{"id":519,"date":"2015-11-08T06:55:29","date_gmt":"2015-11-08T06:55:29","guid":{"rendered":"http:\/\/installingcats.com\/?p=519"},"modified":"2015-11-08T06:55:29","modified_gmt":"2015-11-08T06:55:29","slug":"spring-boot-ssl-android-retrofit","status":"publish","type":"post","link":"https:\/\/installingcats.com\/2015\/11\/08\/spring-boot-ssl-android-retrofit\/","title":{"rendered":"Spring Boot SSL with Android Retrofit"},"content":{"rendered":"<p>To setup Spring Boot SSL with Android Retrofit connecting on HTTPS 443:<\/p>\n<p>In Spring Boot<\/p>\n<ol>\n<li>&lt;your project&gt;\/src\/main\/resources\/application.properties &#8211; add the following values (not the &#8220;1.&#8221; which is just WordPress ordered list numbering)\n<ol>\n<li><code>security.require-ssl=true<br \/>\nserver.port=8443<br \/>\nserver.ssl.key-store=src\/main\/resources\/private\/keystore<br \/>\nserver.ssl.key-store-password=changeit<br \/>\nserver.ssl.key-password=changeit<\/code><\/li>\n<\/ol>\n<\/li>\n<li><a href=\"https:\/\/www.drissamri.be\/blog\/java\/enable-https-in-spring-boot\/\" target=\"_blank\" rel=\"noopener\">create and add an SSL key<\/a> to the location specified by server.ssl.key-store. Note: the SSL certificate file is actually named &#8220;keystore&#8221;. \u00a0That&#8217;s not a directory.<\/li>\n<li>Restart your Spring server and you should be able to make httpS connections on port 8443<\/li>\n<\/ol>\n<p>In Android Retrofit<\/p>\n<ul>\n<li>Add an OkHttp compile dependency to build.gradle<\/li>\n<\/ul>\n<p><code>compile 'com.squareup.okhttp:okhttp:2.5.0'<\/code><\/p>\n<ul>\n<li>Create a class that returns an OkHttp client that doesn&#8217;t validate trust certificates (written by Jules White of Vanderbuilt)<\/li>\n<\/ul>\n<p><code><br \/>\npublic class UnsafeHttpsClient {<\/code><\/p>\n<p>public static OkHttpClient getUnsafeOkHttpClient() {<br \/>\ntry {<br \/>\n\/\/ Create a trust manager that does not validate certificate chains<br \/>\nfinal TrustManager[] trustAllCerts = new TrustManager[] {<br \/>\nnew X509TrustManager() {<\/p>\n<p>@Override<br \/>\npublic void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {<br \/>\n}<\/p>\n<p>@Override<br \/>\npublic void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {<br \/>\n}<\/p>\n<p>@Override<br \/>\npublic java.security.cert.X509Certificate[] getAcceptedIssuers() {<br \/>\nreturn null;<br \/>\n}<br \/>\n}<br \/>\n};<\/p>\n<p>\/\/ Install the all-trusting trust manager<br \/>\nfinal SSLContext sslContext = SSLContext.getInstance(&#8220;SSL&#8221;);<br \/>\nsslContext.init(null, trustAllCerts, new java.security.SecureRandom());<br \/>\n\/\/ Create an ssl socket factory with our all-trusting manager<br \/>\nfinal SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();<\/p>\n<p>OkHttpClient okHttpClient = new OkHttpClient();<br \/>\nokHttpClient.setSslSocketFactory(sslSocketFactory);<br \/>\nokHttpClient.setHostnameVerifier(new HostnameVerifier() {<br \/>\n@Override<br \/>\npublic boolean verify(String hostname, SSLSession session) {<br \/>\nreturn true;<br \/>\n}<br \/>\n});<\/p>\n<p>return okHttpClient;<br \/>\n} catch (Exception e) {<br \/>\nthrow new RuntimeException(e);<br \/>\n}<br \/>\n}<br \/>\n}<\/p>\n<ul>\n<li>Update your Retrofit\u00a0rest adapter with this unsafe OkHttp client<\/li>\n<\/ul>\n<p><code> return new RestAdapter<br \/>\n.Builder()<br \/>\n.setEndpoint(server)<br \/>\n.setLogLevel(logLevel)<br \/>\n.setLog(new AndroidLog(debugTag))<br \/>\n.setConverter(new GsonConverter(myGsonDateAdapter()))<br \/>\n.setClient(new OkClient(UnsafeHttpsClient.getUnsafeOkHttpClient()))<br \/>\n.build()<br \/>\n.create(WebProxy.class);<\/code><\/p>\n<p>In the above example,<\/p>\n<ul>\n<li>WebProxy is the API interface class.<\/li>\n<li>server is obviously the Spring server, should be https and at whatever port specified in Spring&#8217;s application.properties<\/li>\n<li>debugTag is optional text to prefix Retrofit calls in Android&#8217;s console log<\/li>\n<li>Converter is not required<\/li>\n<\/ul>\n<p>Other tools that might help debug<\/p>\n<ul>\n<li><a href=\"https:\/\/www.getpostman.com\/\" target=\"_blank\" rel=\"noopener\">Postman<\/a> &#8211; if you can make an https\/8443 GET request to your Spring server, you know Spring is setup properly<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>To setup Spring Boot SSL with Android Retrofit connecting on HTTPS 443: In Spring Boot &lt;your project&gt;\/src\/main\/resources\/application.properties &#8211; add the following values (not the &#8220;1.&#8221; which is just WordPress ordered list numbering) security.require-ssl=true server.port=8443 server.ssl.key-store=src\/main\/resources\/private\/keystore server.ssl.key-store-password=changeit server.ssl.key-password=changeit create and add an SSL key to the location specified by server.ssl.key-store. Note: the SSL certificate file is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[28,29,248],"tags":[253,254],"_links":{"self":[{"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/posts\/519"}],"collection":[{"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/comments?post=519"}],"version-history":[{"count":0,"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/posts\/519\/revisions"}],"wp:attachment":[{"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/media?parent=519"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/categories?post=519"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/installingcats.com\/wp-json\/wp\/v2\/tags?post=519"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}