My problem is the same as SSLHandshakeException when trying to reach app engine endpoint (so yes, it's a duplicate to that extent). The answer there says that I need to change from https to http. So how do I do that? I am using java app engine.
My web.xml does not have anywhere
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Also in the android client, I connect to the server with
MyServer service = MyServer.Builder builder = new MyServer.Builder(
AndroidHttp.newCompatibleTransport(),
new AndroidJsonFactory(),
null
);
to be clear
I can confirm that my code is indeed using https, I look into the generated source and found:
public Builder(HttpTransport transport, JsonFactory jsonFactory, HttpRequestInitializer httpRequestInitializer) {
super(transport, jsonFactory,
"https://mycompanyserver.appspot.com/_ah/api/", "server/1/",
httpRequestInitializer, false);
}
I just don't know how to prevent it from asking for https.
I am able to reach the site from the browser, and so the problem may be android studio server certificate
Do I need to add appengine server certificate to android studio? When I go to android studio > Preferences >Server Certificates, under Accepted Certificates I see N/A > untangle. How would I go about adding my app engine certificate to android studio?
And since I added my Appengine module using the android studio instructions, why was it not auto-included?
Related
I got pretty stuck with a problem in Xamarin.Forms (Forms though, but I only have an Android project, I need to support only that).
The app must post to the backend, and the backend do SSL cert validation.
I have a test device, an Android 11 Samsung. Among the user certificates on the device, there is the cert I need (Settings - Security - User certificates).
When I open a Google Chrome on my phone, it loads the swagger UI of the backend, and I think it first asked me if I wanted to use my cert.
The swagger works, I was able to try the endpoints there.
The problem is that I can't make a backend call from the app because it immediately drops my request with an SSL certification validation failed message.
I wrote some quick test code with exact namespaces to understand what I'm doing:
// This returns the cert of the user's certificates:
Java.Security.Cert.X509Certificate myJavaCert = KeyChain.GetCertificateChain(this.ApplicationContext, "MyCertAlias").FirstOrDefault();
//Convert to X509Certificate2:
var myDotNetCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(myJavaCert.GetEncoded());
//I'm doing HttpClient manually, I don't want to use IHttpClientFactory yet:
var httpClientHandler = new HttpClientHandler();
httpClientHandler.ClientCertificates.Add(myDotNetCert);
var httpClient = new HttpClient(httpClientHandler);
// Finally I call the post that runs for the above mentioned error:
await httpClient.PostAsync(url, objectToPost);
I’m pretty stuck with this task, I don’t really know where to try.
Thanks for the help in advance too!
After one week of research I finally figured it out to myself.
Here is the full-detailed answer for my own question:
Xamarin Forms (Android) Client certificate from KeyStore vs PFX file
I'm trying to create a websocket connection to my Phoenix app from an Android client. I'm trying to use this library but I'm running into this issue and I'm unable to successfully join a channel.
Upon reviewing the source code of the above java phoenix client library, it looks like the initial request from the client to connect to the socket is made with http schema and not ws (the source code explicitly changes the provided url to make sure it always uses http). It's not clear to me how this would work without additional configuration in my Phoenix app: if a socket connect request is made to http://localhost:4000/socket, the request will fail because there is no route for /socket when the schema is http.
There's nothing in the library docs that says any additional config is required in my Phoenix app to make this work, but I don't see how it could work for the reason stated above.
Does a Phoenix app have built in handling for the connection upgrade, etc, required on handshake as specified here?
As a note, I have no issues making websocket connections from my javascript web client to my Phoenix backend.
Any suggestions are appreciated!
Have you tried using the default path for a channel http://localhost:4000/socket/websocket ?
I have a MVC .NET application that uses signalR.
I tried to download this client:
https://github.com/Gurgen/SignalR-.net-core-android-client
I ran it on my device. Pressed the connect button. But kept getting an exception.
Debugging it I found that I had to change this line
String connectionId = jsonElement.getAsJsonObject().get("connectionId").getAsString();
to this
String connectionId = jsonElement.getAsJsonObject().get("ConnectionId").getAsString();
I am already starting to feel like this client doesn't support v2.3.0 of the SignalR library in my .NET application. Any way the next exception is caused by this line:
JsonElement availableTransportsElements = jsonElement.getAsJsonObject().get("availableTransports");
I had a look at the JSON returned by SignalR and there is no such element as "availableTransports". This is what it returned
{ "Url":"/signalr/hubs/auth","ConnectionToken":"zzK0SAWXNEB1pLY2VYHWPYTMcyJIX8PnhKfLRP9fij5xbY2jDIaDyKuZQa5RvHt+KSe6h1PD9JC+RL7V2nhPzevktK781hL7ndAnZqAe3E12GawCVddFUI4R9FLDE//L","ConnectionId":"9cb5ff73-14d3-4e59-8b14-d92e47bbe948","KeepAliveTimeout":20.0,"DisconnectTimeout":30.0,"ConnectionTimeout":110.0,"TryWebSockets":false,"ProtocolVersion":"1.2","TransportConnectTimeout":5.0,"LongPollDelay":0.0 }
Ok my question, has anyone used this library? Or is there another Android library I can use that is compatible? I am new to SignalR but from what the server sent does the .NET application support websockets? I want my Android client to connect using websockets.
