Repository with SSL - problem in to do the download


#1

I created my repository FDROID using SSL to my .apks and when the FDROID client to do the download of index-v1.jar I received the error: “Trust Anchor not found for Android SSL Connection” I changed the methods to accept the Https and I also added the root certificate, but I isn’t working too.
What can I do?


#2

Self signed cert ? What Android version?


#3

It is a root comodo and the android is 5.1.1


#4

5.0.1 or 5.1.1?

Did you try any other devices?


#5

Is 5.1.1 and I tried in 7.0 but not worked too


#6

I get, I’ll post the class, if no body to need

public class FdroidKeyPin {
private static FdroidKeyPin instance;
private SSLContext sslContext;

private FdroidKeyPin(Context context) throws Exception {
    CertificateFactory cf = CertificateFactory.getInstance("X.509");

    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);

    ArrayList<Certificate> caCerts = new ArrayList<>();

    String[] caFiles = context.getFilesDir().list(new FilenameFilter() {
        @Override
        public boolean accept(File file, String s) {
            return s.toLowerCase().endsWith(".p7b");
        }
    });
    for (String caFile : caFiles)
        caCerts.addAll(cf.generateCertificates(context.openFileInput(caFile)));

    caFiles = context.getFilesDir().list(new FilenameFilter() {
        @Override
        public boolean accept(File file, String s) {
            return s.toLowerCase().endsWith(".cer") ||
                    s.toLowerCase().endsWith(".pem");
        }
    });
    for (String caFile : caFiles)
        loadCACerts(context.openFileInput(caFile), caCerts);

    caFiles = new String[]{"trust-chain.crt"};
    for (String caFile : caFiles)
        loadCACerts(context.getAssets().open(caFile), caCerts);

    // Insere os certificados no KeyStore
    KeyStore ksTrust = KeyStore.getInstance("PKCS12");
    ksTrust.load(null);
    for (int i = 0; i < caCerts.size(); i++)
        ksTrust.setCertificateEntry("cert" + i, caCerts.get(i));
    // Inicia o TrustManagerFactory
    tmf = TrustManagerFactory.getInstance("X509");
    tmf.init(ksTrust);

    sslContext = SSLContext.getInstance("TLSv1.2");
    sslContext.init(null, tmf.getTrustManagers(), null);
}

private static void loadCACerts(InputStream is, ArrayList<Certificate> caCerts) throws Exception {
    CertificateFactory factory = CertificateFactory.getInstance("X.509");
    BufferedReader r = new BufferedReader(new InputStreamReader(is));
    StringBuilder total = new StringBuilder();
    String line;
    boolean reading = false;
    while ((line = r.readLine()) != null) {
        if (line.matches("-----.*-----")) {
            if (reading) {
                total.append(line);
                caCerts.add(factory.generateCertificate(
                        new ByteArrayInputStream(total.toString().getBytes())));
                total = new StringBuilder();
                reading = false;
            } else {
                total.append(line).append("\n");
                reading = true;
            }
        } else if (!line.equals(""))
            total.append(line).append("\n");
    }
    is.close();
}

public static synchronized FdroidKeyPin getInstance(Context context) throws Exception {
    if (instance == null)
        instance = new FdroidKeyPin(context);
    return instance;
}

public SSLContext getContext() {
    return sslContext;
}
}

#7

Sounds like older versions of Android don’t fully support that Certificate Authority.


#8

I recommend Let’s Encrypt for certificates. It is trustworthy, easy, free software, and doesn’t cost money.