST(String POST_URL, String POST_PARAMS, TrustManager[] trustManagers) {
try {
URL obj = new URL(POST_URL);
HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, trustManagers, new SecureRandom());
con.setSSLSocketFactory(sslContext.getSocketFactory());
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/json; utf-8");
con.setRequestProperty("Accept", "application/json");
con.setRequestProperty("User-Agent", USER_AGENT);
// For POST only - START
con.setDoOutput(true);
OutputStream os = con.getOutputStream();
os.write(POST_PARAMS.getBytes());
os.flush();
os.close();
// For POST only - END
int responseCode = 0;
try {
//sendPOST("http://localhost", postParams);
responseCode = con.getResponseCode();
} catch (IOException e) {
}
System.out.println("POST Response Code : " + responseCode);
if (responseCode >= 400) {
BufferedReader in = new BufferedReader(new InputStreamReader(
con.getErrorStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
return response.toString();
} else {
BufferedReader in = new BufferedReader(new InputStreamReader(
con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
return response.toString();
}
} catch (KeyManagementException | NoSuchAlgorithmException | IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
return "";
}
I am trying to connect to a URL from a desktop app, and I get the error indicated in the Title of my question. When I check the URL in browser, it works fine though.
The error is coming for getInputStream.
When i further tried to investigate to check what the error is by doing getErrorStream i saw it is giving nullpointerexception.
Please guide.
Below is my code
public void call() throws IOException, ParserConfigurationException, SAXException, TransformerException
{
OutputStreamWriter out = null;
URL url = null;
BufferedReader in = null;
String username = "test";
String password = "test";
String xmlDoc =
String xmlDoc = "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?> <document schema=\"mySchema.xsd\"><data><start-date>2012-03-10T00:00:00</start-date><end-date>2017-01-13T10:43:00</end-date></data></document>";
try {
// ----Avoid certificate Error Code Start--------
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException {
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
} };
SSLContext sc = null;
try
{
sc = SSLContext.getInstance("SSL");
}
catch (NoSuchAlgorithmException e) {
e.getMessage();
}
try
{
sc.init(null, trustAllCerts, new java.security.SecureRandom());
}
catch (KeyManagementException e) {
e.getMessage();
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
url = new URL("https://myURL.com?username="+username+"&password="+password+"&xmlDocument="+xmlDoc+"");
//URLEncoder.encode("https://service.bioguiden.se/mpaallexport.asmx/Export?username="+username+"&password="+password+"&xmlDocument="+xmlDoc+"","UTF-8");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.connect();
out = new OutputStreamWriter(conn.getOutputStream());
StringBuffer data = new StringBuffer();
out.write(data.toString());
out.flush();
// Read the response
StringBuffer rsp = new StringBuffer();
in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
while ((line = in.readLine()) != null) {
rsp.append(line);
}
} catch (MalformedURLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
I am trying to access my server using two of the goDaddy certificates that are listed under my endpoint. The three certs in the stack are My cert > Go Daddy Secure Certificate Authority -G2 > Go Daddy Root Certificate Authority - G2. I downloaded both the secure and root certs from the Go Daddy Repository and now have added both to my android app raw resource folder. Even with both in there it still gives me this error
javax.net.ssl.SSLPeerUnverifiedException: Hostname not verified:
I don't know what i should do next. I tried a lot of combinations so I think i need a different way of doing this.
