I have following android POST code. It works fine for http but fails for HTTPS with Not Trusted Server Certificate exception. I do not mind self signing or accepting all certificates code (drawback less secure with man-in-the-middle attack).
HttpPost post = new HttpPost("https://yourdomain.com/yourskript.xyz");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("postValue1", "my Value"));
nameValuePairs.add(new BasicNameValuePair("postValue2", "2nd Value"));
nameValuePairs.add(new BasicNameValuePair("postValue3", "3rd Value"));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpClient client = new DefaultHttpClient(); HttpResponse response =
client.execute(post); HttpEntity entity = response.getEntity();
String responseText = EntityUtils.toString(entity);
Any help appreciated here. I need the certificate portion of the code with submitting POST with postValue1, postValue2, and postValue3 (minimum 3).
You should add the selfsigned certificate to the Android trust store. I've not worked on android self signed cert, but on windows, it will work(mostly)
I've looked up link here. The author gave good steps to install the self signed cert to android.
More discussion here
Related
I am building a Android app that needs to work with https. I have no problem doing a https connection to a https address that do not use TLS with Server Name Indication extension. But I need to do the connection to a https address that uses TLS with SNI extension.
What I did for https address that uses TLS with out hostname extension was:
HttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://exampleurl.com/api");
try {
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("username", email));
nameValuePairs.add(new BasicNameValuePair("ssh_public_key", publickey));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response = httpclient.execute(httppost);
Log.d(TAG, response.toString());
return response.toString();
} catch (Exception e) {
Log.d(TAG, e.toString());
}
How do I add Server Name Indication extension in the TLS in Android. After research I found one post on stackoverflow but I cant get it to work with this information.
But its a bit on the way
"As far as I know, there is a partial support in Android SDK. The current situation is the following:
Since the Gingerbread release TLS connection with the HttpsURLConnection API supports SNI.
Apache HTTP client library shipped with Android does not support SNI
The Android web browser does not support SNI neither (since using the Apache HTTP client API)"
"Thanks for the help. I have tried the sni.velox.ch link using SSLCONTEXT(TLS) and SSLENGINE class available in the android sdk. I am getting the handshake."
Android SSL - SNI support
This post gives the answer that this will work in Android but I cant get how to do it with HttpsURLConnection, SSLCONTEXT(TLS) and SSLENGINE.
Can any body provide an code example of how to set the Server Name Indication extension in the TLS?
i was trying to upload data from my android app to php but, i am not receiving the data at the server.i tried echoing the data, can any one help with this code,i am not getting any error
nameValuePairs.add(new BasicNameValuePair("trip_id",x));
nameValuePairs.add(new BasicNameValuePair("loc_lat",String.valueOf(location.getLatitude())));
nameValuePairs.add(new BasicNameValuePair("loc_lon",String.valueOf(location.getLongitude())));
HttpClient httpclient=new DefaultHttpClient();
HttpPost httppost=new HttpPost("http://xx/x.php");
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse response=httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
is = entity.getContent();
I had a problem like this one. I'm comparing your code with mine, but I remember that the problem was the server redirecting me wasn't sending the POSTrequest. I had to type the IP of the website and use GET method.
Try using
HttpPost httppost=new HttpPost("x.x.x.x");
Even though it's not a solution (except if your server has a fixed IP), it could help finding the problem.
I'm trying to authenticate an android client app to my server ruby on rails app which uses Devise gem. But I've tried http authentication, and post requests to authenticate, and the server just responds 200 for any given username/password.
I've already set up the config.http_authenticatable = true and the :database_authenticable at the user model...
I'll post my authenticate method so u guys can have a look on it...
public static boolean authenticate(User user, String verb) throws IOException, JSONException
{
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(verb);
CredentialsProvider credProvider = new BasicCredentialsProvider();
credProvider.setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
new UsernamePasswordCredentials(user.getMail(), user.getPassword()));
httpClient.setCredentialsProvider(credProvider);
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("email", user.getMail()));
nameValuePairs.add(new BasicNameValuePair("password", user.getPassword()));
httpPost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpResponse httpResponse = httpClient.execute(httpPost);
int statusCode = httpResponse.getStatusLine().getStatusCode();
//JSONObject resp = null;
if (statusCode < 200 || statusCode >= 300){
throw new IOException("Error");
}
return true;
}
If server is responding 200, it really sounds like server side configuration, so you should double-check your URLs are actually secured, using a desktop web browser and a tool like Fiddler so you can see everything. Pay particular attention to the Authentication headers, and the Status codes; at the least you should see a 401 from the server to start things off.
You can also turn on diagnostics for Apache HTTP on your device, and it will also dump headers and content to LOGCAT, so you can make sure everything is proceeding.
Check the WWW-Autnenticate header's contents, it will specify which schemes are accepted. The client side will re-request the URL, but it will put the Authorization header into its request.
In short, make sure your server side works outside of your application, in an environment that's easier to troubleshoot.
Client side, it looks like you are only activating BASIC authentication (everyone stop using it!), and your endpoint may only want DIGEST or NTLM or KERBEROS or any other authentication scheme than BASIC. Since it looks like you didn't set up for SSL, certainly use at least DIGEST or you have clear text issues!
Using form variables (for authentication) only works at the application level, and not the HTTP protocol level, which uses HTTP Headers (WWW-Autnenticate, Authorization) and Status codes (401, 403) for the authentication process. And again, if you aren't configuring your server (and client) for SSL-only, there will be clear text problems.
my code is this to post data to server
MakeValue = (String) s2.getSelectedItem();
MakeValue = MakeValue.replace(" ", "%20");
DefaultHttpClient hc=new DefaultHttpClient();
ResponseHandler res=new BasicResponseHandler();
HttpPost postMethod=new HttpPost(AppUrl.AppUrl+"dealer_service.php?action=saveCreateNewInventory");
List nameValuePairs = new ArrayList(2);
nameValuePairs.add(new BasicNameValuePair("POSTDATA", Login.GetUserID +"~"+ VinNumber.getText()
. . .
postMethod.setEntity(new UrlEncodedFormEntity(nameValuePairs));
response=hc.execute(postMethod,res);
but after executing this i have an exception of ssl not trusted so please help me to solve my probs please help i spent too many days in this. how can i remove this exception.
It's probably the typical error with certificate being signed for another domain. See question Https Connection Android
One cause can be the clock on your device. If the time is years off, SSL certificates will be invalid. So if that's the case, fix is as easy as setting your device to the correct date.
I have a problem of ssl exception when i upload data to a https server. It uploaded the data to the server correctly but when i get the response after uploading it throws an exception of ssl certificate is not trusted. I'm using the SAX parser for parsing xml file and i am using httppost method().
you have to add a new scheme to accept Secure site connections
check this, and there you will find another useful sample without checking the cetificate...
Https Connection Android
Android comes with the apache commons http library included. Setting up a https post request is quite easy:
HttpPost post = new HttpPost("https://yourdomain.com/yourskript.xyz");
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(2);
nameValuePairs.add(new BasicNameValuePair("postValue1", "my Value"));
nameValuePairs.add(new BasicNameValuePair("postValue2", "2nd Value"));
post.setEntity(new UrlEncodedFormEntity(nameValuePairs));
HttpClient client = new DefaultHttpClient();
HttpResponse response = client.execute(post);
HttpEntity entity = response.getEntity();
String responseText = EntityUtils.toString(entity);
Android uses a version 4.x of the commons http library as all versions below 4.0 are out of their lifecycle.
I can't tell exactly how to register a self-signed certificate to the HttpClient, but mybe the commons http documentation helps:
http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506