Differences
This shows you the differences between two versions of the page.
| — |
smd:laboratoare:old:08 [2019/03/06 15:02] (current) adriana.draghici created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ===== Lab 08. Secure Protocols ===== | ||
| + | |||
| + | |||
| + | === Task 1 - Fetch web page through HTTPS (3p) === | ||
| + | |||
| + | Create an application that downloads a web page through HTTPS. The activity includes an EditText, a Button and a TextView. The user introduces an URL and clicks on the button to obtain the contents of the web page. | ||
| + | |||
| + | Steps: | ||
| + | * When the Button is clicked, check network connectivity through the **ConnectivityManager** | ||
| + | * Then, perform network operations in an **AsyncTask** | ||
| + | * Use **HttpsURLConnection** for performing HTTPS GET requests | ||
| + | * Get associated **InputStream** for receiving the reply | ||
| + | * The reply is displayed in the TextView | ||
| + | |||
| + | Hint: See task 1 from lab 3 and adapt it to use **HttpsURLConnection**. | ||
| + | |||
| + | Test using different HTTPS URLS (e.q. https://www.google.com/). Then test with different subdomains from https://badssl.com/ (with valid and invalid certificates). | ||
| + | |||
| + | Resources: | ||
| + | * https://developer.android.com/training/basics/network-ops/connecting.html | ||
| + | * https://developer.android.com/training/articles/security-ssl.html | ||
| + | |||
| + | === Task 2 - Display system trust store (3p) === | ||
| + | |||
| + | The Android system includes a system (default) trust store, which includes a list of trusted Certificate Authorities (CAs). | ||
| + | |||
| + | Modify the previous application in order to display the system trust store using **TrustManager**. | ||
| + | |||
| + | Steps: | ||
| + | * Obtain an instance of **TrustManagerFactory** and initialize it | ||
| + | * Obtain an instance of the first **TrustManager** (**X509TrustManager**) | ||
| + | * Display information about each trust anchor (**X509Certificate**) | ||
| + | |||
| + | Resources: | ||
| + | * http://nelenkov.blogspot.ro/2011/12/using-custom-certificate-trust-store-on.html | ||
| + | |||
| + | === Task 3 - Use a custom trust store (4p) === | ||
| + | |||
| + | The previous application will not be able to fetch web pages on a server with a certificate that is issued by an unknown CA. For example: https://untrusted-root.badssl.com/, which uses certificate which is not trusted by Android by default. Extend the application in order to be able to access this URL, by loading and using a custom trust store. | ||
| + | |||
| + | Steps: | ||
| + | * Save website certificate from your browser | ||
| + | * Put the certificate in **res/raw/** | ||
| + | * Load trusted CAs from file | ||
| + | * Create a **KeyStore** object and insert the trusted CAs | ||
| + | * Obtain an instance of **TrustManagerFactory** and initialize it | ||
| + | * Obtain an instance of **SSLContext** and initialize it | ||
| + | * Create an **URL** object | ||
| + | * Obtain an **HttpsURLConnection** | ||
| + | * Configure the HttpsURLConnection to use the **SocketFactory** from the **SSLContext** | ||
| + | * Read from an **InputStream** | ||
| + | |||
| + | Resources: | ||
| + | * https://developer.android.com/training/articles/security-ssl.html | ||
| + | |||
| + | |||