Here is what I have so far;
My HttpsClient code;
public class MyHttpsGet extends AsyncTask<String, Void, String> {
Context context;
int cert;
int interCert;
boolean allowHost;
private String username;
private String password;
//this is used if you need a password and username
//mainly for logins to a webserver
public MyHttpsGet(String username, String password, Context context, int cert, int intermedCert)
{
this.context = context;
this.cert = cert;
this.interCert = intermedCert;
this.username = username;
this.password = password;
}
//used for image downloading
public MyHttpsGet(){}
#Override
protected String doInBackground(String... params) {
String url = params[0];
return httpsDownloadData(url, context, cert, interCert);
}
public String httpsDownloadData (String urlString, Context context, int certRawResId, int certIntermedResId)
{
String respone = null;
try {
// build key store with ca certificate
KeyStore keyStore = buildKeyStore(context, certRawResId, certIntermedResId);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
// Create a connection from url
URL url = new URL(urlString);
if (username != null) {
Authenticator.setDefault(new Authenticator() {
#Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password.toCharArray());
}
});
}
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
int statusCode = urlConnection.getResponseCode();
Log.d("Status code: ", Integer.toString(statusCode));
InputStream inputStream = urlConnection.getInputStream();
if (inputStream != null) {
respone = streamToString(inputStream);
inputStream.close();
}
}catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
Log.d("MyHttps Respones: ", respone);
return respone;
}
private static KeyStore buildKeyStore(Context context, int certRawResId, int interCert){
// init a default key store
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
// read and add certificate authority
Certificate cert2 = readCert(context, interCert);
Certificate cert = readCert(context, certRawResId);
keyStore.setCertificateEntry("ca" , cert2);
keyStore.setCertificateEntry("ca", cert);
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyStore;
}
private static Certificate readCert(Context context, int certResourceId) throws IOException {
// read certificate resource
InputStream caInput = context.getResources().openRawResource(certResourceId);
Certificate ca = null;
try {
// generate a certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ca = cf.generateCertificate(caInput);
} catch (CertificateException e) {
e.printStackTrace();
} finally {
caInput.close();
}
return ca;
}
//this is used for downloading strings from an http or https connection
private String streamToString(InputStream is) throws IOException {
StringBuilder sb = new StringBuilder();
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = rd.readLine()) != null) {
sb.append(line);
}
return sb.toString();
}
}
And here is how I call it/use it:
MyHttpsGet task = new MyHttpsGet(username, password,myContext, R.raw.gdroot_g2, R.raw.gdintermed);
try {
myJson = task.execute(myUrl).get();
Log.d("Json: " , myJson);
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
new runningMan().execute();
Thank you for any help with this.
Here is a picture of my Cert Chain
The error message says apivitacrm.elasticbeanstalk.com, but you then black out the wildcard name in your certificate. Why?
Well, regardless of what it is, it looks like it starts with an a, so it is definitely not a *.elasticbeanstalk.com wildcard certificate.
That means that the error message is correct. The certificate does not belong to the domain name given.
Even if it is a *.apivitacrm.elasticbeanstalk.com wildcard (blackout doesn't seem wide enough for that, though), it still wouldn't match apivitacrm.elasticbeanstalk.com, since it only matches subdomains.
I am trying to use a cert that I downloaded from goDaddy that is hosting my server. I want to connect to it via my android app using an https connection. This connection needs to be authenticated as well. I got it all working with http but when I try to use the local certificate it just fatal crashes saying that I am trying to cast an httpUrlConnection to an HttpsUrlConnection.
Caused by: java.lang.ClassCastException: com.android.okhttp.internal.huc.HttpURLConnectionImpl cannot be cast to javax.net.ssl.HttpsURLConnection
I don't know what I am doing wrong there is no httpurlConneciton in the code at all and I don't cast anything to https either. Any help with this will be appreciated.
Here is my HttpsGet Client.
