This shows you the differences between two versions of the page.
osp:lectures:lecture-security2 [2016/12/11 19:47] laura.gheorghe [Practical] |
osp:lectures:lecture-security2 [2017/01/23 21:57] (current) laura.ruse [Lecture] |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== 09 - Android Security (2) ===== | ===== 09 - Android Security (2) ===== | ||
- | * Description: | + | * Description: SSL/TLS, JSSE API, Android JSSE providers |
* Practical part: HTTP, HTTPS, system trust store, custom trust store | * Practical part: HTTP, HTTPS, system trust store, custom trust store | ||
Line 7: | Line 7: | ||
==== Lecture ==== | ==== Lecture ==== | ||
- | *{{:osp:lectures:lecture-security-2.pdf | Lecture Slides}} | + | *{{:osp:lectures:lecture-security-2.pdf | Slides}} |
+ | *{{:osp:lectures:9.security2_notes.pdf | Notes}} | ||
{{url>http://ocw.cs.pub.ro/courses/_media/osp/lectures/lecture-security-2.pdf}} | {{url>http://ocw.cs.pub.ro/courses/_media/osp/lectures/lecture-security-2.pdf}} | ||
Line 42: | Line 43: | ||
Steps: | Steps: | ||
- | * Obtain an instance of **TrustManagerFactory** and initialise it | + | * Obtain an instance of **TrustManagerFactory** and initialize it |
* Obtain an instance of the first **TrustManager** (**X509TrustManager**) | * Obtain an instance of the first **TrustManager** (**X509TrustManager**) | ||
* Display information about each trust anchor (**X509Certificate**) | * Display information about each trust anchor (**X509Certificate**) | ||
Line 52: | Line 53: | ||
The previous application will not be able to fetch web pages on a server with a certificate that is issued by an unknown CA. For example: https://certs.cac.washington.edu/CAtest/, which uses certificate issued by UW Services Certificate Authority (which is not trusted by Android by default). Extend the application in order to be able to access this URL, by loading and using a custom trust store. | The previous application will not be able to fetch web pages on a server with a certificate that is issued by an unknown CA. For example: https://certs.cac.washington.edu/CAtest/, which uses certificate issued by UW Services Certificate Authority (which is not trusted by Android by default). Extend the application in order to be able to access this URL, by loading and using a custom trust store. | ||
+ | |||
+ | The steps for this task are almost similar to the ones for Task 2. | ||
Steps: | Steps: | ||
- | * Save certificate file (uwca.crt) from server and put it in **res/raw/** | + | * Save certificate file from server and put it in **res/raw/** |
* Load trusted CAs from file | * Load trusted CAs from file | ||
* Create a **KeyStore** object and insert the trusted CAs | * Create a **KeyStore** object and insert the trusted CAs | ||
- | * Obtain an instance of **TrustManagerFactory** and initialise it | + | * Obtain an instance of **TrustManagerFactory** and initialize it |
- | * Obtain an instance of **SSLContext** and initialise it | + | * Obtain an instance of **SSLContext** and initialize it |
* Create an **URL** object | * Create an **URL** object | ||
* Obtain an **HttpsURLConnection** | * Obtain an **HttpsURLConnection** |