Improve SSL/TLS Certificate flow for Android Service

[jpwsutton]

migrated from Bugzilla #483183 status UNCONFIRMED severity normal in component MQTT-Android for 1.2 Reported in version future on platform All Assigned to: James Sutton

On 2015-11-27 09:57:15 -0500, James Sutton wrote:

Currently the Android Service has a helper method in MqttAndroidClient called getSSLSocketFactory that takes an InputStream and password for a BouncyCastle Keystore containing a X509 certificate for the MQTT broker.

This is very inconvenient for the developer and has a number of restrictions:

• The Developer has to manually create or locate a BKS Keystore containing the X509 certificate.
• The helper method only allows for an X509 cert to be added. This means that it is not possible to set up a client private key.
• The Developer could build their own SSLSocketFactory that adds an X509, .p12 or both certificates, but it is likely that most developers would end up with similar code to accomplish this across most use cases.

The Owntracks Android app has a good helper class SocketFactory (https://github.com/owntracks/android/blob/master/src/main/java/org/owntracks/android/support/SocketFactory.java) that allows the user to provide the raw certificates and returns a Socket Factory that uses them.

I've contacted Alexander (https://github.com/binarybucks) who authored this class and asked if he would like to contribute it to the Android Service, he's happy to do this and confirmed that as Owntracks is also under EPL it shouldn't be a problem.

Once this class has been contributed, we can create a new helper method in MqttAndroidClient that allows the developer to directly provide certificates.

[bliednov]

:+1:

[alexislg2]

That would be great