Android Portal

Last night i tried to secure my android app to use ssl/tls. After some debugging i found out that the code which runs locally without any error does not run on the android sdk/emu because of a bug in the ssl implementation of android sdk which uses the apache harmony upstream source. For all people who want to secure their android based app sockets like this:

private ServerSocketFactory getServerSocketFactory(boolean SSL) {
if (SSL) {
SSLServerSocketFactory ssf = null;
try {
// set up key manager to do server authentication
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "passphrase".toCharArray();

ctx = SSLContext.getInstance("TLS");

// THIS WILL NOT WORK ,ALSO "x509" will NOT WORK!!!!!!
kmf = KeyManagerFactory.getInstance("SunX509"); 

ks = KeyStore.getInstance ("JKS");

ks.load(getResources().openRawResource(R.raw.testkeys),passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);

ssf = ctx.getServerSocketFactory();
return ssf;
} catch (Exception e) {
e.printStackTrace();
}
} else {
return ServerSocketFactory.getDefault();
}
return null;
}

This code will NOT work ATM because of a bug inside the harmoy stuff. If you debug this in eclipse and step through till you reach the line where the X509 keymanager instance is requested, you will then get:

NoSuchAlgorithmException: KeyManagerFactory SunX509 implementation not found

This bug has already been filled at google. Thanks to the great support in #android on irc.freenode.net