2008-11-01 17:32:06 -04:00
|
|
|
|
2009-12-14 21:50:53 -05:00
|
|
|
package com.fsck.k9.mail.store;
|
2008-11-01 17:32:06 -04:00
|
|
|
|
2008-12-02 19:04:24 -05:00
|
|
|
import android.app.Application;
|
|
|
|
|
import android.content.Context;
|
2009-12-09 22:16:42 -05:00
|
|
|
import android.util.Log;
|
2009-12-14 21:50:53 -05:00
|
|
|
import com.fsck.k9.K9;
|
2010-05-19 15:16:36 -04:00
|
|
|
import com.fsck.k9.helper.DomainNameChecker;
|
2008-11-01 17:32:06 -04:00
|
|
|
|
2009-12-09 22:16:42 -05:00
|
|
|
import javax.net.ssl.TrustManager;
|
|
|
|
|
import javax.net.ssl.X509TrustManager;
|
2008-12-02 19:04:24 -05:00
|
|
|
import java.io.File;
|
|
|
|
|
import java.io.FileNotFoundException;
|
|
|
|
|
import java.io.IOException;
|
2008-11-01 17:32:06 -04:00
|
|
|
import java.security.KeyStore;
|
|
|
|
|
import java.security.KeyStoreException;
|
2009-12-09 22:16:42 -05:00
|
|
|
import java.security.NoSuchAlgorithmException;
|
2008-11-01 17:32:06 -04:00
|
|
|
import java.security.cert.CertificateException;
|
2009-12-09 22:16:42 -05:00
|
|
|
import java.security.cert.X509Certificate;
|
2008-12-02 19:04:24 -05:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public final class TrustManagerFactory
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
private static final String LOG_TAG = "TrustManagerFactory";
|
|
|
|
|
|
2008-12-02 19:04:24 -05:00
|
|
|
private static X509TrustManager defaultTrustManager;
|
|
|
|
|
private static X509TrustManager unsecureTrustManager;
|
2009-11-24 19:40:29 -05:00
|
|
|
private static X509TrustManager localTrustManager;
|
|
|
|
|
|
2008-12-02 19:04:24 -05:00
|
|
|
private static X509Certificate[] lastCertChain = null;
|
2009-11-24 19:40:29 -05:00
|
|
|
|
2008-12-02 19:04:24 -05:00
|
|
|
private static File keyStoreFile;
|
|
|
|
|
private static KeyStore keyStore;
|
|
|
|
|
|
2008-11-01 17:32:06 -04:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
private static class SimpleX509TrustManager implements X509TrustManager
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
public void checkClientTrusted(X509Certificate[] chain, String authType)
|
2009-11-24 19:40:29 -05:00
|
|
|
throws CertificateException
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void checkServerTrusted(X509Certificate[] chain, String authType)
|
2009-11-24 19:40:29 -05:00
|
|
|
throws CertificateException
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public X509Certificate[] getAcceptedIssuers()
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
private static class SecureX509TrustManager implements X509TrustManager
|
|
|
|
|
{
|
2009-02-11 16:07:25 -05:00
|
|
|
private String mHost;
|
2008-12-02 19:04:24 -05:00
|
|
|
private static SecureX509TrustManager me;
|
2008-11-01 17:32:06 -04:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
private SecureX509TrustManager()
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public static X509TrustManager getInstance(String host)
|
|
|
|
|
{
|
|
|
|
|
if (me == null)
|
|
|
|
|
{
|
|
|
|
|
me = new SecureX509TrustManager();
|
|
|
|
|
}
|
|
|
|
|
me.mHost = host;
|
|
|
|
|
return me;
|
|
|
|
|
}
|
2008-12-02 19:04:24 -05:00
|
|
|
|
2008-11-01 17:32:06 -04:00
|
|
|
public void checkClientTrusted(X509Certificate[] chain, String authType)
|
2009-11-24 19:40:29 -05:00
|
|
|
throws CertificateException
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
defaultTrustManager.checkClientTrusted(chain, authType);
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public void checkServerTrusted(X509Certificate[] chain, String authType)
|
2009-11-24 19:40:29 -05:00
|
|
|
throws CertificateException
|
|
|
|
|
{
|
|
|
|
|
TrustManagerFactory.setLastCertChain(chain);
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
defaultTrustManager.checkServerTrusted(chain, authType);
|
|
|
|
|
}
|
|
|
|
|
catch (CertificateException e)
|
|
|
|
|
{
|
|
|
|
|
localTrustManager.checkServerTrusted(new X509Certificate[] {chain[0]}, authType);
|
|
|
|
|
}
|
|
|
|
|
if (!DomainNameChecker.match(chain[0], mHost))
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
String dn = chain[0].getSubjectDN().toString();
|
|
|
|
|
if ((dn != null) && (dn.equalsIgnoreCase(keyStore.getCertificateAlias(chain[0]))))
|
|
|
|
|
{
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch (KeyStoreException e)
|
|
|
|
|
{
|
|
|
|
|
throw new CertificateException("Certificate cannot be verified; KeyStore Exception: " + e);
|
|
|
|
|
}
|
|
|
|
|
throw new CertificateException("Certificate domain name does not match "
|
|
|
|
|
+ mHost);
|
|
|
|
|
}
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public X509Certificate[] getAcceptedIssuers()
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
return defaultTrustManager.getAcceptedIssuers();
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
2008-12-02 19:04:24 -05:00
|
|
|
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
static
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
|
2009-12-14 21:50:53 -05:00
|
|
|
Application app = K9.app;
|
2008-12-02 19:04:24 -05:00
|
|
|
