X-Git-Url: http://git.linex4red.de/pub/Android/ownCloud.git/blobdiff_plain/48f13c8adc5c4b9bc4ca96bf13939a7d7cfae562..8f1566a21c1dfdc562d701c5514ee616509fcb65:/src/com/owncloud/android/network/AdvancedX509TrustManager.java diff --git a/src/com/owncloud/android/network/AdvancedX509TrustManager.java b/src/com/owncloud/android/network/AdvancedX509TrustManager.java index 13a16e20..ad4feb37 100644 --- a/src/com/owncloud/android/network/AdvancedX509TrustManager.java +++ b/src/com/owncloud/android/network/AdvancedX509TrustManager.java @@ -1,10 +1,9 @@ /* ownCloud Android client application - * Copyright (C) 2012 Bartek Przybylski + * Copyright (C) 2012-2013 ownCloud Inc. * * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -21,15 +20,18 @@ package com.owncloud.android.network; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.cert.CertPathValidatorException; import java.security.cert.CertStoreException; import java.security.cert.CertificateException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509Certificate; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; -import android.util.Log; +import com.owncloud.android.Log_OC; /** * @author David A. Velasco @@ -91,8 +93,35 @@ public class AdvancedX509TrustManager implements X509TrustManager { */ public void checkServerTrusted(X509Certificate[] certificates, String authType) throws CertificateException { if (!isKnownServer(certificates[0])) { - Log.d(TAG, "checkClientTrusted() with standard trust manager..."); - mStandardTrustManager.checkClientTrusted(certificates, authType); + CertificateCombinedException result = new CertificateCombinedException(certificates[0]); + try { + certificates[0].checkValidity(); + } catch (CertificateExpiredException c) { + result.setCertificateExpiredException(c); + + } catch (CertificateNotYetValidException c) { + result.setCertificateNotYetException(c); + } + + try { + mStandardTrustManager.checkServerTrusted(certificates, authType); + } catch (CertificateException c) { + Throwable cause = c.getCause(); + Throwable previousCause = null; + while (cause != null && cause != previousCause && !(cause instanceof CertPathValidatorException)) { // getCause() is not funny + previousCause = cause; + cause = cause.getCause(); + } + if (cause != null && cause instanceof CertPathValidatorException) { + result.setCertPathValidatorException((CertPathValidatorException)cause); + } else { + result.setOtherCertificateException(c); + } + } + + if (result.isException()) + throw result; + } } @@ -105,11 +134,11 @@ public class AdvancedX509TrustManager implements X509TrustManager { } - private boolean isKnownServer(X509Certificate cert) { + public boolean isKnownServer(X509Certificate cert) { try { return (mKnownServersKeyStore.getCertificateAlias(cert) != null); } catch (KeyStoreException e) { - Log.d(TAG, "Fail while checking certificate in the known-servers store"); + Log_OC.d(TAG, "Fail while checking certificate in the known-servers store"); return false; } }