Category Archives: android

Deploying an Android app via email

Once a project is running fine on the emulator, time to test it on a real device.

  • In eclipse, right-click on the project > export > Android > Android Application
  • Create a new keystore (password = storepass here)
  • Create a key (here: apk, password: keypass)
  • Send it by email
Tagged ,

Connecting to SSL server from Android with self signed certificate

So I have a SSL Server running and I can connect from a PC. I now want to be able to connect from Android.

Creating the trust store

Android only accepts BKS certificates whereas I have created a CER certificate with keytool.

  • Download portecle
  • Run the program
  • File > New KeyStore > BKS
  • Tools > Import Trusted Certificate > alias = server
  • Save Keystore (pass = keypass) as C:\temp\server.bks
  • Copy the file to the Android project in res/raw/server.bks

Creating the SSLContext

Code for the creation of the SSLClient:

    protected Socket getConnection(String ip, int port) throws IOException  {
        try {
            KeyStore trustStore = KeyStore.getInstance("BKS");
            InputStream trustStoreStream = context.getResources().openRawResource(R.raw.server);
            trustStore.load(trustStoreStream, "keypass".toCharArray());

            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
            SSLSocketFactory factory = sslContext.getSocketFactory();
            SSLSocket socket = (SSLSocket) factory.createSocket(ip, port);
            socket.setEnabledCipherSuites(SSLUtils.getCipherSuitesWhiteList(socket.getEnabledCipherSuites()));
            return socket;
        } catch (GeneralSecurityException e) {
            Log.e(this.getClass().toString(), "Exception while creating context: ", e);
            throw new IOException("Could not connect to SSL Server", e);
        }
    }

Et voila, that should work fine now.

Note: the SSLUtils class is a custom class that I use to filter out less secure cipher suites. The line that uses it in the code above is not required per se but just in case, this is what the code looks like:

public final class SSLUtils {

    private SSLUtils() { //non instantiable
    }

    public static String[] getCipherSuitesWhiteList(String[] cipherSuites) {
        List<String> whiteList = new ArrayList<>();
        List<String> rejected = new ArrayList<>();
        for (String suite : cipherSuites) {
            String s = suite.toLowerCase();
            if (s.contains("anon") || //reject no anonymous
                    s.contains("export") || //reject no export
                    s.contains("null") || //reject no encryption
                    s.contains("md5") || //reject MD5 (weaknesses)
                    s.contains("_des") || //reject DES (key size too small)
                    s.contains("krb5") || //reject Kerberos: unlikely to be used
                    s.contains("ssl") || //reject ssl (only tls)
                    s.contains("empty")) {    //not sure what this one is
                rejected.add(suite);
            } else {
                whiteList.add(suite);
            }
        }
        Log.d(this.getClass().toString(), "Rejected Cipher Suites: {}", rejected);
        return whiteList.toArray(new String[whiteList.size()]);
    }
}
Tagged ,