Using anything but the built in SSL authentication and validation modes and certificates issued by the CA’s that are preloaded into an Android phone by the manufacturer, is non-trivial. Android 4.2.2 has made it easier to dynamically add certificates, but as the vast majority of current devices aren’t even 4.x, this remains an issue. In particular, using self signed certificates requires the use of custom trust stores and custom key stores. If you want to turn on or off server host validation, or use client app certificate authentication, it becomes even trickier.
In May, I gave a presentation to the Chicago GDC group on SSL, different validation ‘modes’ and the use of self signed certificates. In addition to the discussion of the topic, I presented code samples from a helper library created that abstracts the problem and makes it easy to use different certificates (including self signed) and different validation modes.
I promised to make these available to the group, but experienced some delays, for which I would like to apologize. I have now uploaded the presentation and the source code for the library onto drop box. They can be found here: https://www.dropbox.com/sh/r8j884d8jggwomj/dXUgTvbvyM .
and attached to this post.
The Dropbox folder also contains a previous presentation on Push Notifications.
I will be adding the presentations and helper library code from other future presentations (the plan will be to upload the code a few days form the group meeting). I will hopefully be giving presentations on ‘Using SQLite’, ‘Manipulating the Android File System’ and ‘Using Wakelocks’ in the June and July meetings.
- David Allen,
Quantum Mobile Solutions.