r4sas
/
lightning-i2p
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Browse Source

add purplei2p ca support

master
R4SAS 6 years ago
parent
3c0932b473
commit
0eab701228
2 changed files with 106 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      app/src/main/assets/cert/purplei2p.crt
  2. 83
      app/src/main/java/org/purplei2p/lightning/view/LightningWebClient.java

23
app/src/main/assets/cert/purplei2p.crt
Unescape View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID7DCCAtSgAwIBAgIJAKXaTovgoTIUMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD
VQQGEwJXVzEUMBIGA1UECAwLSTJQIE5ldHdvcmsxEjAQBgNVBAoMCVB1cnBsZUky
UDEqMCgGA1UEAwwhUHVycGxlSTJQIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MR0w
GwYJKoZIhvcNAQkBFg5yNHNhc0BtYWlsLmkycDAeFw0xODA4MjQyMTQ3NTJaFw0y
MzA4MjMyMTQ3NTJaMIGCMQswCQYDVQQGEwJXVzEUMBIGA1UECAwLSTJQIE5ldHdv
cmsxEjAQBgNVBAoMCVB1cnBsZUkyUDEqMCgGA1UEAwwhUHVycGxlSTJQIENlcnRp
ZmljYXRpb24gQXV0aG9yaXR5MR0wGwYJKoZIhvcNAQkBFg5yNHNhc0BtYWlsLmky
cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALAZnN/U5bgkmiBqp/Np
yiMOkUPjr2tLhV78Oba46xDLA6AiQ7yTPg+/ZYPIfbF2dPBTpfgGdly2M1xymRKc
3Pa+IUXkLw6oCA+lFzOFW0Swtekk9HRAgGyHgj6/Hvagva5Wer4HJIO1qRsFPew+
XcM3uhhiXoiO8o+YGpJ/7kz0gED3p2b9OVsLPd8G/GfdR3miD+Au+kUx/27z/WdJ
ISfFILFnYeYZGffrpRcFtoGwuZUCugwnbLtpQpNKuGq8jDidm1v6Rb85JmkoH3Sg
lRaX1MK0aPhM4WfCf7aWCNe669FAWPNB3Ya2lue7ewPLI84ZUEqcoJwmWn2ci2SU
EXUCAwEAAaNjMGEwHQYDVR0OBBYEFG3hwzikpXqMasw678OHM8uLyjEoMB8GA1Ud
IwQYMBaAFG3hwzikpXqMasw678OHM8uLyjEoMA8GA1UdEwQIMAYBAf8CAQAwDgYD
VR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQA07URxJMI/Ta9y1wIg+k7o
1aHXsl6YOXmd2ymhKZhZHrZlutE2U19IQSoEV0SBddP9D05xD6Ovsrwo7caeYzNt
+2DJnlJ2IY61NqYUIDEoJyNPL/S7WleH+xO+bcSqWvbntTNYAD6WQVfHCAimVE6P
RnSZGqG089i84DRCyrh/6F1OxnBd6j14z+2ctQD+h6NlQXiCAUIwzVirYoE7oGpH
Xta7Ei+RDvBXLXLAQRdXpzSP/Ddf7MCJzmH3VYAy+0sVuHr09hpFMtC59hTrdLVD
/qma0eKrBr1DGH6QrZMZDqpNfv4wUPyVQBsRbbn2/1fL9IqK43CIj8RUllCOsmyU
-----END CERTIFICATE-----

83
app/src/main/java/org/purplei2p/lightning/view/LightningWebClient.java
Unescape View File

@ -9,6 +9,7 @@ import android.content.Intent;
import android.graphics.Bitmap; import android.graphics.Bitmap;
import android.net.MailTo; import android.net.MailTo;
import android.net.Uri; import android.net.Uri;
import android.net.http.SslCertificate;
import android.net.http.SslError; import android.net.http.SslError;
import android.os.Build; import android.os.Build;
import android.os.Message; import android.os.Message;
@ -31,14 +32,29 @@ import android.webkit.WebViewClient;
import android.widget.EditText; import android.widget.EditText;
import android.widget.TextView; import android.widget.TextView;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import javax.inject.Inject; import javax.inject.Inject;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.purplei2p.lightning.BuildConfig; import org.purplei2p.lightning.BuildConfig;
import org.purplei2p.lightning.R; import org.purplei2p.lightning.R;
@ -62,6 +78,8 @@ public class LightningWebClient extends WebViewClient {
@NonNull private final UIController mUIController; @NonNull private final UIController mUIController;
@NonNull private final IntentUtils mIntentUtils; @NonNull private final IntentUtils mIntentUtils;
private TrustManagerFactory tmf = null;
@Inject ProxyUtils mProxyUtils; @Inject ProxyUtils mProxyUtils;
@Inject AdBlock mAdBlock; @Inject AdBlock mAdBlock;
@ -74,6 +92,37 @@ public class LightningWebClient extends WebViewClient {
mLightningView = lightningView; mLightningView = lightningView;
mAdBlock.updatePreference(); mAdBlock.updatePreference();
mIntentUtils = new IntentUtils(activity); mIntentUtils = new IntentUtils(activity);
try {
initTrustStore();
} catch(Exception e) {}
}
private void initTrustStore() throws
CertificateException, FileNotFoundException,
IOException, KeyStoreException, NoSuchAlgorithmException {
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore trustedKeyStore = KeyStore.getInstance(keyStoreType);
trustedKeyStore.load(null, null);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(mActivity.getResources().getAssets().open("cert/purplei2p.crt"));
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
Log.d(TAG, "ca-root DN=" + ((X509Certificate) ca).getSubjectDN());
}
finally {
caInput.close();
}
trustedKeyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(trustedKeyStore);
} }
@TargetApi(Build.VERSION_CODES.LOLLIPOP) @TargetApi(Build.VERSION_CODES.LOLLIPOP)
@ -225,6 +274,40 @@ public class LightningWebClient extends WebViewClient {
@Override @Override
public void onReceivedSslError(WebView view, @NonNull final SslErrorHandler handler, @NonNull SslError error) { public void onReceivedSslError(WebView view, @NonNull final SslErrorHandler handler, @NonNull SslError error) {
boolean passVerify = false;
if(error.getPrimaryError() == SslError.SSL_UNTRUSTED){
SslCertificate cert = error.getCertificate();
String subjectDN = cert.getIssuedTo().getDName();
Log.d(TAG, "SslError subjectDN: "+subjectDN);
try{
Field f = cert.getClass().getDeclaredField("mX509Certificate");
f.setAccessible(true);
X509Certificate x509 = (X509Certificate)f.get(cert);
X509Certificate[] chain = {x509};
for (TrustManager trustManager: tmf.getTrustManagers()) {
if (trustManager instanceof X509TrustManager) {
X509TrustManager x509TrustManager = (X509TrustManager)trustManager;
try{
x509TrustManager.checkServerTrusted(chain, "generic");
passVerify = true;break;
}catch(Exception e){
Log.e(TAG, "SslError verify trustManager failed", e);
passVerify = false;
}
}
}
Log.d(TAG, "SslError passVerify: "+passVerify);
}catch(Exception e){
Log.e(TAG, "SslError verify cert fail", e);
}
}
if(passVerify == true) {
handler.proceed();
return;
}
List<Integer> errorCodeMessageCodes = getAllSslErrorMessageCodes(error); List<Integer> errorCodeMessageCodes = getAllSslErrorMessageCodes(error);
StringBuilder stringBuilder = new StringBuilder(); StringBuilder stringBuilder = new StringBuilder();

Write Preview
Loading…
Cancel
Save