Hi I have a situation where I want to remove SSL pinning on the Android app.
Here is the code I have which does the SSL pinning.
private AsyncHttpClient m_asyncHttpClient;
m_asyncHttpClient.setSSLSocketFactory(getSSLSocketFactory());
private static SSLSocketFactory getSSLSocketFactory(){
try {
// Get an instance of the Bouncy Castle KeyStore format
KeyStore trusted = KeyStore.getInstance("BKS");
// Get the raw resource, which contains the pinnedcert with
// your trusted certificates (root and any intermediate certs)
InputStream in = DPApp.getInstance().getResources().openRawResource(R.raw.XXXXX);
try {
// Initialize the pinnedcert with the provided trusted certificates
// Also provide the password of the pinnedcert
trusted.load(in, "XXX".toCharArray());
trusted.size();
} finally {
in.close();
}
// Pass the pinnedcert to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
return sf;
} catch (Exception e) {
throw new AssertionError(e);
}
}
I tried to comment the setSSLSocketFactory line but that gave me an error
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I know server certificate has expired but for now I just want to remove SSL pinning from the app.
Any suggestions on what is the best way to do that from the Android code please.
