ssl - How do I avoid getting "No peer certificate" error when connecting to this HTTPS site on Android?

Question

I am developing an Android application which needs to access QuickPay's service ("https://secure.quickpay.dk/form") through an Http-client. But I keep getting errors when accessing the page. More specifically I get a "No Peer Certificate" error message. I tried several different things already: I tried adding the root certificate to my keystore, and to use this keystore when connecting, following this procedure: adding certificate to keystore. I also tried accepting all certificates, following the proposed method from here: accepting certificate for android. I have successfully connected to other https sites, but can not seem to connect to this one. I have tried on different Android devices (1.6, 2.2, and 2.3.3). Can anyone succeed in connecting to quickpay's site, or can anyone come up with a possible solution/fix?

//Update: If I access this site with my WebView: payment window examples, and press one of the buttons (which basically just launches a http post with some pre-defined variables) I am able to connect to the site in the webview on Android 2.3.3. Furthermore, I found out that I get a reply from the site if I try to launch the above application on Android 3.1! Any suggestions?

public class MyHttpClient extends DefaultHttpClient {

final Context context;

public MyHttpClient(Context context) {
    this.context = context;
    loadHttps();
}

private void loadHttps() {
    String url = "https://secure.quickpay.dk/form";
    HttpPost httpPost = new HttpPost(url);
    try {
        System.out.println("Executing");
        this.execute(httpPost);
    } catch (UnsupportedEncodingException e) {
        System.out.println(e.getMessage());
    } catch (ClientProtocolException e) {
        System.out.println(e.getMessage());
    } catch (IOException e) {
        System.out.println(e);
    }
}

@Override
protected ClientConnectionManager createClientConnectionManager() {
    SchemeRegistry registry = new SchemeRegistry();
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    registry.register(new Scheme("https", newSslSocketFactory(), 443));
    return new SingleClientConnManager(getParams(), registry);
}

private SSLSocketFactory newSslSocketFactory() {
    try {
        KeyStore trusted = KeyStore.getInstance("BKS");
        InputStream in = context.getResources().openRawResource(R.raw.test);
        try {
            trusted.load(in, "mysecret".toCharArray());
        } finally {
            in.close();
        }
        SSLSocketFactory sf = new SSLSocketFactory(trusted);
        return sf;
    } catch (Exception e) {
        throw new AssertionError(e);
    }
}

}

---

StackTrace:

WARN/System.err(8459)        at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java    258)
 WARN/System.err(8459)       at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java  93)
 WARN/System.err(8459)       at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java    381)
 WARN/System.err(8459)       at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java   177)
 WARN/System.err(8459)       at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java 164)
 WARN/System.err(8459)       at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java 119)
 WARN/System.err(8459)       at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java  359)
 WARN/System.err(8459)       at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java  555)
 WARN/System.err(8459)       at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java  487)
 WARN/System.err(8459)       at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java  465)
 WARN/System.err(8459)       at test.https.MyHttpClient.loadHttps(MyHttpClient.java 34)
 WARN/System.err(8459)       at test.https.MyHttpClient.<init>(MyHttpClient.java    26)
 WARN/System.err(8459)       at test.https.HttpsTesterActivity.onCreate(HttpsTesterActivity.java    60)
 WARN/System.err(8459)       at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java   1047)
 WARN/System.err(8459)       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java    1615)
 WARN/System.err(8459)       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java 1667)
 WARN/System.err(8459)       at android.app.ActivityThread.access$1500(ActivityThread.java  117)
 WARN/System.err(8459)       at android.app.ActivityThread$H.handleMessage(ActivityThread.java  935)
 WARN/System.err(8459)       at android.os.Handler.dispatchMessage(Handler.java 99)
 WARN/System.err(8459)       at android.os.Looper.loop(Looper.java  123)
 WARN/System.err(8459)       at android.app.ActivityThread.main(ActivityThread.java 3687)
 WARN/System.err(8459)       at java.lang.reflect.Method.invokeNative(Native Method)    
 WARN/System.err(8459)       at java.lang.reflect.Method.invoke(Method.java 507)
 WARN/System.err(8459)       at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java  842)
 WARN/System.err(8459)       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java 600)

Answer 1

Just to sum up, I fixed this issue by sticking to the WebView approach. The interaction with the API was moved to a server, creating an intermediate communication point which handles the certificate issues. Not the most elegant solution but it works :)