Create an application that downloads a web page through HTTPS. The activity includes an EditText, a Button and a TextView. The user introduces an URL and clicks on the button to obtain the contents of the web page.

Steps:

• When the Button is clicked, check network connectivity through the ConnectivityManager
• Then, perform network operations in an AsyncTask
• Use HttpsURLConnection for performing HTTPS GET requests
• Get associated InputStream for receiving the reply
• The reply is displayed in the TextView

Hint: See task 1 from lab 3 and adapt it to use HttpsURLConnection.

Test using different HTTPS URLS (e.q. https://www.google.com/). Then test with different subdomains from https://badssl.com/ (with valid and invalid certificates).

Resources:

• https://developer.android.com/training/basics/network-ops/connecting.html
• https://developer.android.com/training/articles/security-ssl.html

The Android system includes a system (default) trust store, which includes a list of trusted Certificate Authorities (CAs).

Modify the previous application in order to display the system trust store using TrustManager.

Steps:

• Obtain an instance of TrustManagerFactory and initialize it
• Obtain an instance of the first TrustManager (X509TrustManager)
• Display information about each trust anchor (X509Certificate)

Resources:

• http://nelenkov.blogspot.ro/2011/12/using-custom-certificate-trust-store-on.html

The previous application will not be able to fetch web pages on a server with a certificate that is issued by an unknown CA. For example: https://untrusted-root.badssl.com/, which uses certificate which is not trusted by Android by default. Extend the application in order to be able to access this URL, by loading and using a custom trust store.

Steps:

• Save website certificate from your browser
• Put the certificate in res/raw/
• Load trusted CAs from file
• Create a KeyStore object and insert the trusted CAs
• Obtain an instance of TrustManagerFactory and initialize it
• Obtain an instance of SSLContext and initialize it
• Create an URL object
• Obtain an HttpsURLConnection
• Configure the HttpsURLConnection to use the SocketFactory from the SSLContext
• Read from an InputStream

Resources:

• https://developer.android.com/training/articles/security-ssl.html