keyStoreFile = new File(app.getDir("KeyStore", Context.MODE_PRIVATE) + File.separator + "KeyStore.bks");
|
|
|
|
|
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
2009-11-24 19:40:29 -05:00
|
|
|
java.io.FileInputStream fis;
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
fis = new java.io.FileInputStream(keyStoreFile);
|
|
|
|
|
}
|
|
|
|
|
catch (FileNotFoundException e1)
|
|
|
|
|
{
|
|
|
|
|
fis = null;
|
|
|
|
|
}
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
keyStore.load(fis, "".toCharArray());
|
|
|
|
|
//if (fis != null) {
|
|
|
|
|
// fis.close();
|
|
|
|
|
//}
|
|
|
|
|
}
|
|
|
|
|
catch (IOException e)
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
Log.e(LOG_TAG, "KeyStore IOException while initializing TrustManagerFactory ", e);
|
2009-11-24 19:40:29 -05:00
|
|
|
keyStore = null;
|
|
|
|
|
}
|
|
|
|
|
catch (CertificateException e)
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
Log.e(LOG_TAG, "KeyStore CertificateException while initializing TrustManagerFactory ", e);
|
2009-11-24 19:40:29 -05:00
|
|
|
keyStore = null;
|
|
|
|
|
}
|
2008-12-02 19:04:24 -05:00
|
|
|
tmf.init(keyStore);
|
2008-11-01 17:32:06 -04:00
|
|
|
TrustManager[] tms = tmf.getTrustManagers();
|
2009-11-24 19:40:29 -05:00
|
|
|
if (tms != null)
|
|
|
|
|
{
|
|
|
|
|
for (TrustManager tm : tms)
|
|
|
|
|
{
|
|
|
|
|
if (tm instanceof X509TrustManager)
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
localTrustManager = (X509TrustManager)tm;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
|
|
|
|
|
tmf.init((KeyStore)null);
|
|
|
|
|
tms = tmf.getTrustManagers();
|
2009-11-24 19:40:29 -05:00
|
|
|
if (tms != null)
|
|
|
|
|
{
|
|
|
|
|
for (TrustManager tm : tms)
|
|
|
|
|
{
|
|
|
|
|
if (tm instanceof X509TrustManager)
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
defaultTrustManager = (X509TrustManager) tm;
|
2008-11-01 17:32:06 -04:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-12-02 19:04:24 -05:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
}
|
|
|
|
|
catch (NoSuchAlgorithmException e)
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
|
2009-11-24 19:40:29 -05:00
|
|
|
}
|
|
|
|
|
catch (KeyStoreException e)
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
|
|
|
|
|
}
|
2008-12-02 19:04:24 -05:00
|
|
|
unsecureTrustManager = new SimpleX509TrustManager();
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
private TrustManagerFactory()
|
|
|
|
|
{
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
|
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public static X509TrustManager get(String host, boolean secure)
|
|
|
|
|
{
|
2008-12-02 19:04:24 -05:00
|
|
|
return secure ? SecureX509TrustManager.getInstance(host) :
|
2009-11-24 19:40:29 -05:00
|
|
|
unsecureTrustManager;
|
2008-12-02 19:04:24 -05:00
|
|
|
}
|
2008-12-04 17:15:43 -05:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public static KeyStore getKeyStore()
|
|
|
|
|
{
|
|
|
|
|
return keyStore;
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
2008-12-04 17:15:43 -05:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public static void setLastCertChain(X509Certificate[] chain)
|
|
|
|
|
{
|
|
|
|
|
lastCertChain = chain;
|
|
|
|
|
}
|
|
|
|
|
public static X509Certificate[] getLastCertChain()
|
|
|
|
|
{
|
|
|
|
|
return lastCertChain;
|
|
|
|
|
}
|
2008-12-02 19:04:24 -05:00
|
|
|
|
2009-11-24 19:40:29 -05:00
|
|
|
public static void addCertificateChain(String alias, X509Certificate[] chain) throws CertificateException
|
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
|
2010-07-18 21:52:18 -04:00
|
|
|
for (X509Certificate element : chain)
|
2008-12-02 19:04:24 -05:00
|
|
|
{
|
|
|
|
|
keyStore.setCertificateEntry
|
2010-07-18 21:52:18 -04:00
|
|
|
(element.getSubjectDN().toString(), element);
|
2009-11-24 19:40:29 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
tmf.init(keyStore);
|
|
|
|
|
TrustManager[] tms = tmf.getTrustManagers();
|
|
|
|
|
if (tms != null)
|
|
|
|
|
{
|
|
|
|
|
for (TrustManager tm : tms)
|
|
|
|
|
{
|
|
|
|
|
if (tm instanceof X509TrustManager)
|
|
|
|
|
{
|
|
|
|
|
localTrustManager = (X509TrustManager) tm;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
java.io.FileOutputStream keyStoreStream;
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
keyStoreStream = new java.io.FileOutputStream(keyStoreFile);
|
|
|
|
|
keyStore.store(keyStoreStream, "".toCharArray());
|
|
|
|
|
keyStoreStream.close();
|
|
|
|
|
}
|
|
|
|
|
catch (FileNotFoundException e)
|
|
|
|
|
{
|
|
|
|
|
throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
|
|
|
|
|
}
|
|
|
|
|
catch (CertificateException e)
|
|
|
|
|
{
|
|
|
|
|
throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
|
|
|
|
|
}
|
|
|
|
|
catch (IOException e)
|
|
|
|
|
{
|
|
|
|
|
throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
catch (NoSuchAlgorithmException e)
|
|
|
|
|
{
|
|
|
|
|
Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
|
|
|
|
|
}
|
|
|
|
|
catch (KeyStoreException e)
|
|
|
|
|
{
|
|
|
|
|
Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-11-01 17:32:06 -04:00
|
|
|
}
|
