ssl - HTTPS Server on Android Device Using NanoHttpd -


i trying run https server on android device using nanohttpd (my final goal run wss server on android). ran http server , websocket using nanohttpd on android. generated key on mac using command , copied onto device:

keytool -genkey -keystore key.keystore -storepass keypass -storetype bks -provider org.bouncycastle.jce.provider.bouncycastleprovider 

i wrote following code:

keystore = keystore.getinstance("bks"); keystore.load(stream, keystorepwd.tochararray()); keymanagerfactory = keymanagerfactory            .getinstance(keymanagerfactory.getdefaultalgorithm()); keymanagerfactory.init(keystore, keystorepwd.tochararray()); sslcontext sc = sslcontext.getinstance("tls"); sc.init(keymanagerfactory.getkeymanagers(), null, null); server.makesecure(sc.getserversocketfactory()); server.start(); 

i tested on chrome 38 , 42 "minimum ssl/tls" flag set "sslv3". when want connect server keep receiving "err_ssl_version_or_cipher_mismatch" error.

i tried different instances of protocol (ssl/tls), on multiple machines, , browsers. tried nanohttpd sslserversocketfactory method. error same.

i looked @ samples including: https://github.com/nanohttpd/nanohttpd/issues/139

does have comment on this?

after hours of toil, i've got it!

here (working) code:

// placed block right below class declaration runs // class defined. (this localhost testing only!!!!)     static {     //for localhost testing     javax.net.ssl.httpsurlconnection.setdefaulthostnameverifier(     new javax.net.ssl.hostnameverifier(){          public boolean verify(string hostname,                 javax.net.ssl.sslsession sslsession) {             if (hostname.equals("localhost")) {                 return true;             }             return false;         }     }); }  // in init function, set here this.secureappserver = new nanohttpd(9043); file f =new file("src/main/resources/key001.jks"); system.setproperty("javax.net.ssl.truststore", f.getabsolutepath()); this.secureappserver.setserversocketfactory(new secureserversocketfactory(nanohttpd.makesslsocketfactory("/" +f.getname(), "myawesomepassword".tochararray()), null));  this.secureappserver.start(); 

here actual nanohttpd test case illustrates how done nano style.

package fi.iki.elonen;  import java.io.file;  /*  * #%l  * nanohttpd-core  * %%  * copyright (c) 2012 - 2015 nanohttpd  * %%  * redistribution , use in source , binary forms, or without modification,  * permitted provided following conditions met:  *   * 1. redistributions of source code must retain above copyright notice,  *    list of conditions , following disclaimer.  *   * 2. redistributions in binary form must reproduce above copyright notice,  *    list of conditions , following disclaimer in documentation  *    and/or other materials provided distribution.  *   * 3. neither name of nanohttpd nor names of contributors  *    may used endorse or promote products derived software without  *    specific prior written permission.  *   * software provided copyright holders , contributors "as is" ,  * express or implied warranties, including, not limited to, implied  * warranties of merchantability , fitness particular purpose disclaimed.  * in no event shall copyright holder or contributors liable direct,  * indirect, incidental, special, exemplary, or consequential damages (including,  * not limited to, procurement of substitute goods or services; loss of use,  * data, or profits; or business interruption) caused , on theory of  * liability, whether in contract, strict liability, or tort (including negligence  * or otherwise) arising in way out of use of software, if advised  * of possibility of such damage.  * #l%  */  import java.io.ioexception; import java.util.arrays;  import javax.net.ssl.sslserversocket;  import org.apache.http.httpentity; import org.apache.http.httpresponse; import org.apache.http.client.clientprotocolexception; import org.apache.http.client.methods.httptrace; import org.apache.http.impl.client.defaulthttpclient; import org.junit.after; import org.junit.assert; import org.junit.before; import org.junit.test;  import fi.iki.elonen.nanohttpd.secureserversocketfactory;  public class sslserversocketfactorytest extends httpservertest {      @test     public void testsslconnection() throws clientprotocolexception, ioexception {         defaulthttpclient httpclient = new defaulthttpclient();         httptrace httphead = new httptrace("https://localhost:9043/index.html");         httpresponse response = httpclient.execute(httphead);         httpentity entity = response.getentity();         assert.assertequals(200, response.getstatusline().getstatuscode());          assert.assertequals(9043, this.testserver.getlisteningport());         assert.asserttrue(this.testserver.isalive());     }      @test     public void testcreatepassestheprotocolstoserversocket() throws ioexception {         // first find supported protocols         secureserversocketfactory secureserversocketfactory = new secureserversocketfactory(nanohttpd.makesslsocketfactory("/keystore.jks", "password".tochararray()), null);         sslserversocket socket = (sslserversocket) secureserversocketfactory.create();         string[] protocols = socket.getsupportedprotocols();          // remove 1 element supported protocols         if (protocols.length > 0) {             protocols = arrays.copyofrange(protocols, 0, protocols.length - 1);         }          // test         secureserversocketfactory = new secureserversocketfactory(nanohttpd.makesslsocketfactory("/keystore.jks", "password".tochararray()), protocols);         socket = (sslserversocket) secureserversocketfactory.create();         assert.assertarrayequals("enabled protocols specified in factory not set socket.", protocols, socket.getenabledprotocols());     }      @before     public void setup() throws exception {         system.setproperty("javax.net.ssl.truststore", new file("src/test/resources/keystore.jks").getabsolutepath());         this.testserver = new testserver(9043);         this.testserver.setserversocketfactory(new secureserversocketfactory(nanohttpd.makesslsocketfactory("/keystore.jks", "password".tochararray()), null));         this.tempfilemanager = new testtempfilemanager();         this.testserver.start();         try {             long start = system.currenttimemillis();             thread.sleep(100l);             while (!this.testserver.wasstarted()) {                 thread.sleep(100l);                 if (system.currenttimemillis() - start > 2000) {                     assert.fail("could not start server");                 }             }         } catch (interruptedexception e) {         }     }      @after     public void teardown() {         this.testserver.stop();     } } 

Comments

Popular posts from this blog

android - Pass an Serializable object in AIDL -

How to provide Authorization & Authentication using Asp.net, C#? -

How to use Authorization & Authentication in Asp.net, C#? -