CODEWITHSUNDEEP
androidssljsoup
hoanngothanh
hoanngothanh

Reputation: 90

Bypass SSL Warning from google play

I use JSOUP to connect to many https website. I use method Jsoup.connect(url) ,but it throw exception: 

javax.net.ssl.SSLHandshakeException: Certificate not valid or trusted.

So I use this code to trust all cert ssl:

public static void enableSSLSocket() throws KeyManagementException, NoSuchAlgorithmException {
   TrustManager[] trustAllCerts = new TrustManager[]{
    new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
        public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType ) { }
        public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType ) { }
    }
};

// Install the all-trusting trust manager
try {
    SSLContext sc = SSLContext.getInstance( "SSL" );
    sc.init( null, trustAllCerts, new java.security.SecureRandom() );
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    HttpsURLConnection.setDefaultHostnameVerifier(
        new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        });
}
catch ( Exception e ) {
    //We can not recover from this exception.
    e.printStackTrace();
}}

But sice I use code above there is goole warning on play store.

Your app is using an unsafe implementation of the X509TrustManager interface with an Apache HTTP client, resulting in a security vulnerability. Please see this Google Help Center article for details, including the deadline for fixing the vulnerability.

If I add this code:

 public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                try {
                    chain[0].checkValidity();
                } catch (Exception e) {
                    throw new CertificateException("Certificate not valid or trusted.");
                }
            }

The warning gone, but JSOUP not working is not working again with the same exception. So is there any way to trust all ssl and bypass google warning? Thanks you in advance.

Upvotes: 2

Views: 1140

Answers (1)

hoanngothanh
hoanngothanh

Reputation: 90

I find the solution, hop some one need it:

 public static void trustSSLCertificate(final Activity mActivity, final DownloadPortalTask task){
        try {
            HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });

            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new X509TrustManager[]{new X509TrustManager() {
                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }

                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    try {
                        chain[0].checkValidity();
                    } catch (final Exception e) {

                        mActivity.runOnUiThread(new Runnable() {
                            @Override
                            public void run() {
                                AlertDialog.Builder builder = new AlertDialog.Builder(mActivity);
                                AlertDialog alertDialog = builder.create();
                                alertDialog.setCancelable(false);
                                String message = "There a problem with the security certificate for this web site.";
                                message += "\nDo you want to continue anyway?";
                                alertDialog.setTitle("SSL Certificate Error");
                                alertDialog.setMessage(message);
                                alertDialog.setButton(DialogInterface.BUTTON_POSITIVE, "OK", new DialogInterface.OnClickListener() {
                                    @Override
                                    public void onClick(DialogInterface dialog, int which) {
                                        acceptSSL = true;
                                        return;

                                    }
                                });

                                alertDialog.setButton(DialogInterface.BUTTON_NEGATIVE, "Cancel", new DialogInterface.OnClickListener() {
                                    @Override
                                    public void onClick(DialogInterface dialog, int which) {
                                        acceptSSL = true;
                                        task.onInterruptedDownload();
                                    }
                                });
                                alertDialog.show();

                            }

                        });

                        while( !acceptSSL){
                            try{
                                Thread.sleep(1000);
                            } catch( InterruptedException er) { }
                        }

                    }
                }
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            }}, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
        } catch (Exception e) { // should never happen
            e.printStackTrace();
        }
    }

Call this method before call Jsoup. SSL warning on google play gone too.

Upvotes: 0

Related Questions