B4A Library [B4X] Client certificates with OkHttpUtils2 SSLContext-Kickstart

This is a B4A + B4J library.
This code uses JavaObject to access SSLContext-Kickstart SDK (v5.0.0): https://github.com/Hakky54/sslcontext-kickstart/tree/v5.0.0
License: Apache 2.

It allows configuring OkHttpUtils2 to use an external keystore and include client certificates.

B4X:
'Press Ctrl + B and add HU2_PUBLIC as a conditional symbol!
Private Sub SetSSLFactory (StoreDir As String, StoreFile As String, StorePassword As String)
    Dim hc As OkHttpClient = HttpUtils2Service.hc
    Dim builder As JavaObject = hc.As(JavaObject).RunMethod("sharedInit", Array("hc"))
    Dim sslfactoryBuilder As JavaObject
    sslfactoryBuilder = sslfactoryBuilder.InitializeStatic("nl.altindag.sslcontext.SSLFactory").RunMethod("builder", Null)
    Dim in As InputStream = File.OpenInput(StoreDir, StoreFile)
    Dim keystore As JavaObject
    keystore.InitializeStatic("java.security.KeyStore")
    Dim password As Object = StorePassword.As(JavaObject).RunMethod("toCharArray", Null) 'ignore
    Dim store As JavaObject = keystore.RunMethodJO("getInstance", Array("pkcs12"))
    store.RunMethod("load", Array(in, password)) 'ignore
 
    sslfactoryBuilder.RunMethod("withIdentityMaterial", Array(store, password))
    sslfactoryBuilder.RunMethod("withTrustMaterial", Array(store, password))
    'uncomment if need to disable http 2.
'    Dim protocol As JavaObject
'    protocol = protocol.InitializeStatic("okhttp3.Protocol").RunMethod("valueOf", Array("HTTP_1_1"))
'    Dim protocols As List = Array(protocol)
'    builder.RunMethod("protocols", Array(protocols))
 
    Dim sslfactory As JavaObject = sslfactoryBuilder.RunMethod("build", Null)
    Dim socketfactory As JavaObject = sslfactory.RunMethodJO("getSslContext", Null).RunMethod("getSocketFactory", Null)
    Dim trustmanager As JavaObject = sslfactory.RunMethodJO("getTrustManager", Null)
    builder.RunMethod("sslSocketFactory", Array(socketfactory, trustmanager.RunMethod("get", Null)))
    builder.RunMethod("hostnameVerifier", Array(sslfactory.RunMethod("getHostnameVerifier", Null)))
    hc.As(JavaObject).SetField("client", builder.RunMethod("build", Null))
End Sub

Add to main module:
B4X:
#AdditionalJar: slf4j-api-1.7.30
#AdditionalJar: sslcontext-android


You need to add a Java keystore file to the project. The keystore will include the certificates. The format should be pkcs12 (not JKS).
The exact steps to create the keystore depend on the certificates format.
 

Attachments

  • sslcontext.zip
    62.2 KB · Views: 564
Last edited:

Erel

B4X founder
Staff member
Licensed User
Longtime User
I can confirm that this code works. It identifies the client using the client certificate.

I've converted the pfx file with:
B4X:
keytool -importkeystore -srckeystore 1.pfx -srcstoretype pkcs12 -destkeystore clientcert.jks -deststoretype pkcs12
And then imported the intermediate and root certificate using https://keystore-explorer.org/downloads.html
 

Culjko

Member
I am new in B4A when i place this in app
#AdditionalJar: slf4j-api-1.7.30
#AdditionalJar: sslcontext-android
and copy function "SetSSLFactory" not work, where i must place this in my app.
 

Culjko

Member
i think to i place this on wrong place or i dont know how to use it in B4A!
#AdditionalJar: slf4j-api-1.7.30
#AdditionalJar: sslcontext-android
 

Culjko

Member
I try to open certificate for using in okHttp2 to make communcation with TaxCore server, i have PFX file with password and PAK code. Pac code i send in request header.
 

Culjko

Member
I place this line like this:
#Region Shared Files
#CustomBuildAction: folders ready, %WINDIR%\System32\Robocopy.exe,"..\..\Shared Files" "..\Files"
'Ctrl + click to sync files: ide://run?file=%WINDIR%\System32\Robocopy.exe&args=..\..\Shared+Files&args=..\Files&FilesSync=True
#End Region

'Ctrl + click to export as zip: ide://run?File=%B4X%\Zipper.jar&Args=Project.zip
#AdditionalJar: slf4j-api-1.7.30
#AdditionalJar: sslcontext-android

when i build project i alway get this MSG
B4A Version: 11.00
Parsing code. Error
Error parsing program.
Error description: Attribute not supported: additionaljar
Error occurred on line: 7 (B4XMainPage)
#AdditionalJar: slf4j-api-1.7.30

Seems i not get how to add this jars in project
 

Culjko

Member
i place in main
#AdditionalJar: slf4j-api-1.7.30
#AdditionalJar: sslcontext-android
and that is ok, but problem is this:

i write code:
Sub Class_Globals
Private Root As B4XView
Private xui As XUI
Dim httpClient As OkHttpClient
Dim httpResponse As OkHttpResponse
Dim httpRequest As OkHttpRequest
Dim j As HttpJob
Dim out As OutputStream
End Sub

Private Sub Button1_Click
Dim GetEnviroment As String

httpClient.InitializeAcceptAll("httpClient")
'GetEnviroment = "/api/v3/attention"
'GetEnviroment = "/api/v3/environment-parameters"

'httpRequest.Timeout(20)
httpRequest.InitializeGet("https://vsdc.sandbox.suf.purs.gov.rs" & GetEnviroment)
httpRequest.SetHeader("Content-Type", "application/json; charset=utf-8")
httpRequest.SetHeader("Accept", "application/json")
httpRequest.SetHeader("Accept-Language", "sr-Cyrl-RS")
httpRequest.SetHeader("PAC", "57MQ97")
httpClient.Execute(httpRequest, 1000)

End Sub

Sub hc_ResponseSuccess (Response As OkHttpResponse, TaskId As Int)
out.InitializeToBytesArray(0)
Response.GetAsynchronously("res", out, False, TaskId)
'xui.MsgboxAsync($"Error: ${out.}"$,"HELLO")
End Sub

Sub res_StreamFinish (Success As Boolean, TaskId As Int)
Log($" ${Success}"$)
If Success Then Log(BytesToString(out.ToBytesArray, 0, out.ToBytesArray.Length, "utf8"))
End Sub


Sub hc_ResponseError (Response As OkHttpResponse, Reason As String, StatusCode As Int, TaskId As Int)
Log($"Error: ${Response.ErrorResponse}, ${Reason}, ${StatusCode}"$)
If Response <> Null Then Response.Release
End Sub

for communication with API i need to send certificate to server "https://vsdc.sandbox.suf.purs.gov.rs/api/v3/environment-parameters"
certificate is in attach. I must somehow read this certificate for communcation with this api.
 

Attachments

  • fiskal.zip
    1.6 KB · Views: 199
Cookies are required to use this site. You must accept them to continue using the site. Learn more…