UPDATE
OK I have discovered that WebSocket Protocol feature was not installed in IIS. I have done that now and now this is what is returned, however the client cannot still connect to it.
{ "Url":"/signalr/hubs/auth","ConnectionToken":"6CkVnCK9KmbDemtXY/S+zCyBUdaYbaK8WmQxIw6+JxjeEzWCP7BPTiItqgvzu+hhaf6kIS4NlPln8LJLfS95UbUG4rF/8C6Y5D7eq2aKCLEU6up/c4l8YvMKheodRsKy","ConnectionId":"abe2cdca-e237-4cbd-8523-98af8c864b9b","KeepAliveTimeout":20.0,"DisconnectTimeout":30.0,"ConnectionTimeout":110.0,"TryWebSockets":true,"ProtocolVersion":"1.2","TransportConnectTimeout":5.0,"LongPollDelay":0.0}
That is a step closer as now TryWebSockets is true.
I am developing a Xamarin mobile Android app. For data access, the app uses a Portable class library to make webservice calls to the back end. I’m using the Portable class library so that I can share it with an iOS version of the mobile app later. The data is sensitive and requires SSL for all communications which is configured in the WebAPI web service project. It uses oAuth for authentication.
The challenge I’m running into is that the initial request to authenticate is failing when I run it locally with the following error:
System.Net.Http.HttpRequestException: An error occurred while sending the request
System.Net.WebException: Error: TrustFailure (The authentication or decryption has failed.)
System.IO.IOException: The authentication or decryption has failed.
Some additional information:
I am using the following built in Visual Studio emulator and version - Android_Accelerated_x86 (Android 6.0 – API 23).
I am currently running it on localhost and following is the code snippet for this call:
HttpClient client = new HttpClient(new NativeMessageHandler())
{
BaseAddress = new Uri("https://10.0.2.2:44342/") // I also tried installing it on IIS and using port 443 on localhost. Same problem.
};
var content = new StringContent("grant_type=password&username=[USER_NAME]&password=[PASSWORD]", Encoding.UTF8, "application/json");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = await client.PostAsync("Token", content).ConfigureAwait(false);
if (response.IsSuccessStatusCode)
{
var data = await response.Content.ReadAsStringAsync();
var stuffList = JsonConvert.DeserializeObject<List<Stuff>>(data);
return stuffList;
}
else
{
return new List<Stuff>();
}
The call works when I test it through Fiddler on localhost, so I know that everything is configured correctly on the web service end and with authentication. But from the emulator my understanding is that I need to use IP address 10.0.2.2. I have create a self-signed cert and that hasn’t seemed to help.
I have also attempted to use Fiddler as a middleman, but I’m not seeing any activity in Fiddler when I run the app locally. I have also tried to change the network settings of the emulator, but it doesn’t appear to be having any affect. The base emulator seems to be fairly limited in these settings, but I also don’t want to pay for a more advanced one at this point in time. I have seen a number of posts with similar issues, but none of the existing recommendations that I have found are helping. Any help would be greatly appreciated!
I have a question related to the use of MQTT protocol in Android environment. We are developing an Android application and using com.ibm.micro.client.mqttv3_7.5.0.0.jar MQTT client library in order to send push notifications to Android devices. My question is about SSL connection. In desktop applications, we copy our .keystore file in a proper location and refer to it as follows;
public Properties getSSLSettings() {
final Properties properties = new Properties();
properties.setProperty("com.ibm.ssl.keyStore",
"C:/BKSKeystore/mqttclientkeystore.keystore");
properties.setProperty("com.ibm.ssl.keyStoreType", "BKS");
properties.setProperty("com.ibm.ssl.keyStorePassword", "passphrase");
properties.setProperty("com.ibm.ssl.trustStore",
"C:/BKSKeystore/mqttclienttrust.keystore");
properties.setProperty("com.ibm.ssl.trustStoreType", "BKS");
properties.setProperty("com.ibm.ssl.trustStorePassword", "passphrase ");
return properties;
}
Above code works perfectly to get SSL settings. We implemented this code also in Android, but it is very clear that holding .keystore file(s) inside the device is not secure at all. My question is, is there any other alternative to implement SSL connection without storing .keystore file(s) inside device’ s internal or external storages?
In later versions of android you can access the device's keystore using KeyChain to provide access to private keys. For the trust store using the device's trust store works fine, which android uses by default for SSL connections. Also IBM have a messaging community which has information on using their libraries on mobile devices.