mirror
/
transdroid
mirror of https://github.com/erickok/transdroid.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Manage your torrents from your Android device
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
353 Commits
7 Branches
43 Tags
12 MiB
 
Tree: 6a7cc5c5c6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6a7cc5c5c6'
${ noResults }
transdroid/app/src/main/java/org/transdroid/daemon/util/SelfSignedTrustManager.java

98 lines
3.4 KiB
Raw Blame History

/*
* Copyright 2010-2013 Eric Kok et al.
*
* Transdroid is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Transdroid is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Transdroid. If not, see <http://www.gnu.org/licenses/>.
*/
package org.transdroid.daemon.util;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class SelfSignedTrustManager implements X509TrustManager {
private static final X509Certificate[] acceptedIssuers = new X509Certificate[]{};
private static final String LOG_NAME = "TrustManager";
private String certKey = null;
public SelfSignedTrustManager(String certKey) {
super();
this.certKey = certKey;
}
// Thank you: http://stackoverflow.com/questions/1270703/how-to-retrieve-compute-an-x509-certificates-thumbprint-in-java
private static String getThumbPrint(X509Certificate cert)
throws NoSuchAlgorithmException, CertificateEncodingException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] der = cert.getEncoded();
md.update(der);
byte[] digest = md.digest();
return hexify(digest);
}
private static String hexify(byte bytes[]) {
char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
StringBuffer buf = new StringBuffer(bytes.length * 2);
for (int i = 0; i < bytes.length; ++i) {
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]);
buf.append(hexDigits[bytes[i] & 0x0f]);
}
return buf.toString();
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
if (this.certKey == null) {
throw new CertificateException("Requires a non-null certificate key in SHA-1 format to match.");
}
// Qe have a certKey defined. We should now examine the one we got from the server.
// They match? All is good. They don't, throw an exception.
String ourKey = this.certKey.replaceAll("[^a-fA-F0-9]+", "");
try {
// Assume self-signed root is okay?
X509Certificate sslCert = chain[0];
String thumbprint = SelfSignedTrustManager.getThumbPrint(sslCert);
DLog.d(LOG_NAME, thumbprint);
if (ourKey.equalsIgnoreCase(thumbprint)) {
return;
} else {
CertificateException certificateException =
new CertificateException("Certificate key [" + thumbprint + "] doesn't match expected value.");
DLog.e(SelfSignedTrustManager.class.getSimpleName(), certificateException.toString());
throw certificateException;
}
} catch (NoSuchAlgorithmException e) {
throw new CertificateException("Unable to check self-signed cert, unknown algorithm. " + e.toString());
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return acceptedIssuers;
}
}