moparisthebest
/
k-9
mirror of https://github.com/moparisthebest/k-9
1
0
Fork 0
Code Issues Releases Wiki Activity
k-9/k9mail-library/src/main/java/com/fsck/k9/mail/ssl/TrustManagerFactory.java

124 lines
4.0 KiB
Java
Raw Normal View History

Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
Move SSL code into package
2014-12-12 07:34:57 -05:00
package com.fsck.k9.mail.ssl;
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
Let IntelliJ optimize our import statements
2009-12-09 22:16:42 -05:00
import android.util.Log;
Remove LocalKeyStore's dependency on K9.app
2013-12-03 07:28:48 -05:00
Fix erroneous SSL certificate warnings If you attempted to use SSL to connect to a server that speaks STARTTLS, you should get an SSL protocol error. Instead, you were likely to get an "Unrecognized Certificate" error that shows you an unrelated certificate chain and asks you to accept it or reject it. Neither action would work because the actual problem had nothing to do with certificates. The unrelated certificate chain that popped up had been statically stored when validating a prior connection to a different server. With this patch, certificate chains are no longer stored statically when validating server connections. Issue 5886 is an example of a user experiencing this problem.
2013-08-25 15:43:36 -04:00
import com.fsck.k9.mail.CertificateChainException;
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
import javax.net.ssl.SSLException;
Let IntelliJ optimize our import statements
2009-12-09 22:16:42 -05:00
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
import org.apache.http.conn.ssl.StrictHostnameVerifier;
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
import java.security.KeyStore;
import java.security.KeyStoreException;
Let IntelliJ optimize our import statements
2009-12-09 22:16:42 -05:00
import java.security.NoSuchAlgorithmException;
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
import java.security.cert.CertificateException;
Let IntelliJ optimize our import statements
2009-12-09 22:16:42 -05:00
import java.security.cert.X509Certificate;
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
import java.util.HashMap;
import java.util.Map;
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
public final class TrustManagerFactory {
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
private static final String LOG_TAG = "TrustManagerFactory";
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
private static X509TrustManager defaultTrustManager;
applied compromise code reformatting: find src/com/android/email/ -name \*java|xargs astyle --style=ansi \ --mode=java --indent-switches --indent=spaces=4 --convert-tabs \ --unpad=paren
2009-11-24 19:40:29 -05:00
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly.
2013-12-02 14:04:40 -05:00
private static LocalKeyStore keyStore;
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
private static class SecureX509TrustManager implements X509TrustManager {
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
private static final Map<String, SecureX509TrustManager> mTrustManager =
new HashMap<String, SecureX509TrustManager>();
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
private final String mHost;
Fix inadequate certificate validation Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore.
2013-11-23 13:26:57 -05:00
private final int mPort;
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
Fix inadequate certificate validation Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore.
2013-11-23 13:26:57 -05:00
private SecureX509TrustManager(String host, int port) {
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
mHost = host;
Fix inadequate certificate validation Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore.
2013-11-23 13:26:57 -05:00
mPort = port;
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}
Fix inadequate certificate validation Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore.
2013-11-23 13:26:57 -05:00
public synchronized static X509TrustManager getInstance(String host, int port) {
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly.
2013-12-02 14:04:40 -05:00
String key = host + ":" + port;
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
SecureX509TrustManager trustManager;
Fix inadequate certificate validation Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore.
2013-11-23 13:26:57 -05:00
if (mTrustManager.containsKey(key)) {
trustManager = mTrustManager.get(key);
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
} else {
Fix inadequate certificate validation Proper host name validation was not being performed for certificates kept in the local keystore. If an attacker could convince a user to accept and store an attacker's certificate, then that certificate could be used for MITM attacks, giving the attacker access to all connections to all servers in all accounts in K-9. This commit changes how the certificates are stored. Previously, an entire certificate chain was stored for a server (and any of those certificates in the chain were available for validating signatures on certificates received when connecting). Now just the single certificate for the server is stored. This commit changes how locally stored certificates are retrieved. They can only be retrieved using the host:port that the user configured for the server. This also fixes issue 1326. Users can now use different certificates for different servers on the same host (listening to different ports). The above changes mean that users might have to re-accept certificates that they had previously accepted and are still using (but only if the certificate's Subject doesn't match the host that they are connecting to). This commit modifies AccountSetupBasics so that it now calls AccountSetupCheckSettings twice -- once for checking the incoming settings and once for the outgoing settings. Otherwise, an exception could occur while checking incoming settings, the user could say continue (or the user could accept a certificate key), and the outgoing settings would not be checked. This also helps with determining if a certificate exception was for the incoming or outgoing server, which is needed if the user decides to add the certificate to the keystore.
2013-11-23 13:26:57 -05:00
trustManager = new SecureX509TrustManager(host, port);
mTrustManager.put(key, trustManager);
applied compromise code reformatting: find src/com/android/email/ -name \*java|xargs astyle --style=ansi \ --mode=java --indent-switches --indent=spaces=4 --convert-tabs \ --unpad=paren
2009-11-24 19:40:29 -05:00
}
Fix for Issue 1956 A race condition made the outgoing certificate being compared to the old incoming mHost, throwing an exception with an untrusted certificate dialogue to accept or decline.
