0

I am trying to implement a HTTPS connection in a self-signed Tomcat 8.5 server. I have spent two days trying to find the bug (thinking that It is related to the certificates).

My code to do my GET operation is very simple: 

    DefaultHttpClient client = new DefaultHttpClient();
    HttpGet get = new HttpGet("https://myIpServer:8443");
    HttpResponse response = client.execute(get);

It is added in an InstrumentTestCase2 test which it is linked to my MainActivity (It does other things, but no related to a HTTP connection so It should not give problems)

I am receiving this error:

02-13 10:37:36.033  6215  6246 W System  : ClassLoader referenced unknown path: /system/framework/tcmclient.jar
02-13 10:37:36.186   788  3961 I ActivityManager: Killing 6188:com.tumblr/u0a111 (adj 15): empty #17
02-13 10:37:36.266   788  3961 I ActivityManager: Killing 6161:com.android.keychain/1000 (adj 15): empty #18
02-13 10:37:36.323   788  3704 D GraphicsStats: Buffer count: 9
02-13 10:37:36.324   788  3704 I WindowState: WIN DEATH: Window{997cc4d u0 gasnatural.appcountermanager/myapp.main.MainActivity}

And the server certificates seem correct: 

openssl s_client -connect myIpServer:8443      
CONNECTED(00000003)
depth=0 C = XXX, ST = XXX, L = XXX, O = XXX, OU = XXX, CN = XXX
verify error:num=18:self signed certificate
verify return:1
depth=0 C = XXX, ST = XXX, L = XXX, O = XXX, OU = XXX, CN = XXX
verify return:1
---
Certificate chain
 0 s:/C=XXX/ST=XXX/L=XXX/O=XXX/OU=XXX/CN=XXX
   i:/C=XXX/ST=XXX/L=XXX/O=XXX/OU=XXX/CN=XXX
---
---
Server certificate
-----BEGIN CERTIFICATE-----
My certificate hash
-----END CERTIFICATE-----
subject=/C=XXX/ST=XXX/L=XXX/O=XXX/OU=XXX/CN=XXX
issuer=/C=XXX/ST=XXX/L=XXX/O=XXX/OU=XXX/CN=XXX
---
No client certificate CA names sent
---
SSL handshake has read 1499 bytes and written 501 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: a_long_id_number
    Session-ID-ctx: 
    Master-Key: a_long_id_number
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1486978425
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

My server works fine for HTTP in 8080. Also, I tested another self-signed web, and the previous pasted code connect without problems...

UPDATE1:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="gasnatural.appcountermanager">

    <uses-permission android:name="android.permission.BLUETOOTH_ADMIN" />
    <uses-permission android:name="android.permission.BLUETOOTH" />
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
    <uses-permission android:name="android.permission.WAKE_LOCK" />
    <uses-permission android:name="android.permission.INTERNET" />

    <application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:supportsRtl="true"
        android:theme="@style/AppTheme">

        <activity android:name=".main.MainActivity">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />

                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
        </activity>
        <activity android:name=".listconcentrators.ListConcentratorsActivity" android:screenOrientation="portrait"/>
        <activity android:name=".informationconcentrator.InformationConcentratorActivity" android:screenOrientation="portrait"/>
        <activity android:name=".newconcentrator.NewConcentratorActivity" android:screenOrientation="portrait"/>
        <activity android:name=".listcameras.ListCamerasActivity" android:screenOrientation="portrait"/>
        <activity android:name=".configurecamera.ConfigureCameraActivity" android:screenOrientation="portrait"/>
        <activity android:name=".mock.MockTestActivity" android:screenOrientation="portrait"/>
        <activity  android:screenOrientation="landscape" android:configChanges="orientation|keyboardHidden" android:name=".drawrectangle.DrawRectangleActivity" />


        <service android:name="gasnatural.appcountermanager.bluetooth.BTService"
            android:enabled="true"
            android:exported="false">
        </service>
    </application>

</manifest>

Comment: (I know, self-signed is insecure, but It is a prototype for our company, for a possible future production version It will be well-configured)

carlos.baez
  • 813
  • 8
  • 28
  • `new HttpGet("http://myIpServer:8443");` shouldn't that be "http**s**://..." ? – Fildor Feb 13 '17 at 10:36
  • My fault, I pasted bad the code...I use https, i am going to fix it in the post – carlos.baez Feb 13 '17 at 10:51
  • Same error message in this question: http://stackoverflow.com/q/37298973/982149 turned out to be a bad manifest. Could you check that? – Fildor Feb 13 '17 at 10:56
  • All the Android app works fine in 8080. For this reason, I discarded a problem with androidmanifest.xml. Anyway, I will review it, also I will paste it. I would appreciate if someone find something wrong in the file... – carlos.baez Feb 13 '17 at 11:01
  • `ClassLoader referenced unknown path: /system/framework/tcmclient.jar` is this file yours? how have you configured the client truststore? – pedrofb Feb 13 '17 at 11:18
  • `tcmclient.jar` is not mine, It seems called internally for the `HttpClient`, but I don't know why... About trutstore, I created one but it didn't import it in this case in order to keep simple the test... It is an only get request to a https web... – carlos.baez Feb 13 '17 at 11:39
  • If the web uses a self-signed certificate that is not present in the system truststore, you need to import there a configure a custom truststore for your app. I do not know if `tcmclient.jar` is related with the issue – pedrofb Feb 13 '17 at 13:10
  • I thought, you can code a solution without create a trutstore: - http://stackoverflow.com/questions/2893819/telling-java-to-accept-self-signed-ssl-certificate?rq=1 - http://stackoverflow.com/questions/2012497/accepting-a-certificate-for-https-on-android?rq=1 – carlos.baez Feb 13 '17 at 14:07
  • In fact, the test could try to connect to other webs without trustore – carlos.baez Feb 13 '17 at 14:11

0 Answers0