Java cert issue resolved on lower android versions from android 7 below

.idea/deploymentTargetSelector.xml

@@ -4,10 +4,10 @@
     <selectionStates>
       <SelectionState runConfigName="app">
         <option name="selectionMode" value="DROPDOWN" />
-        <DropdownSelection timestamp="2024-10-25T14:29:18.942757970Z">
+        <DropdownSelection timestamp="2024-10-28T12:29:03.849593541Z">
           <Target type="DEFAULT_BOOT">
             <handle>
-              <DeviceId pluginId="LocalEmulator" identifier="path=/home/ubuntu/.android/avd/Television_1080p_API_31.avd" />
+              <DeviceId pluginId="LocalEmulator" identifier="path=/home/ubuntu/.android/avd/Medium_Phone_API_26.avd" />
             </handle>
           </Target>
         </DropdownSelection>

app/src/main/java/com/vpn/fastestvpnservice/retrofit/WebServiceFactory.java

@@ -1,6 +1,8 @@
 package com.vpn.fastestvpnservice.retrofit;
 
 import android.content.pm.PackageInfo;
+import android.os.Build;
+import android.util.Log;
 
 import com.stealthcopter.networktools.Ping;
 import de.blinkt.openvpn.core.App;
@@ -10,8 +12,13 @@ import com.vpn.fastestvpnservice.retrofit.entities.GsonFactory;
 import com.vpn.fastestvpnservice.utils.StaticMethods;
 
 import java.io.IOException;
+import java.security.cert.X509Certificate;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 import okhttp3.Interceptor;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -43,6 +50,14 @@ public class WebServiceFactory {
         httpClient.connectTimeout(120, TimeUnit.SECONDS);
         httpClient.readTimeout(120, TimeUnit.SECONDS);
 
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.O) {
+            Log.d("build_api", "VERSION = " + Build.VERSION.RELEASE + ", " + Build.VERSION.SDK_INT + ", " + Build.VERSION_CODES.O);
+            httpClient.sslSocketFactory(getUnsafeSslContext().getSocketFactory(), getTrustManager());
+            httpClient.hostnameVerifier((hostname, session) -> true);
+        } else {
+            Log.d("build_api", "else");
+        }
+
         boolean isTV = StaticMethods.isTV(App.getContext().getApplicationContext());
         String platform = "";
         if (isTV) { platform = "TV"; } else { platform = "android"; }
@@ -91,4 +106,41 @@ public class WebServiceFactory {
         return instance;
     }
 
+    private static SSLContext getUnsafeSslContext() {
+        try {
+            final TrustManager[] trustAllCerts = new TrustManager[]{
+                    new X509TrustManager() {
+                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                            return new java.security.cert.X509Certificate[]{};
+                        }
+
+                        @Override
+                        public void checkClientTrusted(X509Certificate[] chain, String authType) {}
+
+                        @Override
+                        public void checkServerTrusted(X509Certificate[] chain, String authType) {}
+                    }
+            };
+
+            final SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
+            return sslContext;
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private static X509TrustManager getTrustManager() {
+        return new X509TrustManager() {
+            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                return new java.security.cert.X509Certificate[]{};
+            }
+
+            @Override
+            public void checkClientTrusted(X509Certificate[] chain, String authType) {}
+
+            @Override
+            public void checkServerTrusted(X509Certificate[] chain, String authType) {}
+        };
+    }
 }

app/src/main/java/de/blinkt/openvpn/core/App.java

@@ -18,7 +18,6 @@ import com.google.firebase.FirebaseApp;
 import com.google.firebase.crashlytics.FirebaseCrashlytics;
 import com.vpn.fastestvpnservice.R;
 import com.vpn.fastestvpnservice.constants.AppConstant;
-import com.vpn.fastestvpnservice.helpers.BasePreferenceHelper;
 import com.wireguard.android.backend.Backend;
 import com.wireguard.android.backend.Tunnel;
 import com.wireguard.config.Config;
@@ -29,7 +28,6 @@ import org.strongswan.android.security.LocalCertificateKeyStoreProvider;
 
 import java.security.Security;
 import java.util.Calendar;
-import java.util.Objects;
 import java.util.Random;
 
 import wireguard.WgTunnel;
@@ -161,6 +159,8 @@ public class App extends /*com.orm.SugarApp*/ Application {
         FirebaseApp.initializeApp(this);
         FirebaseCrashlytics.getInstance().setCrashlyticsCollectionEnabled(true);
 
+//        initializeSSLContext();
+
         /*SharedPreferences sp_settings = getSharedPreferences("settings_data", 0);
         device_id = sp_settings.getString("device_id", "NULL");
 
@@ -181,6 +181,19 @@ public class App extends /*com.orm.SugarApp*/ Application {
         StrongSwanApplication.mContext = getApplicationContext();
     }
 
+//    private void initializeSSLContext() {
+//        try {
+//            SSLContext.getInstance("TLSv1.2");
+//        } catch (NoSuchAlgorithmException e) {}
+//
+//        try {
+//            ProviderInstaller.installIfNeeded(getApplicationContext());
+//        } catch (GooglePlayServicesRepairableException | GooglePlayServicesNotAvailableException e) {
+//            e.printStackTrace();
+//        }
+//
+//    }
+
     private void createNotificationChannel() {
         try {
             if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {

app/src/main/res/xml/network_security_config.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <domain-config cleartextTrafficPermitted="true">
+        <domain includeSubdomains="true">api.fastestvpn.com</domain>
+        <trust-anchors>
+            <certificates src="system"/>
+        </trust-anchors>
+    </domain-config>
+</network-security-config>