-4

I am trying use AWS connection keys in Android for connection with Device using MQTT websocket but did not find a solution yet, please help me on that. If any one provide MQTT over SSL/TLS with 3 certificate AWS (ca,cert,private) android code.

final MqttAndroidClient mqttAndroidClient = new MqttAndroidClient(MainActivity.this, "ssl://" + pref.getMqttUrl(), clientId, persistence);

try {
     String clientId = MqttClient.generateClientId();

     MqttConnectOptions connectionOptions = new MqttConnectOptions();
     connectionOptions.setCleanSession(true);

    Log.e("Test", "ssl://" + pref.getMqttUrl());

    try {
        InputStream trustStoresIs = context.getResources().openRawResource(R.raw.ca_key);


        String trustStoreType = KeyStore.getDefaultType();
        KeyStore trustStore = KeyStore.getInstance(trustStoreType);
        trustStore.load(trustStoresIs, context.getString(R.string.bks_password).toCharArray());

        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(trustStore);

        InputStream keyStoreStream = context.getResources().openRawResource(R.raw.user_cer_key);
        KeyStore keyStore = null;
        keyStore = KeyStore.getInstance("BKS");
        keyStore.load(keyStoreStream, context.getString(R.string.bks_password).toCharArray());

        KeyManagerFactory keyManagerFactory = null;
        keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, context.getString(R.string.bks_password).toCharArray());

        SSLContext context = SSLContext.getInstance("SSL");
        context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), null);

        SSLSocketFactory sslsocketfactory = (SSLSocketFactory) context.getSocketFactory();
        connectionOptions.setSocketFactory(sslsocketfactory);

    } catch (KeyManagementException | CertificateException | KeyStoreException | IOException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    mqttAndroidClient.connect(connectionOptions, null, new IMqttActionListener() {
        @Override
        public void onSuccess(IMqttToken asyncActionToken) {
            Log.e("Mqtt","Connection Success!");

        }

        @Override
        public void onFailure(IMqttToken asyncActionToken, Throwable exception) {
            Log.e("Mqtt","Connection Failure!");

        }
    });

    mqttAndroidClient.setCallback(new MqttCallback() {
        @Override
        public void connectionLost(Throwable cause) {
            Log.e("Mqtt","Connection was lost!");

        }

        @Override
        public void messageArrived(String topic, MqttMessage message) throws Exception {



        }

        @Override
        public void deliveryComplete(IMqttDeliveryToken token) {
            System.out.println("mqtt Delivery Complete!");
        }

    });


} catch (Exception ex) {
    ex.printStackTrace();

}

Got error like 

Mqttjavax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Thanks.

hardillb
  • 54,545
  • 11
  • 67
  • 105
The Ray of Hope
  • 738
  • 1
  • 6
  • 16

1 Answers1

1

The error implies your truststore doesn't have either the right or the full certificate chain for to authenticate the server.

The following line bothers me:

InputStream trustStoresIs = 
    context.getResources().openRawResource(R.raw.ca_key);

It implys you are loading a key not a certificate for your CA chain. Also CA chains tend to have more than one layer (Primary CA cert signs Intermediate CA cert) so I would expect you to need to add more than one cert to the trust store.

hardillb
  • 54,545
  • 11
  • 67
  • 105