2010-07-27 14:59:41 -04:00
return trustManager;
applied compromise code reformatting: find src/com/android/email/ -name \*java|xargs astyle --style=ansi \ --mode=java --indent-switches --indent=spaces=4 --convert-tabs \ --unpad=paren
2009-11-24 19:40:29 -05:00
}
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
public void checkClientTrusted(X509Certificate[] chain, String authType)
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
throws CertificateException {
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
defaultTrustManager.checkClientTrusted(chain, authType);
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
Only check against the certificate stored for a server, not all of them
2013-11-29 07:56:09 -05:00
throws CertificateException {
Return proper error message when certificate couldn't be verified against global key store
2013-12-06 00:53:04 -05:00
String message = null;
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
X509Certificate certificate = chain[0];
chain the exception
2014-10-11 11:11:12 -04:00
Throwable cause = null;
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
try {
applied compromise code reformatting: find src/com/android/email/ -name \*java|xargs astyle --style=ansi \ --mode=java --indent-switches --indent=spaces=4 --convert-tabs \ --unpad=paren
2009-11-24 19:40:29 -05:00
defaultTrustManager.checkServerTrusted(chain, authType);
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
new StrictHostnameVerifier().verify(mHost, certificate);
return;
Return proper error message when certificate couldn't be verified against global key store
2013-12-06 00:53:04 -05:00
} catch (CertificateException e) {
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
// cert. chain can't be validated
message = e.getMessage();
chain the exception
2014-10-11 11:11:12 -04:00
cause = e;
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
} catch (SSLException e) {
// host name doesn't match certificate
Return proper error message when certificate couldn't be verified against global key store
2013-12-06 00:53:04 -05:00
message = e.getMessage();
chain the exception
2014-10-11 11:11:12 -04:00
cause = e;
Return proper error message when certificate couldn't be verified against global key store
2013-12-06 00:53:04 -05:00
}
Only check against the certificate stored for a server, not all of them
2013-11-29 07:56:09 -05:00
// Check the local key store if we couldn't verify the certificate using the global
// key store or if the host name doesn't match the certificate name
Eliminate DomainNameChecker There's no need to maintain our own implementation when comparable classes already exist in the Android API. StrictHostnameVerifier is used instead.
2014-08-22 10:02:45 -04:00
if (!keyStore.isValidCertificate(certificate, mHost, mPort)) {
chain the exception
2014-10-11 11:11:12 -04:00
throw new CertificateChainException(message, chain, cause);
applied compromise code reformatting: find src/com/android/email/ -name \*java|xargs astyle --style=ansi \ --mode=java --indent-switches --indent=spaces=4 --convert-tabs \ --unpad=paren
2009-11-24 19:40:29 -05:00
}
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
public X509Certificate[] getAcceptedIssuers() {
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
return defaultTrustManager.getAcceptedIssuers();
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
static {
try {
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized.
2013-12-03 19:20:20 -05:00
keyStore = LocalKeyStore.getInstance();
Only check against the certificate stored for a server, not all of them
2013-11-29 07:56:09 -05:00
javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
tmf.init((KeyStore) null);
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
TrustManager[] tms = tmf.getTrustManagers();
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
if (tms != null) {
for (TrustManager tm : tms) {
if (tm instanceof X509TrustManager) {
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
defaultTrustManager = (X509TrustManager) tm;
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
break;
}
}
}
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
} catch (NoSuchAlgorithmException e) {
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
} catch (KeyStoreException e) {
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
Add unit tests for TrustManagerFactory
2013-11-29 04:49:52 -05:00
}
}
Big, scary massive "ant astyle" to get us back to something approximating AOSP coding standards.
2011-02-06 17:09:48 -05:00
private TrustManagerFactory() {
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}
Remove SimpleX509TrustManager because it's no longer used
2014-03-05 00:03:06 -05:00
public static X509TrustManager get(String host, int port) {
return SecureX509TrustManager.getInstance(host, port);
Merge into 'trunk' r124@hotel-dan (orig r123): jessev | 2008-11-07 03:35:09 -0500 Branch for Bradley Young r126@hotel-dan (orig r125): young.bradley | 2008-11-08 17:27:30 -0500 Initial checkin of self signed certificates capability. Missing ability to save updated KeyStore. r127@hotel-dan (orig r126): young.bradley | 2008-11-10 13:04:49 -0500 Update to allow saving updated keys to keystore r17200@hotel-dan (orig r131): young.bradley | 2008-11-17 14:09:24 -0500 Updates to handle chains properly, and handle default behavior. r17206@hotel-dan (orig r137): young.bradley | 2008-11-29 14:14:25 -0500 Checkin for beta 2: this should be the release candidate.
2008-12-02 19:04:24 -05:00
}
Damn it. Weird symlink-in-checkout bug. There goes our commit history. Sorry, all. Guess I should go back to svk
2008-11-01 17:32:06 -04:00
}