[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] Certificate Pinning in Android Using MQTT

Hi,
 
Do you get any exception when the App Crashes? Also, try changing the version of the mqttv3 library to 1.2.0. This release now uses Java 1.7 and has had a number of changes made to it that improve TLS support (SNI etc..).
 
Kind regards,
 
James Sutton
Software Engineer - IoT Foundation - MQTT Open Source Projects
Ops Team - Wimbledon Project

Phone: 01962 815438 | Extension: x372454
E-mail: 
Personal Website: www.jsutton.co.uk
Find me on:     
IBM

Hursley Park
HursleySO212JN
United Kingdom
 
IBM United Kingdom Limited Registered in England and Wales with number 741598 Registered office: PO Box 41, North Harbour, Portsmouth, Hants. PO6 3AU
 
 
----- Original message -----
From: Sumayya Shahzad <sumayya@xxxxxxxxxxxxxx>
Sent by: paho-dev-bounces@xxxxxxxxxxx
To: paho-dev@xxxxxxxxxxx
Cc:
Subject: [paho-dev] Certificate Pinning in Android Using MQTT
Date: Tue, Aug 15, 2017 8:39 AM
 
Hi, 
 
I hope this email finds you in good spirits.
 
I am relatively new at Android and I have developed a service which connects to the ActiveMQ host using SSL/TLS support of mqttv3:1.1.0
 
 
I have been able to perform TLS connection to ActiveMQ without the certificate pinning successfully.
However whenever I tried to implement certificate pinning using  Android Sample. The app crashed.
 
 
I am going to put in the sample code as an example for certificate pinning. As it says in the website, it fully supports TLS/SSL however, any code ensuring certificate pinning just crashes. I have also implemented certificate pinning on the Https library native of  Android and it is just working fine. But the same code does not work for MQTT lib. Attached code for more insight. 
 
 
 
    KeyStore myKeyStore = KeyStore.getInstance("BKS");
    myKeyStore.load(aContext.getResources().openRawResource(R.raw.mytruststore), "password".toCharArray());
    // Create a custom trust manager that accepts the server self-signed certificate
    TrustManagerFactory myTrustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            myTrustManagerFactory.init(myKeyStore);
            // Create the SSLContext for the SSLSocket to use
            SSLContext mySSLContext = SSLContext.getInstance("TLS");
            mySSLContext.init(null, myTrustManagerFactory.getTrustManagers(), new SecureRandom());
            // Create SSLSocketFactory
            SSLSocketFactory myFactory = mySSLContext.getSocketFactory();
            MqttConnectOptions myOptions = new MqttConnectOptions();
            myOptions.setCleanSession(false);

            myOptions.setAutomaticReconnect(true);
            myOptions.setKeepAliveInterval(Constant.KEEP_ALIVE_INTERVAL);
            myOptions.setSocketFactory(mySSLContext.getSocketFactory());
            myOptions.setSocketFactory(myFactory);
            theMQTTClient = new MqttAndroidClient(this.theContext,aBrokerUrl,aDeviceId);
            IMqttToken token = theMQTTClient.connect(myOptions);
 
 
Kindly help in this regard, As it seems more like an MQTT library specific issue. 
 
 
Kind Regards,
Sumayya Shahzad
 
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU