HTTPS connection to server with server's self signed certificate

[Saravanan N]

Dear Experts,

 

I have built my android app based on ksoap2 2.5.2 jar with HTTP connection with server. The scenario is that I call web service from my android app [web service client] to j2ee server [web service provider] and get the response back.

 

Now, I want to make my web service connection secure - TLS. I want to encrypt the web service content using server's public key before sending it out to the server and get the response back.

 

I understand I should use ksoap2 3.4.0 to implement the above functionality. Please can  you provide me a sample code snippet ? I have shared my current code snippet i use in my application below.

 

Thanks a lot for your help!!!

 

 

My current code that uses HTTP is:

 

    String SOAP_ACTION = ":8080/soapaction/";
    String WSDL_TARGET_NAMESPACE = ":8080/wsdltargetnamespace";
    String SOAP_ADDRESS = ":8080/soapaddress";  

 

   OPERATION_NAME = "operationName";
   SoapObject request = new SoapObject("http://" + loginServerIP  + WSDL_TARGET_NAMESPACE, OPERATION_NAME);
   request.addProperty("param1", "value1");

   SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
   envelope.dotNet = true;
   envelope.setOutputSoapObject(request);   
   HttpTransportSE httpTransport = new HttpTransportSE("http://" + loginServerIP  + SOAP_ADDRESS);
   try
   {
    httpTransport.call("http://" + loginServerIP  + SOAP_ACTION + OPERATION_NAME, envelope);
    SoapObject responseObject = (SoapObject) envelope.bodyIn;
    int count = responseObject.getPropertyCount();
    count = 3; // The web service returns a string array with three values
    String retStr[] = new String[count];
    for(int i=0; i < count; i++)
    {
     retStr[i] = "" + responseObject.getProperty((i));
    }
    return (retStr);
   }
   catch (Exception exception)
   {
    String retStr[] = {"Failed - " + exception.toString(), " "};
    return (retStr);
   } 

 

 

- Saravanan

[Saravanan N]

Thank  you so much Robert!! I will try them out.

 

Best Regards,

Saravanan N

On Mon, Jun 15, 2015 at 7:33 PM, Robert <rob...@mailueberfall.de> wrote:

At this moment I also run into that problem and started digging through the ksoap2 code.

I found out that unfortunately ksoap2 (even version 3.4) is totally unprepared for such a situation, because it is not possible to access the HttpUrlConnection inside the class ServiceConnectionSE.

To make it work anyway you have to do the following:

Create an own TrustManager that accepts your custom certificate. How to create this trust-manager is explained perfectly in Nikolay Elenkov's blog:

Using a Custom Certificate Trust Store on Android.

Now we have two possibilities: 

The first one uses the MySSLSocketFactory and registers it app-wide as default SSL socket factory - see HttpsUrlConnection.setDefaultSSLSocketFactory(...) but this is not a good solution as it works app-wide.

The second solution requires to modify (or better copy and modify) the ksoap2 http transport classes HttpTransportSE and ServiceConnectionSE. The target is to be able to call setSSLSocketFactory on the HttpsUrlConnection in ServiceConnectionSE.

Robert

--
You received this message because you are subscribed to a topic in the Google Groups "ksoap2-android" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ksoap2-android/SlzkqBKSrGg/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ksoap2-androi...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Bye and take care,
Saravanan N