Repository with SSL - problem in to do the download

I created my repository FDROID using SSL to my .apks and when the FDROID client to do the download of index-v1.jar I received the error: “Trust Anchor not found for Android SSL Connection” I changed the methods to accept the Https and I also added the root certificate, but I isn’t working too.
What can I do?

Self signed cert ? What Android version?

It is a root comodo and the android is 5.1.1

5.0.1 or 5.1.1?

Did you try any other devices?

Is 5.1.1 and I tried in 7.0 but not worked too

I get, I’ll post the class, if no body to need

public class FdroidKeyPin {
private static FdroidKeyPin instance;
private SSLContext sslContext;

private FdroidKeyPin(Context context) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);

    ArrayList<Certificate> caCerts = new ArrayList<>();

    String[] caFiles = context.getFilesDir().list(new FilenameFilter() {
        @Override
        public boolean accept(File file, String s) {
            return s.toLowerCase().endsWith(".p7b");
        }
    });
    for (String caFile : caFiles)
        caCerts.addAll(cf.generateCertificates(context.openFileInput(caFile)));

    caFiles = context.getFilesDir().list(new FilenameFilter() {
        @Override
        public boolean accept(File file, String s) {
            return s.toLowerCase().endsWith(".cer") ||
                    s.toLowerCase().endsWith(".pem");
        }
    });
    for (String caFile : caFiles)
        loadCACerts(context.openFileInput(caFile), caCerts);

    caFiles = new String[]{"trust-chain.crt"};
    for (String caFile : caFiles)
        loadCACerts(context.getAssets().open(caFile), caCerts);

    // Insere os certificados no KeyStore
    KeyStore ksTrust = KeyStore.getInstance("PKCS12");
    ksTrust.load(null);
    for (int i = 0; i < caCerts.size(); i++)
        ksTrust.setCertificateEntry("cert" + i, caCerts.get(i));
    // Inicia o TrustManagerFactory
    tmf = TrustManagerFactory.getInstance("X509");
    tmf.init(ksTrust);

    sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, tmf.getTrustManagers(), null);
}

private static void loadCACerts(InputStream is, ArrayList<Certificate> caCerts) throws Exception {
    CertificateFactory factory = CertificateFactory.getInstance("X.509");
    BufferedReader r = new BufferedReader(new InputStreamReader(is));
    StringBuilder total = new StringBuilder();
    String line;
    boolean reading = false;
    while ((line = r.readLine()) != null) {
        if (line.matches("-----.*-----")) {
            if (reading) {
                total.append(line);
                caCerts.add(factory.generateCertificate(
                        new ByteArrayInputStream(total.toString().getBytes())));
                total = new StringBuilder();
                reading = false;
            } else {
                total.append(line).append("\n");
                reading = true;
            }
        } else if (!line.equals(""))
            total.append(line).append("\n");
    }
    is.close();
}

public static synchronized FdroidKeyPin getInstance(Context context) throws Exception {
    if (instance == null)
        instance = new FdroidKeyPin(context);
    return instance;
}

public SSLContext getContext() {
    return sslContext;
}
}

Sounds like older versions of Android don’t fully support that Certificate Authority.

I recommend Let’s Encrypt for certificates. It is trustworthy, easy, free software, and doesn’t cost money.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.