Certificate problems with Android Apps
Rurik Telmonkin.3648:
Hey all,
So here is my problem. I wrote a program using the api, as a desktop application, and it all worked fine, no problems.
I decided to expand it and turn it into an android application as well. The program still works as a desktop application but when I try to run it as an android application, it has problems with the certificate.
I have tried using both jGW2API’s hard coded certificate, and the attached ca.cer file for my certificate, but both times the logcat tells me that there is not enough data in the certificate(input stream to be specific).
Anyone know why this is happening/how I can solve it?
Rurik
subnote: Cannot attach .cer file, changed it into .txt file via editing the extension. I hope this doesnst cause any issues.
Rasman.7812:
I had the same problem, so i just deleted the certificate. That worked for me.
Also remember to add the INTERNET persmission in your manifest file.
Tanis.5134:
I am successfully using the API in an Android app without manually specifying or installing a certificate.
Rurik Telmonkin.3648:
Strange, I was under the assumption that with it being a https: connection, it would require a certificate, also I am pretty sure it gave me troubles when i tried to connect without a certificate.
But I will give it a try and see what happens.
As a side not, where in the manifest should I put the INTERNET tag?
Rurik Telmonkin.3648:
Never mind, google did the trick. Thanks for the help. Now I will just need to work on speeding it up somehow.
Goddchen.4958:
HttpsURLConnection seems to be able to handle the HTTPS connection just fine without any further config.
Rurik Telmonkin.3648:
Hmm so I dont know whats happened, but since fixing this issue, my pc application version no longer works, with a:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target error.
while my android app is once again having problems, but this time an IO exception with logcat giving a warning that there is an SSLException, stating Not Trusted Server Certificate… android frustrates me
Yamagawa.5941:
I don’t think it’s you. Or rather, I don’t think you caused the error:
https://forum-en.guildwars2.com/forum/community/api/HTTP-access/first#post2236704
Rurik Telmonkin.3648:
No its definitely not on my end, as my precompiled (weeks ago) program wont work either. Something is definitely going wrong with the server, and it is probably the Worlds List bug.
Or it could be the new certificate they are running, interesting. (probably it, as the old hard coded certificate in my pc program would no longer be correct)
Yamagawa.5941:
Updates in the other thread. They got a new key issued from a more widely accepted root authority. You can probably axe most/All your SSL specific code.
//Yamagawa
Rurik Telmonkin.3648:
Yes, the new certificate fixed the pc version issues certainly. However my android version is still giving me warnings about not having a secure ssl cert, as well as an IOException when grabbing world names. I suspect that the latter is the null world causing issues.
EDIT
hmm, it seems to definitely be a server issue that I cannot change or fix on my end, as the IO exception is being caused by this.httpsConnection.getInputStream().
I know its not an issue on my end as I use the same thing for two different calls and only one is failing, that being the one grabbing world names.
Rurik Telmonkin.3648:
Hmm interesting, it seems is was failing on the first call, it just wasnt notifying me because the second call overwrote it. So for some reason, all my calls to the api are failing with an IOException in my android app, with a warning of an SSL Exception saying No Trusted Server Certificate, and a CertificateException stating that TrustAnchor for CertPath not found.
Whats strange is that these work perfectly on the pc version of the app and I just dont know what could be going wrong.
Cliff Spradlin.3512:
Hmm interesting, it seems is was failing on the first call, it just wasnt notifying me because the second call overwrote it. So for some reason, all my calls to the api are failing with an IOException in my android app, with a warning of an SSL Exception saying No Trusted Server Certificate, and a CertificateException stating that TrustAnchor for CertPath not found.
Whats strange is that these work perfectly on the pc version of the app and I just dont know what could be going wrong.
Can you post the code relevant to setting up SSL and connecting to the API?
Also, what happens when you visit an API url on your mobile browser? Is there a certificate error?
