You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
98 lines
3.4 KiB
98 lines
3.4 KiB
/* |
|
* Copyright 2010-2013 Eric Kok et al. |
|
* |
|
* Transdroid is free software: you can redistribute it and/or modify |
|
* it under the terms of the GNU General Public License as published by |
|
* the Free Software Foundation, either version 3 of the License, or |
|
* (at your option) any later version. |
|
* |
|
* Transdroid is distributed in the hope that it will be useful, |
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
* GNU General Public License for more details. |
|
* |
|
* You should have received a copy of the GNU General Public License |
|
* along with Transdroid. If not, see <http://www.gnu.org/licenses/>. |
|
*/ |
|
package org.transdroid.daemon.util; |
|
|
|
import java.security.MessageDigest; |
|
import java.security.NoSuchAlgorithmException; |
|
import java.security.cert.CertificateEncodingException; |
|
import java.security.cert.CertificateException; |
|
import java.security.cert.X509Certificate; |
|
|
|
import javax.net.ssl.X509TrustManager; |
|
|
|
public class SelfSignedTrustManager implements X509TrustManager { |
|
|
|
private static final X509Certificate[] acceptedIssuers = new X509Certificate[]{}; |
|
private static final String LOG_NAME = "TrustManager"; |
|
|
|
private String certKey = null; |
|
|
|
public SelfSignedTrustManager(String certKey) { |
|
super(); |
|
this.certKey = certKey; |
|
} |
|
|
|
// Thank you: http://stackoverflow.com/questions/1270703/how-to-retrieve-compute-an-x509-certificates-thumbprint-in-java |
|
private static String getThumbPrint(X509Certificate cert) |
|
throws NoSuchAlgorithmException, CertificateEncodingException { |
|
MessageDigest md = MessageDigest.getInstance("SHA-1"); |
|
byte[] der = cert.getEncoded(); |
|
md.update(der); |
|
byte[] digest = md.digest(); |
|
return hexify(digest); |
|
} |
|
|
|
private static String hexify(byte bytes[]) { |
|
|
|
char[] hexDigits = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; |
|
StringBuffer buf = new StringBuffer(bytes.length * 2); |
|
for (int i = 0; i < bytes.length; ++i) { |
|
buf.append(hexDigits[(bytes[i] & 0xf0) >> 4]); |
|
buf.append(hexDigits[bytes[i] & 0x0f]); |
|
} |
|
return buf.toString(); |
|
|
|
} |
|
|
|
@Override |
|
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { |
|
} |
|
|
|
@Override |
|
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { |
|
if (this.certKey == null) { |
|
throw new CertificateException("Requires a non-null certificate key in SHA-1 format to match."); |
|
} |
|
|
|
// Qe have a certKey defined. We should now examine the one we got from the server. |
|
// They match? All is good. They don't, throw an exception. |
|
String ourKey = this.certKey.replaceAll("[^a-fA-F0-9]+", ""); |
|
try { |
|
// Assume self-signed root is okay? |
|
X509Certificate sslCert = chain[0]; |
|
String thumbprint = SelfSignedTrustManager.getThumbPrint(sslCert); |
|
DLog.d(LOG_NAME, thumbprint); |
|
if (ourKey.equalsIgnoreCase(thumbprint)) { |
|
return; |
|
} else { |
|
CertificateException certificateException = |
|
new CertificateException("Certificate key [" + thumbprint + "] doesn't match expected value."); |
|
DLog.e(SelfSignedTrustManager.class.getSimpleName(), certificateException.toString()); |
|
throw certificateException; |
|
} |
|
} catch (NoSuchAlgorithmException e) { |
|
throw new CertificateException("Unable to check self-signed cert, unknown algorithm. " + e.toString()); |
|
} |
|
|
|
} |
|
|
|
@Override |
|
public X509Certificate[] getAcceptedIssuers() { |
|
return acceptedIssuers; |
|
} |
|
|
|
}
|
|
|