projects / pub / Android / ownCloud.git / blob
? search:


2df79dcdbe959b71b661f4e63aa6387d4871cc3c
[pub/Android/ownCloud.git] / oc_framework / src / com / owncloud / android / oc_framework / network / AdvancedX509TrustManager.java
1 /* ownCloud Android Library is available under MIT license
2 * Copyright (C) 2014 ownCloud (http://www.owncloud.org/)
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
18 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
19 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 * THE SOFTWARE.
22 *
23 */
24
25 package com.owncloud.android.oc_framework.network;
26
27 import java.security.KeyStore;
28 import java.security.KeyStoreException;
29 import java.security.NoSuchAlgorithmException;
30 import java.security.cert.CertPathValidatorException;
31 import java.security.cert.CertStoreException;
32 import java.security.cert.CertificateException;
33 import java.security.cert.CertificateExpiredException;
34 import java.security.cert.CertificateNotYetValidException;
35 import java.security.cert.X509Certificate;
36
37 import javax.net.ssl.TrustManager;
38 import javax.net.ssl.TrustManagerFactory;
39 import javax.net.ssl.X509TrustManager;
40
41 import android.util.Log;
42
43
44
45 /**
46 * @author David A. Velasco
47 */
48 public class AdvancedX509TrustManager implements X509TrustManager {
49
50 private static final String TAG = AdvancedX509TrustManager.class.getSimpleName();
51
52 private X509TrustManager mStandardTrustManager = null;
53 private KeyStore mKnownServersKeyStore;
54
55 /**
56 * Constructor for AdvancedX509TrustManager
57 *
58 * @param knownServersCertStore Local certificates store with server certificates explicitly trusted by the user.
59 * @throws CertStoreException When no default X509TrustManager instance was found in the system.
60 */
61 public AdvancedX509TrustManager(KeyStore knownServersKeyStore)
62 throws NoSuchAlgorithmException, KeyStoreException, CertStoreException {
63 super();
64 TrustManagerFactory factory = TrustManagerFactory
65 .getInstance(TrustManagerFactory.getDefaultAlgorithm());
66 factory.init((KeyStore)null);
67 mStandardTrustManager = findX509TrustManager(factory);
68
69 mKnownServersKeyStore = knownServersKeyStore;
70 }
71
72
73 /**
74 * Locates the first X509TrustManager provided by a given TrustManagerFactory
75 * @param factory TrustManagerFactory to inspect in the search for a X509TrustManager
76 * @return The first X509TrustManager found in factory.
77 * @throws CertStoreException When no X509TrustManager instance was found in factory
78 */
79 private X509TrustManager findX509TrustManager(TrustManagerFactory factory) throws CertStoreException {
80 TrustManager tms[] = factory.getTrustManagers();
81 for (int i = 0; i < tms.length; i++) {
82 if (tms[i] instanceof X509TrustManager) {
83 return (X509TrustManager) tms[i];
84 }
85 }
86 return null;
87 }
88
89
90 /**
91 * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],
92 * String authType)
93 */
94 public void checkClientTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
95 mStandardTrustManager.checkClientTrusted(certificates, authType);
96 }
97
98
99 /**
100 * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],
101 * String authType)
102 */
103 public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException {
104 if (!isKnownServer(certificates[0])) {
105 CertificateCombinedException result = new CertificateCombinedException(certificates[0]);
106 try {
107 certificates[0].checkValidity();
108 } catch (CertificateExpiredException c) {
109 result.setCertificateExpiredException(c);
110
111 } catch (CertificateNotYetValidException c) {
112 result.setCertificateNotYetException(c);
113 }
114
115 try {
116 mStandardTrustManager.checkServerTrusted(certificates, authType);
117 } catch (CertificateException c) {
118 Throwable cause = c.getCause();
119 Throwable previousCause = null;
120 while (cause != null && cause != previousCause && !(cause instanceof CertPathValidatorException)) { // getCause() is not funny
121 previousCause = cause;
122 cause = cause.getCause();
123 }
124 if (cause != null && cause instanceof CertPathValidatorException) {
125 result.setCertPathValidatorException((CertPathValidatorException)cause);
126 } else {
127 result.setOtherCertificateException(c);
128 }
129 }
130
131 if (result.isException())
132 throw result;
133
134 }
135 }
136
137
138 /**
139 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
140 */
141 public X509Certificate[] getAcceptedIssuers() {
142 return mStandardTrustManager.getAcceptedIssuers();
143 }
144
145
146 public boolean isKnownServer(X509Certificate cert) {
147 try {
148 return (mKnownServersKeyStore.getCertificateAlias(cert) != null);
149 } catch (KeyStoreException e) {
150 Log.d(TAG, "Fail while checking certificate in the known-servers store");
151 return false;
152 }
153 }
154
155 }
ownCloud Android App