I've been trying to get a response from an https site that requires a certificate to access.
I have been given a .p12 file that I can access with the browser. I put that certificate in res/raw as p12_cert.p12
I am not that familiar with android networking, so I also set my network_security_config like this:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true" />
</network-security-config>
This is the code to build the OkHttpClient.
this.context = context;
TrustManager[] trustManagerArrary;
KeyManager[] keyManagerArray;
SSLSocketFactory sslSocketFactory;
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
trustManagerArrary = createAndInitTrustManagerFactory();
keyManagerArray = createAndInitKeyManagerFactory();
sslContext.init(keyManagerArray, trustManagerArrary, new SecureRandom());
sslSocketFactory = sslContext.getSocketFactory();
}
catch (Exception e) {
throw new RuntimeException(e);
}
// Tried all Enabled Ciper Suites and TLS Versions.
ConnectionSpec connectionSpec = new ConnectionSpec.Builder(ConnectionSpec.COMPATIBLE_TLS)
.allEnabledCipherSuites()
.allEnabledTlsVersions()
.build();
client = new OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustManagerArrary[0])
.connectTimeout(30, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
.writeTimeout(30, TimeUnit.SECONDS)
.protocols(Arrays.asList(Protocol.HTTP_1_1))
.connectionSpecs(Arrays.asList(connectionSpec))
.build();
Here are the functions for KeyManager + TrustManager
private KeyManager[] createAndInitKeyManagerFactory() throws Exception {
char [] pw = "password".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
InputStream is = context.getResources().openRawResource(R.raw.p12_cert);
ks.load(is, pw);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(ks, pw);
KeyManager[] km = kmf.getKeyManagers();
return km;
}
private TrustManager[] createAndInitTrustManagerFactory() throws Exception {
char [] pw = "password".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
InputStream is = context.getResources().openRawResource(R.raw.p12_cert);
ks.load(is, pw);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
TrustManager[] tm = tmf.getTrustManagers();
return tm;
}
I get this error that I can't really understand, because I cant figure out what I'm supposed to try next.
javax.net.ssl.SSLHandshakeException: Handshake failed at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:288) at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.kt:351) at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.kt:310) at okhttp3.internal.connection.RealConnection.connect(RealConnection.kt:178) at okhttp3.internal.connection.ExchangeFinder.findConnection(ExchangeFinder.kt:236) at okhttp3.internal.connection.ExchangeFinder.findHealthyConnection(ExchangeFinder.kt:109) at okhttp3.internal.connection.ExchangeFinder.find(ExchangeFinder.kt:77) at okhttp3.internal.connection.Transmitter.newExchange$okhttp(Transmitter.kt:162) at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.kt:35) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:87) at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.kt:82) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:87) at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.kt:84) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.kt:71) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:112) at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.kt:87) at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.kt:184) at okhttp3.RealCall$AsyncCall.run(RealCall.kt:136) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641) at java.lang.Thread.run(Thread.java:919) Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xebb7bff8: Failure in SSL library, usually a protocol error error:10000410:SSL routines:OPENSSL_internal:SSLV3_ALERT_HANDSHAKE_FAILURE (external/boringssl/src/ssl/tls_record.cc:587 0xc7a75e88:0x00000001) at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method) at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387) at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226) ... 23 more
User contributions licensed under CC BY-SA 3.0