public class MyHttpsGet extends AsyncTask<String, Void, String> {
Context context;
int cert;
boolean allowHost;
private String username;
private String password;
//this is used if you need a password and username
//mainly for logins to a webserver
public MyHttpsGet(String username, String password, Context context, int cert)
{
this.context = context;
this.cert = cert;
this.allowHost = allowHost;
this.username = username;
this.password = password;
}
//used for image downloading
public MyHttpsGet(){}
#Override
protected String doInBackground(String... params) {
String url = params[0];
return httpsDownloadData(url, context, cert);
}
public String httpsDownloadData (String urlString, Context context, int certRawResId)
{
String respone = null;
try {
// build key store with ca certificate
KeyStore keyStore = buildKeyStore(context, certRawResId);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
// Create a connection from url
URL url = new URL(urlString);
if (username != null) {
Authenticator.setDefault(new Authenticator() {
#Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password.toCharArray());
}
});
}
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
int statusCode = urlConnection.getResponseCode();
Log.d("Status code: ", Integer.toString(statusCode));
InputStream inputStream = urlConnection.getInputStream();
if (inputStream != null) {
respone = streamToString(inputStream);
inputStream.close();
}
}catch (IOException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
Log.d("MyHttps Respones: ", respone);
return respone;
}
private static KeyStore buildKeyStore(Context context, int certRawResId) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
// init a default key store
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
// read and add certificate authority
Certificate cert = readCert(context, certRawResId);
keyStore.setCertificateEntry("ca", cert);
return keyStore;
}
private static Certificate readCert(Context context, int certResourceId) throws CertificateException, IOException {
// read certificate resource
InputStream caInput = context.getResources().openRawResource(certResourceId);
Certificate ca;
try {
// generate a certificate
CertificateFactory cf = CertificateFactory.getInstance("X.509");
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
return ca;
}
//this is used for downloading strings from an http or https connection
private String streamToString(InputStream is) throws IOException {
StringBuilder sb = new StringBuilder();
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
String line;
while ((line = rd.readLine()) != null) {
sb.append(line);
}
return sb.toString();
}
And here is how I am using it /calling it.
MyHttpsGet task = new MyHttpsGet(username, password,myContext, R.raw.gdroot_g2);
try {
myJson = task.execute(myUrl).get();
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
new runningMan().execute();
This was caused not by my code but by the missing s in a https//www.godsjasdifdsaidsf.com
My application makes multiple web calls in order to get authentication. I need to store this session in a cookie. I wanted to use Cookie Manager but after doing some research, I found out it is only available to API 9 and above and my application needs to be backward compatible.
I make my web connections using HTTPURLConnection to a secure HTTPS. Quick example of my code
public String iStream_to_String(InputStream is)
{
BufferedReader rd = new BufferedReader(new InputStreamReader(is), 4096);
String line;
StringBuilder sb = new StringBuilder();
try
{
while ((line = rd.readLine()) != null)
{
sb.append(line);
}
rd.close();
} catch (IOException e)
{
e.printStackTrace();
}
String contentOfMyInputStream = sb.toString();
return contentOfMyInputStream;
}
final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier()
{
public boolean verify(String hostname, SSLSession session)
{
return true;
}
};
/**
* Trust every server - dont check for any certificate
*/
private static void trustAllHosts()
{
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]
{ new X509TrustManager()
{
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return new java.security.cert.X509Certificate[]
{};
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException
{
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException
{
}
} };
// Install the all-trusting trust manager
try
{
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e)
{
e.printStackTrace();
}
}
Then I make a request like so
try
{
url = new URL(url1);
trustAllHosts();
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
https.setHostnameVerifier(DO_NOT_VERIFY);
http = https;
InputStream in = new BufferedInputStream(http.getInputStream());
sAuthenticateP1 = iStream_to_String(in);
in.close();
} catch (Exception e)
{
e.printStackTrace();
}
The full authentication is done in 4 steps. I need to have it so the session is remembered throughout the 4 steps. Seeing I can't use CookieManager, I have been looking around for other ways of doing this, but can't seem to find any. Would anyone be able to point me in the right direction.
Thanks in advance!!
Figured it out. Incase anyone else is having similar problem, will give quick outline of code. As I said before mine is a several step authentication process. So after the first request, after you have received a response, take the cookie like so
String cookie = http.getRequestProperty("Cookie");
if (cookie != null && cookie.length() > 0)
{
sCookie = cookie;
Log.v("cookie2", sCookie);
}
sCookie is a static string variable I have set up. Then in the next request, after this line
https = (HttpsURLConnection) url.openConnection();
Just put
https.setRequestProperty("Cookie", sCookie);
https.setRequestMethod("POST");
https.setDoInput(true);
https.setDoOutput(true);
And do the same thing for each request after that requires the session, and it should work fine