This shows you the differences between two versions of the page.
— |
smd:laboratoare:old:08 [2019/03/06 15:02] (current) adriana.draghici created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== Lab 08. Secure Protocols ===== | ||
+ | |||
+ | |||
+ | === Task 1 - Fetch web page through HTTPS (3p) === | ||
+ | |||
+ | Create an application that downloads a web page through HTTPS. The activity includes an EditText, a Button and a TextView. The user introduces an URL and clicks on the button to obtain the contents of the web page. | ||
+ | |||
+ | Steps: | ||
+ | * When the Button is clicked, check network connectivity through the **ConnectivityManager** | ||
+ | * Then, perform network operations in an **AsyncTask** | ||
+ | * Use **HttpsURLConnection** for performing HTTPS GET requests | ||
+ | * Get associated **InputStream** for receiving the reply | ||
+ | * The reply is displayed in the TextView | ||
+ | |||
+ | Hint: See task 1 from lab 3 and adapt it to use **HttpsURLConnection**. | ||
+ | |||
+ | Test using different HTTPS URLS (e.q. https://www.google.com/). Then test with different subdomains from https://badssl.com/ (with valid and invalid certificates). | ||
+ | |||
+ | Resources: | ||
+ | * https://developer.android.com/training/basics/network-ops/connecting.html | ||
+ | * https://developer.android.com/training/articles/security-ssl.html | ||
+ | |||
+ | === Task 2 - Display system trust store (3p) === | ||
+ | |||
+ | The Android system includes a system (default) trust store, which includes a list of trusted Certificate Authorities (CAs). | ||
+ | |||
+ | Modify the previous application in order to display the system trust store using **TrustManager**. | ||
+ | |||
+ | Steps: | ||
+ | * Obtain an instance of **TrustManagerFactory** and initialize it | ||
+ | * Obtain an instance of the first **TrustManager** (**X509TrustManager**) | ||
+ | * Display information about each trust anchor (**X509Certificate**) | ||
+ | |||
+ | Resources: | ||
+ | * http://nelenkov.blogspot.ro/2011/12/using-custom-certificate-trust-store-on.html | ||
+ | |||
+ | === Task 3 - Use a custom trust store (4p) === | ||
+ | |||
+ | The previous application will not be able to fetch web pages on a server with a certificate that is issued by an unknown CA. For example: https://untrusted-root.badssl.com/, which uses certificate which is not trusted by Android by default. Extend the application in order to be able to access this URL, by loading and using a custom trust store. | ||
+ | |||
+ | Steps: | ||
+ | * Save website certificate from your browser | ||
+ | * Put the certificate in **res/raw/** | ||
+ | * Load trusted CAs from file | ||
+ | * Create a **KeyStore** object and insert the trusted CAs | ||
+ | * Obtain an instance of **TrustManagerFactory** and initialize it | ||
+ | * Obtain an instance of **SSLContext** and initialize it | ||
+ | * Create an **URL** object | ||
+ | * Obtain an **HttpsURLConnection** | ||
+ | * Configure the HttpsURLConnection to use the **SocketFactory** from the **SSLContext** | ||
+ | * Read from an **InputStream** | ||
+ | |||
+ | Resources: | ||
+ | * https://developer.android.com/training/articles/security-ssl.html | ||
+ | |||
+ | |||