cert4android is a library for Android to manage custom certificates which has been developed for DAVx⁵. Feel free to use it in your own open-source app.
This software is not affiliated to, nor has it been authorized, sponsored or otherwise approved by Google LLC. Android is a trademark of Google LLC.
Generated KDoc: https://bitfireat.github.io/cert4android/
For questions, suggestions etc. use Github discussions. We're happy about contributions! In case of bigger changes, please let us know in the discussions before. Then make the changes in your own repository and send a pull request.
- uses a service to manage custom certificates
- supports multiple threads and multiple processes (for instance, if you have an UI
and a separate
:sync
process which should share the certificate information)
- Add the jitpack.io repository to your project's level
build.gradle
:or if you are usingallprojects { repositories { // ... more repos maven { url "https://jitpack.io" } } }
settings.gradle
:dependencyResolutionManagement { repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS) repositories { // ... more repos maven { url "https://jitpack.io" } } }
- Add the dependency to your module's
build.gradle
file:dependencies { implementation 'com.github.bitfireAT:cert4android:<version>' }
- Create an instance of
CustomCertManager
(Context
is required to connect to theCustomCertService
, which manages the custom certificates). - Use this instance as
X509TrustManager
in your calls (for instance, when setting up your HTTP client). Don't forget to get and use thehostnameVerifier()
, too. - Close the instance when it's not required anymore (will disconnect from the
CustomCertService
, thus allowing it to be destroyed).
Example of initialzing an okhttp client:
val keyManager = ...
CustomCertManager(...).use { trustManager ->
val sslContext = SSLContext.getInstance("TLS")
sslContext.init(
if (keyManager != null) arrayOf(keyManager) else null,
arrayOf(trustManager),
null
)
val builder = OkHttpClient.Builder()
builder.sslSocketFactory(sslContext.socketFactory, trustManager)
.hostnameVerifier(hostnameVerifier)
val httpClient = builder.build()
// use httpClient
}
You can overwrite resources when you want, just have a look at the res/strings
directory. Especially certificate_notification_connection_security
and
trust_certificate_unknown_certificate_found
should contain your app name.
Copyright (C) Ricki Hirner and contributors.
This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the conditions of the GNU GPL v3.