import android.content.Context; import com.google.gson.Gson; import com.google.gson.GsonBuilder; import java.io.BufferedInputStream; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.concurrent.TimeUnit; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import id.mzennis.chatting.BuildConfig; import id.mzennis.chatting.R; import id.mzennis.chatting.model.Profile; import id.mzennis.chatting.util.PreferenceHelper; import okhttp3.Cache; import okhttp3.Credentials; import okhttp3.Interceptor; import okhttp3.OkHttpClient; import okhttp3.Request; import okhttp3.Response; import retrofit2.Retrofit; import retrofit2.converter.gson.GsonConverterFactory; /** * Created by mzennis on 4/10/17. */ public class ApiClient { private static Retrofit retrofit = null; public static Retrofit getClient(Context context) { PreferenceHelper preferenceHelper = new PreferenceHelper(context); String baseUrl = "https://YOUR_DOMAIN:9091/"; Profile profile = preferenceHelper.getObj(PreferenceHelper.USERDATA, Profile.class); return retrofit(okhttpBuilder(context, profile), baseUrl); } public static OkHttpClient.Builder okhttpBuilder(Context context, Profile profile) { OkHttpClient.Builder okhttpBuilder = new OkHttpClient().newBuilder(); okhttpBuilder.connectTimeout(60, TimeUnit.SECONDS); okhttpBuilder.writeTimeout(60, TimeUnit.SECONDS); okhttpBuilder.readTimeout(60, TimeUnit.SECONDS); int cacheSize = 10 * 1024 * 1024; // 10 MiB Cache cache = new Cache(context.getCacheDir(), cacheSize); okhttpBuilder.cache(cache); final String credentials = Credentials.basic(profile.getUsername(), profile.getPassword()); okhttpBuilder.addInterceptor(new Interceptor() { @Override public Response intercept(Chain chain) throws IOException { Request request = chain.request(); Request authenticatedRequest = request.newBuilder() .header("Authorization", credentials) .header("Accept", "application/json") .build(); return chain.proceed(authenticatedRequest); } }); try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = new BufferedInputStream(context .getResources().openRawResource(R.raw.your_keystore)); Certificate ca; try { ca = cf.generateCertificate(caInput); System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); } finally { caInput.close(); } String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca); String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); SSLContext _context = SSLContext.getInstance("TLS"); _context.init(null, tmf.getTrustManagers(), null); okhttpBuilder.sslSocketFactory(_context.getSocketFactory()); } catch (CertificateException | IOException | NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) { e.printStackTrace(); } return okhttpBuilder; } public static Retrofit retrofit(OkHttpClient.Builder okhttpBuilder, String baseUrl) { GsonBuilder gsonBuilder = new GsonBuilder(); Gson gson = gsonBuilder.create(); return retrofit = new Retrofit.Builder() .baseUrl(baseUrl) .client(okhttpBuilder.build()) .addConverterFactory(GsonConverterFactory.create(gson)) .build(); }