I am facing a problem when performing a login system for a web-based Android app (https connection with CA, TLS 1.0, 128bit). So, The aplication has its own login screen/activity (two EditText to username and password) and the user should be able to log into the web through that window (without showing the WebView or similar). Then the application will update its menu, Showing a number of features with a logout/exit button. Well, the problem here is that I haven't a webservice at my disposal to authenticate the user... tricks of the trade ¬ ¬.
Perform the https connection. This should validate the certificate because I can't even connect. I decided to do something like this. Download the certificates in base64 (.Cer), generate keys and using them in my application. Two questions:
- If the web certificate expires, do you need to re-generate the keystore and add them into the app code again?.
- Is there anyay to automate this process downloading them programmatically and validating the CA?.
b) I need to clear the webview's cache, including cookies after submitting the form in order to avoid the captcha when the user try again... in this particular case, is enough to disable the cache? (weview.clearCache (true)). I think i need to play with the onPageFinished method to control that with a firstAttemp boolean var or similar...
If the login is correct, then save the user in the shared data file using AES encryption and BASE64 to o.
Here some code:
Use web scraping tools in Android and work out with the code. Try this solution:
The following tools and code resources can come handy to your use :