Android Open Source - khandroid Khandroid X509 Trust Manager

• Back to Framework/framework  ↑

From Project

Back to project page khandroid.

License

The source code is released under:

Apache License

Java Source Code

/*
 * Copyright (C) 2012-2014 Ognyan Bankov
 */* ww  w.  ja v a  2  s .c o  m*/
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.github.khandroid.http.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.slf4j.LoggerFactory;


public class KhandroidX509TrustManager implements javax.net.ssl.X509TrustManager {
    private ArrayList<X509TrustManager> mX509TrustManagers = new ArrayList<X509TrustManager>();

    private final org.slf4j.Logger mLogger = LoggerFactory.getLogger(KhandroidX509TrustManager.class
            .getSimpleName());


    public KhandroidX509TrustManager(InputStream keyStore, String keyStorePassword) throws GeneralSecurityException {
        // first add original trust manager
        final TrustManagerFactory originalFactory = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        originalFactory.init((KeyStore) null);
        for (TrustManager tm : originalFactory.getTrustManagers()) {
            if (tm instanceof X509TrustManager) {
                mX509TrustManagers.add((X509TrustManager) tm);
            }
        }

        // them add our custom trust manager
        X509TrustManager mX509TrustManagerCustom = fetchTrustManager(keyStore, keyStorePassword);
        if (mX509TrustManagerCustom != null) {
            mX509TrustManagers.add(mX509TrustManagerCustom);
        } else {
            throw new IllegalArgumentException("Keystore is valid but cannot find TrustManagerFactory of type X509TrustManager.");
        }
    }


    private javax.net.ssl.X509TrustManager fetchTrustManager(InputStream keyStore,
                                                             String keyStorePassword) throws GeneralSecurityException {
        javax.net.ssl.X509TrustManager ret = null;

        TrustManagerFactory tmf = prepareTrustManagerFactory(keyStore, keyStorePassword);
        TrustManager tms[] = tmf.getTrustManagers();

        for (int i = 0; i < tms.length; i++) {
            if (tms[i] instanceof javax.net.ssl.X509TrustManager) {
                ret = (javax.net.ssl.X509TrustManager) tms[i];
                //        break;
            }
        }

        return ret;
    }


    private TrustManagerFactory prepareTrustManagerFactory(InputStream keyStore,
                                                           String keyStorePassword) throws GeneralSecurityException {
        TrustManagerFactory ret = null;

        KeyStore ks;
        ks = KeyStore.getInstance("BKS");
        try {
            ks.load(keyStore, keyStorePassword.toCharArray());
        } catch (IOException e) {
            throw new GeneralSecurityException("Problem reading keystore stream", e);
        }
        ret = TrustManagerFactory.getInstance("X509");
        ret.init(ks);

        return ret;
    }


    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        // Oh, I am easy!
    }


    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        boolean ok = false;
        for (X509TrustManager tm : mX509TrustManagers) {
            try {
                tm.checkServerTrusted(chain, authType);
                mLogger.debug("Certificate is trusted.");
                ok = true;
                break;
            } catch (CertificateException e) {
                // ignore
            }
        }
        if (!ok) {
            mLogger.debug("Certificate is NOT trusted.");
            throw new CertificateException();
        }
    }


    @Override
    public X509Certificate[] getAcceptedIssuers() {
        final ArrayList<X509Certificate> list = new ArrayList<X509Certificate>();
        for (X509TrustManager tm : mX509TrustManagers)
            list.addAll(Arrays.asList(tm.getAcceptedIssuers()));
        return list.toArray(new X509Certificate[list.size()]);
    }
}

Java Source Code List

• Back to Framework/framework  ↑