android - Proguard, HttpClient and SSLPeerUnverifiedException -
i want use proguard in app. use org.apache.http.impl.client.defaulthttpclient send requests server. without proguard works good, when turn on proguard can build app, in run-time when run app received following exception:
javax.net.ssl.sslpeerunverifiedexception no peer certificate @ com.android.org.conscrypt.sslsessionimpl.getpeercertificates(sslsessionimpl.java146) @ org.apache.http.conn.ssl.abstractverifier.verify(abstractverifier.java93) @ org.apache.http.conn.ssl.sslsocketfactory.createsocket(sslsocketfactory.java388) @ org.apache.http.impl.conn.defaultclientconnectionoperator.openconnection(defaultclientconnectionoperator.java165) @ org.apache.http.impl.conn.abstractpoolentry.open(abstractpoolentry.java164) @ org.apache.http.impl.conn.abstractpooledconnadapter.open(abstractpooledconnadapter.java119) @ org.apache.http.impl.client.defaultrequestdirector.execute(defaultrequestdirector.java360) @ org.apache.http.impl.client.abstracthttpclient.execute(abstracthttpclient.java555) @ org.apache.http.impl.client.abstracthttpclient.execute(abstracthttpclient.java487) @ org.apache.http.impl.client.abstracthttpclient.execute(abstracthttpclient.java465) @ com.newrelic.agent.android.instrumentation.httpinstrumentation.execute(httpinstrumentation.java165) @ com.abc.communication.communicationmanager.sendrequest(communicationmanager.java765) @ com.abc.communication.communicationmanager.sendpingrequest(communicationmanager.java616) @ com.abc.communication.communicationmanager.access$100(communicationmanager.java94) @ com.abc.communication.communicationmanager$1.run(communicationmanager.java190) @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java1112) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java587) @ java.lang.thread.run(thread.java841) i can't understand problem. disabled shrink , optimization, not helped. tried enable shrink option only, i.e. obfuscation , optimization disabled, not helped too.
to build app use maven. part of pom file:
<plugin> <groupid>com.jayway.maven.plugins.android.generation2</groupid> <artifactid>android-maven-plugin</artifactid> <version>3.8.1</version> <dependencies> <dependency> <groupid>net.sf.proguard</groupid> <artifactid>proguard-base</artifactid> <version>5.2.1</version> </dependency> </dependencies> <configuration> <release>true</release> <sdk> <platform>22</platform> </sdk> <undeploybeforedeploy>false</undeploybeforedeploy> ... <proguard> <skip>false</skip> <config>proguard.cfg</config> <configs> <config>proguard-android.txt</config> </configs> <outputdirectory>proguard-files</outputdirectory> <filtermavendescriptor>true</filtermavendescriptor> <filtermanifest>true</filtermanifest> </proguard> </configuration> <extensions>true</extensions> </plugin> proguard-android.txt standard file sdk folder
# configuration file proguard. # http://proguard.sourceforge.net/index.html#manual/usage.html -dontusemixedcaseclassnames -dontskipnonpubliclibraryclasses -verbose # optimization turned off default. dex not code run # through proguard optimize , preverify steps (and performs # of these optimizations on own). -dontoptimize -dontpreverify # note if want enable optimization, cannot # include optimization flags in own project configuration file; # instead need point # "proguard-android-optimize.txt" file instead of 1 # project.properties file. -keepattributes *annotation* -keep public class com.google.vending.licensing.ilicensingservice -keep public class com.android.vending.licensing.ilicensingservice # native methods, see http://proguard.sourceforge.net/manual/examples.html#native -keepclasseswithmembernames class * { native <methods>; } # keep setters in views animations can still work. # see http://proguard.sourceforge.net/manual/examples.html#beans -keepclassmembers public class * extends android.view.view { void set*(***); *** get*(); } # want keep methods in activity used in xml attribute onclick -keepclassmembers class * extends android.app.activity { public void *(android.view.view); } # enumeration classes, see http://proguard.sourceforge.net/manual/examples.html#enumerations -keepclassmembers enum * { public static **[] values(); public static ** valueof(java.lang.string); } -keep class * implements android.os.parcelable { public static final android.os.parcelable$creator *; } -keepclassmembers class **.r$* { public static <fields>; } # support library contains references newer platform versions. # don't warn in case app linking against older # platform version. know them, , safe. -dontwarn android.support.** my proguard.cfg file:
-keep public class * extends android.app.activity -keep public class * extends android.app.application -keep public class * extends android.app.service -keep public class * extends android.content.broadcastreceiver -keepclasseswithmembers class * { public <init>(android.content.context, android.util.attributeset); } -keepclasseswithmembers class * { public <init>(android.content.context, android.util.attributeset, int); } -keep class com.newrelic.** { *; } -dontwarn com.newrelic.** -keepattributes exceptions, signature, innerclasses -keep public class javax.net.ssl.** -keepclassmembers public class javax.net.ssl.** { *; } -keep class org.spongycastle.* { *; } -dontwarn org.spongycastle.* -keep class org.apache.http.** { *; } -keepclassmembers public class org.apache.http.** { *; } -dontwarn org.apache.http.** -keep class com.abc.communication.communicationmanager { *; } -keep class com.abc.communication.communicationmanager$* { *; } -keepattributes exceptions,innerclasses,signature,deprecated,sourcefile,linenumbertable,*annotation*,enclosingmethod
the problem in lines:
-keep class org.spongycastle.* { *; } -dontwarn org.spongycastle.* i used *. it's wrong. must use **.
* means "don't touch classes in package"
** means "don't touch classes in package , sub-packages"
thanks all.
Comments
Post a Comment