1

I am aware that google play denies apps that use code to trust all ssl certificates, but would the following code below that ignores the certificate chains of only one server be allowed by google play. 

    public class ServiceGenerator {
    public static String PREF_COOKIES = "pref_cookies";
     private static OkHttpClient.Builder httpClient = new   OkHttpClient.Builder();
    private static Retrofit.Builder builder;
    public static <S> S createService(Class<S> serviceClass) {
 return createService(serviceClass, null);
 }
 public static <S> S createService(Class<S> serviceClass, final   HashMap<String, String> headers) {
 builder = new Retrofit.Builder()
 .baseUrl("your service address")
  .addConverterFactory(GsonConverterFactory.create());
 httpClient.sslSocketFactory(getSSLSocketFactory());
 httpClient.hostnameVerifier(new HostnameVerifier() {
 @Override
 public boolean verify(String hostname, SSLSession session) {
 return true;
 }
 });
 OkHttpClient client = httpClient.build();
 Retrofit retrofit = builder.client(client).build();
 return retrofit.create(serviceClass);
  }
  private static SSLSocketFactory getSSLSocketFactory() {
  try {
  // Create a trust manager that does not validate certificate   chains
  final TrustManager[] trustAllCerts = new TrustManager[]{
  new X509TrustManager() {
  @Override
  public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String  authType) throws CertificateException {
  }
  @Override
  public void  checkServerTrusted(java.security.cert.X509Certificate[] chain, String  authType) throws CertificateException {
  }
  @Override
  public java.security.cert.X509Certificate[] getAcceptedIssuers()  {
  return new java.security.cert.X509Certificate[]{};
  }
  }
  };
   // Install the all-trusting trust manager
  final SSLContext sslContext = SSLContext.getInstance("SSL");
  sslContext.init(null, trustAllCerts, new  java.security.SecureRandom());
  // Create an ssl socket factory with our all-trusting manager
  final SSLSocketFactory sslSocketFactory =  sslContext.getSocketFactory();
  return sslSocketFactory;
 } catch (KeyManagementException | NoSuchAlgorithmException e) {
 return null;
 }

I found this code on another stack overflow post but could not comment due to having reputation less than 50.

Bwalya
  • 118
  • 11

0 Answers0