Create an application that downloads a web page through HTTPS. The activity includes an EditText, a Button and a TextView. The user introduces an URL and clicks on the button to obtain the contents of the web page.
Steps:
Hint: See task 1 from lab 3 and adapt it to use HttpsURLConnection.
Test using different HTTPS URLS (e.q. https://www.google.com/). Then test with different subdomains from https://badssl.com/ (with valid and invalid certificates).
Resources:
The Android system includes a system (default) trust store, which includes a list of trusted Certificate Authorities (CAs).
Modify the previous application in order to display the system trust store using TrustManager.
Steps:
Resources:
The previous application will not be able to fetch web pages on a server with a certificate that is issued by an unknown CA. For example: https://untrusted-root.badssl.com/, which uses certificate which is not trusted by Android by default. Extend the application in order to be able to access this URL, by loading and using a custom trust store.
Steps:
Resources: