Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » Certificate Pinning in Android Paho Mqtt -Library [3.1.1.0 ] -issue(Eclipse Mqtt paho library not able to attach SSl certificate)
Certificate Pinning in Android Paho Mqtt -Library [3.1.1.0 ] -issue [message #1787179] Mon, 21 May 2018 11:16
Gokul R is currently offline Gokul RFriend
Messages: 1
Registered: May 2018
Junior Member
I have been able to perform mqtt connection without TLS/SSL certificate using paho{ mqttv3:1.1.0 } Service. However when I tried pinning SSL certificate in Android its not working. below explained the processes I performed for SSL pinning in Android, Please go through and let me know the issue. Attaching code for more insight.

Step 1: Certificate Conversion


Converted certificate.pem file to bouncy castle format and stored in raw folder in Android project.

D:\>"C:\Program Files\Java\jdk1.8.0_121\bin\keytool" -import -alias mqtt-broker -file C:\Users\gokul.r\Downloads\certificate.pem -keypass ***** -keystore raw_key_file -storetype BKS -storepass ***** -providerClass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath C:\Users\gokul.r\Downloads\bcprov-jdk16-1.45.jar




Step 2: MQTT client Settings


if (null == mclientPublisher) {
try {
mclientPublisher = new MqttAndroidClient(context, mqttBrokerURL, PublisherClientID, new MemoryPersistence());

if (null != mclientPublisher) {

MqttConnectOptions options = null;
options = new MqttConnectOptions();
options.setMqttVersion(MqttConnectOptions.MQTT_VERSION_3_1_1);
options.setConnectionTimeout(60);
options.setKeepAliveInterval(120);
options.setAutomaticReconnect(true);
// SslUtility.newInstance(context);
options.setSocketFactory(SslUtility.getInstance().getSocketFactory(R.raw.raw_key_file,"****"));
options.setCleanSession(true);
}
} catch (NullPointerException ex) {
Log.e(TAG, "initPublisher method -inside catch block- Error is : " + ex.toString());
disconnect();
}
}



Step 3: SSL UTILITY CLASS


public class SslUtility {
private static SslUtility mInstance = null;
private Context mContext = null;
private HashMap<Integer, SSLSocketFactory> mSocketFactoryMap = new HashMap<Integer, SSLSocketFactory>();
public SslUtility(Context context) {
mContext = context;
}
public static SslUtility getInstance( ) {
if ( null == mInstance ) {
throw new RuntimeException("first call must be to SslUtility.newInstance(Context) ");
}
return mInstance;
}
public static SslUtility newInstance( Context context ) {
if ( null == mInstance ) {
mInstance = new SslUtility( context );
}
return mInstance;
}
public SSLSocketFactory getSocketFactory(int certificateId, String certificatePassword ) {
SSLSocketFactory result = mSocketFactoryMap.get(certificateId); // check to see if already created
if ( ( null == result) && ( null != mContext ) ) { // not cached so need to load server certificate
try {
KeyStore keystoreTrust = KeyStore.getInstance("BKS"); // Bouncy Castle
keystoreTrust.load(mContext.getResources().openRawResource(certificateId),
certificatePassword.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystoreTrust);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
result = sslContext.getSocketFactory();
mSocketFactoryMap.put( certificateId, result); // cache for reuse
}
catch ( Exception ex ) {
// log exception
}
}
return result;
}



Error :
05-18 10:18:55.638 20810-20810/: disconnect method -inside catch block- Error is : java.lang.NullPointerException: Attempt to invoke virtual method 'boolean org.eclipse.paho.android.service.MqttAndroidClient.isConnected()' on a null object reference

It seems the MQTT client object is not created.

Previous Topic:How do I recover from Drag-&-Drop?
Next Topic:The archive: XXXXX which is referenced by the classpath, does not exist.
Goto Forum:
  


Current Time: Thu Oct 18 17:58:33 GMT 2018

Powered by FUDForum. Page generated in 0.03232 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top