Goddchen.4958:
Rurik, you might want to check out some of my source code on how to access the API from Android: https://github.com/Goddchen/GuildWars2-API-Explorer/blob/master/GuildWars2APIExplorer/src/main/java/de/goddchen/android/gw2/api/async/MapNamesLoader.java
Healix.5819:
Whats strange is that these work perfectly on the pc version of the app and I just dont know what could be going wrong.
I’m assuming the “pc version” is basically the same program and not an entirely different one? If your Android device is version 2.2 or below, it doesn’t trust GeoTrust’s certificate. It should however trust their old (Equifax) certificate, in which case ArenaNet could update theirs to point to that one as a workaround (http://www.geocerts.com/support/cross_root).
And here’s a workaround for you:
Download GeoTrust Global CA certificate (or, direct pem link) and place it in your resources.
When creating the HTTPS connection, set it up to trust that CA.
An example can be found in the tutorial (Unknown certificate authority):
http://developer.android.com/training/articles/security-ssl.html#UnknownCa
Rurik Telmonkin.3648:
Thank you Healix, that would be the problem, I have minimum sdk set to 2.2.
I will try out that cert later and hopefully it will work.
Rurik Telmonkin.3648:
Hmm interesting, it seems is was failing on the first call, it just wasnt notifying me because the second call overwrote it. So for some reason, all my calls to the api are failing with an IOException in my android app, with a warning of an SSL Exception saying No Trusted Server Certificate, and a CertificateException stating that TrustAnchor for CertPath not found.
Whats strange is that these work perfectly on the pc version of the app and I just dont know what could be going wrong.
Can you post the code relevant to setting up SSL and connecting to the API?
Also, what happens when you visit an API url on your mobile browser? Is there a certificate error?
It works fine on my mobile browser, I assume because of what Healix said below, that my app is running on 2.2 which doesn’t support geotrust naturally, but I can get around that easy enough.
Rurik Telmonkin.3648:
Well, after re-enabling file based cert files it has, instead of catching errors and running ahead, is crashing.
I am using the original version of jGW2API as my base for api calls, with the only major difference being the following lines in the StartComSSLSocketFactory.java:
private static Context thisContext = MenuActivity.context;
private StartComSSLSocketFactory()
throws CertificateException, NoSuchAlgorithmException,
KeyStoreException, IOException, KeyManagementException {
super(readTxt()/StartComSSLSocketFactory.StartComRootCertificate/, “StartCom”, “X.509”, “X509”);
this.sslSocketFactory = this.sslCon.getSocketFactory();
}
private static InputStream readTxt() throws IOException{
//AssetManager res = thisContext.getAssets();
InputStream in = thisContext.getAssets().open(“ca.pem”);
return in;
}
and the problem seems to be that it cannot see the ca.pem file, despite it being in the assets folder. Until I figure out why its not finding that file, I won’t be able to see if it was my running on 2.2 that was affecting it.
The obvious solution to this, is to redo my project using sdk 2.3+ as the minimum, but I would rather not do that if avoidable
EDIT:
Well somehow I just managed to screw up and lose all my work, so I am gonna start again on gingerbread sdk, hopefully I wont run into these problems again
Varonth.5830:
You don’t need a StartCom SSLSocketFactory anymore.
In fact, the socket factory generated by my SSL Helper class sets up factories which provide SSL sockets for a single certificate.
If the server you are connecting to isn’t using that certificate directly or as part of its certificate chain, than these sockets will refuse the connection (which in that case is the correct behavior for these sockets).
With the change to GeoTrust from StartCom as certificate authority StartCom SSLSockets will refuse the connection.
Instead you can just use the default SSLSocketFactory of your java implementation (GeoTrust should really be included in any Java implementation, including the Dalvik VM used by Android).
Latest version, which I uploaded does exactly that, and it works just fine.
Rurik Telmonkin.3648:
Well huzzah, with the change to 2.3.3, it is pulling in data just fine. Now just to work out all the other bugs and issues that will undoubtedly occur. But that is for me to figure out on my own
thanks all