Certificate Pinning in Android Paho Mqtt -Library [3.1.1.0 ] -issue [message #1787179] |
Mon, 21 May 2018 11:16 |
Gokul R Messages: 1 Registered: May 2018 |
Junior Member |
|
|
I have been able to perform mqtt connection without TLS/SSL certificate using paho{ mqttv3:1.1.0 } Service. However when I tried pinning SSL certificate in Android its not working. below explained the processes I performed for SSL pinning in Android, Please go through and let me know the issue. Attaching code for more insight.
Step 1: Certificate Conversion
Converted certificate.pem file to bouncy castle format and stored in raw folder in Android project.
D:\>"C:\Program Files\Java\jdk1.8.0_121\bin\keytool" -import -alias mqtt-broker -file C:\Users\gokul.r\Downloads\certificate.pem -keypass ***** -keystore raw_key_file -storetype BKS -storepass ***** -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath C:\Users\gokul.r\Downloads\bcprov-jdk16-1.45.jar
Step 2: MQTT client Settings
if (null == mclientPublisher) {
try {
mclientPublisher = new MqttAndroidClient(context, mqttBrokerURL, PublisherClientID, new MemoryPersistence());
if (null != mclientPublisher) {
MqttConnectOptions options = null;
options = new MqttConnectOptions();
options.setMqttVersion(MqttConnectOptions.MQTT_VERSION_3_1_1);
options.setConnectionTimeout(60);
options.setKeepAliveInterval(120);
options.setAutomaticReconnect(true);
// SslUtility.newInstance(context);
options.setSocketFactory(SslUtility.getInstance().getSocketFactory(R.raw.raw_key_file,"****"));
options.setCleanSession(true);
}
} catch (NullPointerException ex) {
Log.e(TAG, "initPublisher method -inside catch block- Error is : " + ex.toString());
disconnect();
}
}
Step 3: SSL UTILITY CLASS
public class SslUtility {
private static SslUtility mInstance = null;
private Context mContext = null;
private HashMap<Integer, SSLSocketFactory> mSocketFactoryMap = new HashMap<Integer, SSLSocketFactory>();
public SslUtility(Context context) {
mContext = context;
}
public static SslUtility getInstance( ) {
if ( null == mInstance ) {
throw new RuntimeException("first call must be to SslUtility.newInstance(Context) ");
}
return mInstance;
}
public static SslUtility newInstance( Context context ) {
if ( null == mInstance ) {
mInstance = new SslUtility( context );
}
return mInstance;
}
public SSLSocketFactory getSocketFactory(int certificateId, String certificatePassword ) {
SSLSocketFactory result = mSocketFactoryMap.get(certificateId); // check to see if already created
if ( ( null == result) && ( null != mContext ) ) { // not cached so need to load server certificate
try {
KeyStore keystoreTrust = KeyStore.getInstance("BKS"); // Bouncy Castle
keystoreTrust.load(mContext.getResources().openRawResource(certificateId),
certificatePassword.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystoreTrust);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
result = sslContext.getSocketFactory();
mSocketFactoryMap.put( certificateId, result); // cache for reuse
}
catch ( Exception ex ) {
// log exception
}
}
return result;
}
Error :
05-18 10:18:55.638 20810-20810/: disconnect method -inside catch block- Error is : java.lang.NullPointerException: Attempt to invoke virtual method 'boolean org.eclipse.paho.android.service.MqttAndroidClient.isConnected()' on a null object reference
It seems the MQTT client object is not created.
|
|
|
Powered by
FUDForum. Page generated in 0.06650 seconds