[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[paho-dev] Certificate Pinning in Android Using MQTT

Hi,Â

I hope this email finds you in good spirits.

I am relatively new at Android and I have developed a service which connects to the ActiveMQ host using SSL/TLS support ofÂmqttv3:1.1.0


I have been able to perform TLS connection to ActiveMQ without the certificate pinning successfully.
However whenever I tried to implement certificate pinning using ÂAndroid Sample. The app crashed.


I am going to put in the sample code as an example for certificate pinning. As it says in the website, it fully supports TLS/SSL however, any code ensuring certificate pinning just crashes. I have also implemented certificate pinning on the Https library native of ÂAndroid and it is just working fine. But the same code does not work for MQTT lib. Attached code for more insight.Â



  KeyStore myKeyStore = KeyStore.getInstance("BKS");
  myKeyStore.load(aContext.getResources().openRawResource(R.raw.mytruststore), "password".toCharArray());
  // Create a custom trust manager that accepts the server self-signed certificate
  TrustManagerFactory myTrustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
      myTrustManagerFactory.init(myKeyStore);
      // Create the SSLContext for the SSLSocket to use
      SSLContext mySSLContext = SSLContext.getInstance("TLS");
      mySSLContext.init(null, myTrustManagerFactory.getTrustManagers(), new SecureRandom());
      // Create SSLSocketFactory
      SSLSocketFactory myFactory = mySSLContext.getSocketFactory();
      MqttConnectOptions myOptions = new MqttConnectOptions();
      myOptions.setCleanSession(false);

      myOptions.setAutomaticReconnect(true);
      myOptions.setKeepAliveInterval(Constant.KEEP_ALIVE_INTERVAL);
      myOptions.setSocketFactory(mySSLContext.getSocketFactory());
      myOptions.setSocketFactory(myFactory);
      theMQTTClient = new MqttAndroidClient(this.theContext,aBrokerUrl,aDeviceId);
      IMqttToken token = theMQTTClient.connect(myOptions);


Kindly help in this regard, As it seems more like an MQTT library specific issue.Â


Kind Regards,
Sumayya Shahzad
Â