Exoplayer. How to validate server certificate?

Question

I am trying to connect to a server through https and Android does not recognize the certificate as "trusted", so I get the following exception:

javax.net.ssl.SSLHandshakeException:java.security.cert.CertPathValidatorException:
Trust anchor for certification path not found.

To solve this problem, I have Included the certificate in the app (assets folder) and use it to validate the server certificate.

I do it with a class called CustomSSLSocketFactory where it is read the certificate and make the validation process during the https connection without problem.

link in Spanish

link in English

HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(CustomSSLSocketFactory.getSSLSocketFactory(context));

Now I have to repeat this process but using exoplayer2 to play the hlsvideo, and after several days investigating I do not achieve it.

private MediaSource buildMediaSourceHlsMedia(Uri uri) throws MalformedURLException {

    String UserAgent = Util.getUserAgent(getContext (), getResources().getString(R.string.app_name));
    int minLoadableRetryCount;
    DefaultHttpDataSourceFactory dataSourceFactory =new DefaultHttpDataSourceFactory( UserAgent,BANDWIDTH_METER,DefaultHttpDataSource.DEFAULT_CONNECT_TIMEOUT_MILLIS, DefaultHttpDataSource.DEFAULT_READ_TIMEOUT_MILLIS,true);
    dataSourceConHeader(dataSourceFactory,uri.toString(),mParam4);
    MediaSource ms= new HlsMediaSource.Factory(dataSourceFactory).setMinLoadableRetryCount(5).createMediaSource(uri);
    return ms;

}

I suppose that it is necessary to code a custom datasource but after several days, I can not achieve it. I do not know how to do it. I suppose that I have to include in the custom datasource , (with the rest of necessary code) :
conn.setSSLSocketFactory(CustomSSLSocketFactory.getSSLSocketFactory(context));

Can someone guide me?. Thanks

score 0 · Answer 1 · answered Nov 09 '18 at 05:39

I use exoplayer with local url like "https://10.10.10.xx/file.flv".

And I do this to ignore check verify.

private static void disableSSLCertificateVerify() {
    TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    X509Certificate[] myTrustedAnchors = new X509Certificate[0];
                    return myTrustedAnchors;
                }

                @Override
                public void checkClientTrusted(X509Certificate[] certs, String authType) {}

                @Override
                public void checkServerTrusted(X509Certificate[] certs, String authType) {}
            }
    };

    try {
        SSLContext sc = SSLContext.getInstance("SSL");

        sc.init(null, trustAllCerts, new SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
    } catch (KeyManagementException e) {
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }
}

I know maybe too late. But hope it's help.

thx for your reply but It is not possible avoid check verification in this scenery. — kar10s, Dec 26 '18 at 16:32
Don't do this for your published apps, google play finds and wants you to remove this code. — Cembora, Oct 14 '20 at 14:41

Exoplayer. How to validate server certificate?

1 Answers1