SSLUtils.java example

Explorer
ttr-master
- ttrss-reader-fork-master
  - localeapi
    - src
      - main
        java
        com
        twofortyfouram
        locale
        BreadCrumber.java
        Constants.java
        Intent.java
        PackageUtilities.java
  - ttrssreader
    - src
/*
 * Copyright (c) 2015, Nils Braden
 *
 * This file is part of ttrss-reader-fork. This program is free software; you
 * can redistribute it and/or modify it under the terms of the GNU
 * General Public License as published by the Free Software Foundation;
 * either version 3 of the License, or (at your option) any later
 * version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details. You should have received a
 * copy of the GNU General Public License along with this program; If
 * not, see http://www.gnu.org/licenses/.
 */

package org.ttrssreader.utils;

import android.annotation.SuppressLint;
import android.util.Log;

import org.ttrssreader.MyApplication;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class SSLUtils {

	private static final String TAG = SSLUtils.class.getSimpleName();

	public static void initSslSocketFactory(KeyManager[] km, TrustManager[] tm)
			throws KeyManagementException, NoSuchAlgorithmException {

		SSLContext ctx = SSLContext.getInstance("TLS");
		ctx.init(km, tm, null);
		SSLSocketFactory factory = ctx.getSocketFactory();

		HttpsURLConnection.setDefaultSSLSocketFactory(factory);
	}

	public static void initPrivateKeystore(String password) throws GeneralSecurityException {
		Log.i(TAG, "Enabling SSLUtils to trust certificates from private keystore.");
		KeyStore keystore = loadKeystore(password);
		if (keystore == null) return;

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
		tmf.init(keystore);

		KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
		kmf.init(keystore, password.toCharArray());

		initSslSocketFactory(kmf.getKeyManagers(), tmf.getTrustManagers());
	}

	private static KeyStore loadKeystore(String keystorePassword) throws GeneralSecurityException {
		KeyStore trusted;
		try {
			trusted = KeyStore.getInstance(KeyStore.getDefaultType());

			File file = new File(MyApplication.context().getExternalFilesDir(null), "store.bks");

			if (!file.exists()) return null;

			InputStream in = new FileInputStream(file);

			try {
				trusted.load(in, keystorePassword.toCharArray());
			} finally {
				try {
					in.close();
				} catch (IOException e) {
					// Empty!
				}
			}
		} catch (Exception e) {
			throw new GeneralSecurityException("Couldn't load keystore.", e);
		}
		return trusted;
	}

	@SuppressLint("TrustAllX509TrustManager")
	public static void trustAllCert() throws KeyManagementException, NoSuchAlgorithmException {
		Log.i(TAG, "Enabling SSLUtils to trust all CERTIFICATES.");
		X509TrustManager easyTrustManager = new X509TrustManager() {
			@Override
			public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			}

			@Override
			public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			}

			@Override
			public X509Certificate[] getAcceptedIssuers() {
				return new X509Certificate[]{};
			}

		};

		// Create a trust manager that does not validate certificate chains
		initSslSocketFactory(null, new TrustManager[]{easyTrustManager});
	}

	public static void trustAllHost() {
		Log.i(TAG, "Enabling SSLUtils to trust all HOSTS.");
		try {
			HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
				@Override
				public boolean verify(String hostname, SSLSession session) {
					return true;
				}
			});
		} catch (Exception e) {
			// Empty, HostnameVerifier cannot be null.
		}
	}

}