package org.wordpress.android.util;
import android.app.AlertDialog;
import android.content.Context;
import android.content.DialogInterface;
import android.net.http.SslCertificate;
import android.os.Bundle;
import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import org.wordpress.android.fluxc.network.MemorizingTrustManager;
import org.wordpress.android.ui.ActivityLauncher;
import org.wordpress.android.util.AppLog.T;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
public class SelfSignedSSLUtils {
public interface Callback {
void certificateTrusted();
}
public static void showSSLWarningDialog(@NonNull final Context context,
@NonNull final MemorizingTrustManager memorizingTrustManager,
@Nullable final Callback callback) {
AlertDialog.Builder alert = new AlertDialog.Builder(context);
alert.setTitle(context.getString(org.wordpress.android.R.string.ssl_certificate_error));
alert.setMessage(context.getString(org.wordpress.android.R.string.ssl_certificate_ask_trust));
alert.setPositiveButton(org.wordpress.android.R.string.yes, new DialogInterface.OnClickListener() {
public void onClick(DialogInterface dialog, int which) {
// Add the certificate to our list
memorizingTrustManager.storeLastFailure();
// Retry login action
if (callback != null) {
callback.certificateTrusted();
}
}
}
);
alert.setNeutralButton(org.wordpress.android.R.string.ssl_certificate_details, new DialogInterface.OnClickListener() {
public void onClick(DialogInterface dialog, int which) {
ActivityLauncher.viewSSLCerts(context, memorizingTrustManager.getLastFailure().toString());
}
});
alert.show();
}
public static X509Certificate sslCertificateToX509(@Nullable SslCertificate cert) {
if (cert == null) {
return null;
}
Bundle bundle = SslCertificate.saveState(cert);
X509Certificate x509Certificate = null;
byte[] bytes = bundle.getByteArray("x509-certificate");
if (bytes == null) {
AppLog.e(T.API, "Cannot load the SSLCertificate bytes from the bundle");
} else {
try {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
Certificate certX509 = certFactory.generateCertificate(new ByteArrayInputStream(bytes));
x509Certificate = (X509Certificate) certX509;
} catch (CertificateException e) {
AppLog.e(T.API, "Cannot generate the X509Certificate with the bytes provided", e);
}
}
return x509Certificate;
}
}