Spring Boot SSL with Android Retrofit

By | November 8, 2015

To setup Spring Boot SSL with Android Retrofit connecting on HTTPS 443:

In Spring Boot

  1. <your project>/src/main/resources/application.properties – add the following values (not the “1.” which is just WordPress ordered list numbering)
    1. security.require-ssl=true
      server.port=8443
      server.ssl.key-store=src/main/resources/private/keystore
      server.ssl.key-store-password=changeit
      server.ssl.key-password=changeit
  2. create and add an SSL key to the location specified by server.ssl.key-store. Note: the SSL certificate file is actually named “keystore”.  That’s not a directory.
  3. Restart your Spring server and you should be able to make httpS connections on port 8443

In Android Retrofit

  • Add an OkHttp compile dependency to build.gradle

compile 'com.squareup.okhttp:okhttp:2.5.0'

  • Create a class that returns an OkHttp client that doesn’t validate trust certificates (written by Jules White of Vanderbuilt)


public class UnsafeHttpsClient {

public static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {

@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}

@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};

// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance(“SSL”);
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

OkHttpClient okHttpClient = new OkHttpClient();
okHttpClient.setSslSocketFactory(sslSocketFactory);
okHttpClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});

return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}

  • Update your Retrofit rest adapter with this unsafe OkHttp client

return new RestAdapter
.Builder()
.setEndpoint(server)
.setLogLevel(logLevel)
.setLog(new AndroidLog(debugTag))
.setConverter(new GsonConverter(myGsonDateAdapter()))
.setClient(new OkClient(UnsafeHttpsClient.getUnsafeOkHttpClient()))
.build()
.create(WebProxy.class);

In the above example,

  • WebProxy is the API interface class.
  • server is obviously the Spring server, should be https and at whatever port specified in Spring’s application.properties
  • debugTag is optional text to prefix Retrofit calls in Android’s console log
  • Converter is not required

Other tools that might help debug

  • Postman – if you can make an https/8443 GET request to your Spring server, you know Spring is setup properly


Related Articles: