1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-15 14:05:05 -05:00
k-9/src/com/android/email/mail/store/TrustManagerFactory.java

216 lines
7.1 KiB
Java
Raw Normal View History

package com.android.email.mail.store;
import android.util.Log;
import android.app.Application;
import android.content.Context;
import android.net.http.DomainNameChecker;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.TrustManager;
import com.android.email.Email;
public final class TrustManagerFactory {
private static final String LOG_TAG = "TrustManagerFactory";
private static X509TrustManager defaultTrustManager;
private static X509TrustManager unsecureTrustManager;
private static X509TrustManager localTrustManager;
Merge into 'trunk' r51837@31b (orig r127): ismarc31 | 2008-11-10 19:10:50 -0500 Experimental branch for Exchange WebDAV support r51838@31b (orig r128): ismarc31 | 2008-11-10 19:24:52 -0500 Initial proof-of-concept code for WebDav support r51839@31b (orig r129): ismarc31 | 2008-11-10 22:02:37 -0500 Fixed a couple of migration issues and enabled WebDav as a mail type r53269@31b (orig r132): ismarc31 | 2008-11-21 21:55:55 -0500 Mostly rewritten class and organization. Better implementation of message fetching. Consolidated response parsing. Removed a large number of redundant calls. There is still some unused functions needing cleaning up, and some unimplemented actions r53338@31b (orig r133): ismarc31 | 2008-11-22 16:50:02 -0500 Removed more redundant and unused calls. Implemented checking read status r53453@31b (orig r134): ismarc31 | 2008-11-24 20:13:24 -0500 Added support for marking messages as read. r53454@31b (orig r135): ismarc31 | 2008-11-24 22:04:04 -0500 Added support for deleting messages server side r53455@31b (orig r136): ismarc31 | 2008-11-25 01:32:19 -0500 Improved flag setting functionality, do bulk HTTP request instead of lots of little ones r53589@31b (orig r138): young.bradley | 2008-11-29 16:18:25 -0500 Missing some ports (webDavPorts); this causes an array index out of bounds exception when anything other than "None" or "SSL (Optional)" are selected. Adding the three additional ports solves this issue. r53590@31b (orig r139): young.bradley | 2008-11-30 00:47:42 -0500 Initial support for sending via WebDav r53591@31b (orig r140): ismarc31 | 2008-11-30 20:12:41 -0500 Fix for display names being URL Encoded for folders. Initial support of Uid Hashmaps instead of plain arrays. r53592@31b (orig r141): ismarc31 | 2008-11-30 21:46:06 -0500 Fix to constructor of HttpGeneric(final String uri). URLs returned from Exchange aren't always fully encoded, this fixes the encoding before creating the method. r53593@31b (orig r142): ismarc31 | 2008-12-01 02:22:16 -0500 Completed support for using hashmaps instead of arrays for indexing urls to emails and read status. Delete is safe again and read status is correct the first time through. r53594@31b (orig r143): ismarc31 | 2008-12-01 22:20:50 -0500 Fix for double-Inbox display issue. Removed volumous amounts of Log.d messages. r53644@31b (orig r157): young.bradley | 2008-12-04 15:14:28 -0500 Fix for wildcard certificates (e.g. issued to *.example.com). Only checking the trust of the certificate itself, since apparently the full chain causes it to not work. r53765@31b (orig r161): ismarc31 | 2008-12-06 18:55:08 -0500 Implemented new functionality for pulling message envelope. Uses a WebDAV call for all messages rather than parsing the stream. Message size is properly set now as well. r54055@31b (orig r163): jessev | 2008-12-06 19:28:24 -0500 * merge fixes
2008-12-06 19:29:11 -05:00
private static SecureX509TrustManager secureTrustManager;
private static X509Certificate[] lastCertChain = null;
Merge into 'trunk' r51837@31b (orig r127): ismarc31 | 2008-11-10 19:10:50 -0500 Experimental branch for Exchange WebDAV support r51838@31b (orig r128): ismarc31 | 2008-11-10 19:24:52 -0500 Initial proof-of-concept code for WebDav support r51839@31b (orig r129): ismarc31 | 2008-11-10 22:02:37 -0500 Fixed a couple of migration issues and enabled WebDav as a mail type r53269@31b (orig r132): ismarc31 | 2008-11-21 21:55:55 -0500 Mostly rewritten class and organization. Better implementation of message fetching. Consolidated response parsing. Removed a large number of redundant calls. There is still some unused functions needing cleaning up, and some unimplemented actions r53338@31b (orig r133): ismarc31 | 2008-11-22 16:50:02 -0500 Removed more redundant and unused calls. Implemented checking read status r53453@31b (orig r134): ismarc31 | 2008-11-24 20:13:24 -0500 Added support for marking messages as read. r53454@31b (orig r135): ismarc31 | 2008-11-24 22:04:04 -0500 Added support for deleting messages server side r53455@31b (orig r136): ismarc31 | 2008-11-25 01:32:19 -0500 Improved flag setting functionality, do bulk HTTP request instead of lots of little ones r53589@31b (orig r138): young.bradley | 2008-11-29 16:18:25 -0500 Missing some ports (webDavPorts); this causes an array index out of bounds exception when anything other than "None" or "SSL (Optional)" are selected. Adding the three additional ports solves this issue. r53590@31b (orig r139): young.bradley | 2008-11-30 00:47:42 -0500 Initial support for sending via WebDav r53591@31b (orig r140): ismarc31 | 2008-11-30 20:12:41 -0500 Fix for display names being URL Encoded for folders. Initial support of Uid Hashmaps instead of plain arrays. r53592@31b (orig r141): ismarc31 | 2008-11-30 21:46:06 -0500 Fix to constructor of HttpGeneric(final String uri). URLs returned from Exchange aren't always fully encoded, this fixes the encoding before creating the method. r53593@31b (orig r142): ismarc31 | 2008-12-01 02:22:16 -0500 Completed support for using hashmaps instead of arrays for indexing urls to emails and read status. Delete is safe again and read status is correct the first time through. r53594@31b (orig r143): ismarc31 | 2008-12-01 22:20:50 -0500 Fix for double-Inbox display issue. Removed volumous amounts of Log.d messages. r53644@31b (orig r157): young.bradley | 2008-12-04 15:14:28 -0500 Fix for wildcard certificates (e.g. issued to *.example.com). Only checking the trust of the certificate itself, since apparently the full chain causes it to not work. r53765@31b (orig r161): ismarc31 | 2008-12-06 18:55:08 -0500 Implemented new functionality for pulling message envelope. Uses a WebDAV call for all messages rather than parsing the stream. Message size is properly set now as well. r54055@31b (orig r163): jessev | 2008-12-06 19:28:24 -0500 * merge fixes
2008-12-06 19:29:11 -05:00
private static File keyStoreFile;
private static KeyStore keyStore;
private static class SimpleX509TrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
private static class SecureX509TrustManager implements X509TrustManager {
private static String mHost;
private static SecureX509TrustManager me;
private SecureX509TrustManager() {
}
public static X509TrustManager getInstance(String host) {
mHost = host;
if (me == null) {
me = new SecureX509TrustManager();
}
return me;
}
public static void setHost(String host){
mHost = host;
}
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
defaultTrustManager.checkClientTrusted(chain, authType);
}
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
TrustManagerFactory.setLastCertChain(chain);
try {
defaultTrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
2008-12-04 17:03:53 -05:00
localTrustManager.checkServerTrusted(new X509Certificate[] {chain[0]}, authType);
}
if (!DomainNameChecker.match(chain[0], mHost)) {
try {
String dn = chain[0].getSubjectDN().toString();
if ((dn != null) && (dn.equalsIgnoreCase(keyStore.getCertificateAlias(chain[0])))) {
return;
}
} catch (KeyStoreException e) {
throw new CertificateException("Certificate cannot be verified; KeyStore Exception: " + e);
}
throw new CertificateException("Certificate domain name does not match "
+ mHost);
}
}
public X509Certificate[] getAcceptedIssuers() {
return defaultTrustManager.getAcceptedIssuers();
}
}
static {
try {
javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
Application app = Email.app;
keyStoreFile = new File(app.getDir("KeyStore", Context.MODE_PRIVATE) + File.separator + "KeyStore.bks");
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
java.io.FileInputStream fis;
try {
fis = new java.io.FileInputStream(keyStoreFile);
} catch (FileNotFoundException e1) {
fis = null;
}
try {
keyStore.load(fis, "".toCharArray());
2009-01-04 19:05:43 -05:00
//if (fis != null) {
// fis.close();
//}
} catch (IOException e) {
Log.e(LOG_TAG, "KeyStore IOException while initializing TrustManagerFactory ", e);
keyStore = null;
} catch (CertificateException e) {
Log.e(LOG_TAG, "KeyStore CertificateException while initializing TrustManagerFactory ", e);
keyStore = null;
}
tmf.init(keyStore);
TrustManager[] tms = tmf.getTrustManagers();
if (tms != null) {
for (TrustManager tm : tms) {
if (tm instanceof X509TrustManager) {
localTrustManager = (X509TrustManager)tm;
break;
}
}
}
tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
tmf.init((KeyStore)null);
tms = tmf.getTrustManagers();
if (tms != null) {
for (TrustManager tm : tms) {
if (tm instanceof X509TrustManager) {
defaultTrustManager = (X509TrustManager) tm;
break;
}
}
}
} catch (NoSuchAlgorithmException e) {
Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
} catch (KeyStoreException e) {
Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
}
unsecureTrustManager = new SimpleX509TrustManager();
}
private TrustManagerFactory() {
}
public static X509TrustManager get(String host, boolean secure) {
return secure ? SecureX509TrustManager.getInstance(host) :
unsecureTrustManager;
}
public static KeyStore getKeyStore() {
return keyStore;
}
public static void setLastCertChain(X509Certificate[] chain) {
lastCertChain = chain;
}
public static X509Certificate[] getLastCertChain() {
return lastCertChain;
}
public static void addCertificateChain(String alias, X509Certificate[] chain) throws CertificateException {
try {
javax.net.ssl.TrustManagerFactory tmf = javax.net.ssl.TrustManagerFactory.getInstance("X509");
for (int i = 0; i < chain.length; i++)
{
keyStore.setCertificateEntry
(chain[i].getSubjectDN().toString(), chain[i]);
}
tmf.init(keyStore);
TrustManager[] tms = tmf.getTrustManagers();
if (tms != null) {
for (TrustManager tm : tms) {
if (tm instanceof X509TrustManager) {
localTrustManager = (X509TrustManager) tm;
break;
}
}
}
java.io.FileOutputStream keyStoreStream;
try {
keyStoreStream = new java.io.FileOutputStream(keyStoreFile);
keyStore.store(keyStoreStream, "".toCharArray());
keyStoreStream.close();
} catch (FileNotFoundException e) {
throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
} catch (CertificateException e) {
throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
} catch (IOException e) {
throw new CertificateException("Unable to write KeyStore: " + e.getMessage());
}
} catch (NoSuchAlgorithmException e) {
Log.e(LOG_TAG, "Unable to get X509 Trust Manager ", e);
} catch (KeyStoreException e) {
Log.e(LOG_TAG, "Key Store exception while initializing TrustManagerFactory ", e);
}
}
}