PEMTrustManager.java example

Explorer

TLSDemo-master
- app
  - src
    - androidTest
      - java
        org
        zpcat
        test
        ApplicationTest.java
    - main
      - java
        org
        zpcat
        test
        MainActivity.java
        TLSApplicaton.java
        certs
        BKSKeyStoreKeyManager.java
        BKSKeyStoreTrustManager.java
        CustomKeyManagerFactory.java
        CustomSSLSocketFactory.java
        CustomTrustManagerFactory.java
        PEMKeyManager.java
        PEMTrustManager.java
        network
        AsyncNetRequest.java
        HttpClientRequest.java
        ReqCallback.java
        UrlConnectionRequst.java

package org.zpcat.test.certs;

import android.util.Base64;
import android.util.Log;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * Created by moses on 4/24/15.
 */
public class PEMTrustManager implements X509TrustManager {

    private final String TAG = "TLSdemo";
    private X509Certificate mCert;
    private final String mPemCert;

    public PEMTrustManager(String pem) {
        mPemCert = pem;

        CertificateFactory cf = null;
        InputStream input =
                new ByteArrayInputStream(mPemCert.getBytes(StandardCharsets.UTF_8));

        try {
            cf = CertificateFactory.getInstance("X509");
            mCert = (X509Certificate) cf.generateCertificate(input);
            // Log.e(TAG, mCert.toString());

        } catch (CertificateException e) {
            e.printStackTrace();
        }
    }

    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {

    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {

        boolean ok = false;

        for(X509Certificate cert : chain) {
            Log.e(TAG,
                    "sigAlgName: " + cert.getSigAlgName()
                            + "; SigAlgOID: " + cert.getSigAlgOID());
            try {
                Log.e(TAG, "public key algorithm: " + mCert.getPublicKey().getAlgorithm()
                            + "; form: " + mCert.getPublicKey().getFormat()
                            + "; key: " + mCert.getPublicKey().toString());
                Log.e(TAG, "public key base64: " + Base64.encodeToString(
                        mCert.getPublicKey().getEncoded(), Base64.DEFAULT));

                cert.verify(mCert.getPublicKey());
                ok = true;
                break;
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            } catch (InvalidKeyException e) {
                e.printStackTrace();
            } catch (NoSuchProviderException e) {
                e.printStackTrace();
            } catch (SignatureException e) {
                e.printStackTrace();
            }
        }

        if (!ok) {
            throw new CertificateException();
        }
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        X509Certificate[] certs = new X509Certificate[1];
        certs[0] = mCert;
        return certs;
    }
}