Android

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Unknown User (lflynn)

Saved on

compared with

New Version 4

changes.mady.by.user Unknown User (lflynn)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
public class extends SSLSocketFactory {
               SSLContext sslContext;
            public MySSLSocketFactory (KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, 
KeyStoreException, UnrecoverableKeyException 
            {
                   super(truststore);
                   this.sslContext = SSLContext.getInstance("TLS");
                   this.sslContext.init (null, new TrustManager[] {new X509TrustManager() {    
                               public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
                                        {
                               }
                               public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
                                        {
                               }
                               public X509Certificate[] getAcceptedIssuers() {
                                       return null;
                               }
                       }}, null);
            }
               public Socket createSocket() throws IOException {
                       return this.sslContext.getSocketFactory().createSocket();
               }
               public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException
                                                                                                                  , UnknownHostException {
                       return this.sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
               }
        }
<tt>checkClientTrusted()</tt> and <tt>checkServerTrusted()</tt> are overriden to make a blank implementation so that 
<tt>SSLSocketFactory</tt> does not verify SSL certificate. <tt>MySSLSocketFactory</tt> class is used to create an instance of 
<tt>HttpClient</tt> in other part of the application:
        public }
 
 public static HttpClient getNewHttpClient() {
            DefaultHttpClient v6;
            try {
                KeyStore v5 = KeyStore.getInstance(KeyStore.getDefaultType());
                v5.load(null, null);
                MySSLSocketFactory mySSLScoket = new MySSLSocketFactory(v5);
                if(DefineRelease.sAllowAllSSL) {
                    ((SSLSocketFactory)mySSLScoket).setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
                }
                BasicHttpParams v2 = new BasicHttpParams();
                HttpConnectionParams.setConnectionTimeout(((HttpParams)v2), 30000);
                HttpConnectionParams.setSoTimeout(((HttpParams)v2), 30000);
                HttpProtocolParams.setVersion(((HttpParams)v2), HttpVersion.HTTP_1_1);
                HttpProtocolParams.setContentCharset(((HttpParams)v2), "UTF-8");
                SchemeRegistry v3 = new SchemeRegistry();
                v3.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
                v3.register(new Scheme("https", ((SocketFactory)mySSLScoket), 443));
                v6 = new DefaultHttpClient(new ThreadSafeClientConnManager(((HttpParams)v2), v3), ((HttpParams)v2));
            }
            catch(Exception v1) {
                v6 = new DefaultHttpClient();
            }
            return ((HttpClient)v6);
        }  

In the example above, checkClientTrusted()and checkServerTrusted() are overriden to make a blank implementation so that SSLSocketFactory does not verify the SSL certificate. The MySSLSocketFactory class is used to create an instance of HttpClient in another part of the application.

Proof of Concept

Typically, an application stores files in the directory as follows:

...

[Android API 2013]Class Environment
[JSSEC 2013]4.6 Secure File Handling