This GitLab instance reached the end of its service life. It won't be possible to create new users or projects.

Please read the deprecation notice for more information concerning the deprecation timeline

Visit migration.git.tu-berlin.de (internal network only) to import your old projects to the new GitLab platform 📥

use system and custom trust store for TLS connections

parent 66e34eef
......@@ -9,13 +9,9 @@ import java.util.Locale;
import java.util.Map;
import com.android.volley.AuthFailureError;
import com.android.volley.Request;
import com.android.volley.Response;
import com.android.volley.VolleyError;
import com.android.volley.toolbox.JsonArrayRequest;
import com.android.volley.toolbox.JsonObjectRequest;
import com.android.volley.toolbox.JsonRequest;
import org.apache.http.client.ClientProtocolException;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
......
/*
* Copyright (C) 2011 Andrew Karpow <andy@mail.tu-berlin.de>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.k4ever.k4android.utils;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.concurrent.TimeUnit;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.AuthState;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.protocol.ClientContext;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.protocol.ExecutionContext;
import org.apache.http.protocol.HttpContext;
import android.content.Context;
import android.content.SharedPreferences;
import android.preference.PreferenceManager;
import de.k4ever.k4android.R;
public class KassenHttpClient extends DefaultHttpClient {
final Context context;
public KassenHttpClient(Context context) {
this.context = context;
setAuthentification();
}
@Override protected ClientConnectionManager createClientConnectionManager() {
SchemeRegistry registry = new SchemeRegistry();
registry.register(
new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", newSslSocketFactory(), 443));
final ThreadSafeClientConnManager conManager =
new ThreadSafeClientConnManager(getParams(), registry);
conManager.closeIdleConnections(500, TimeUnit.MILLISECONDS);
return conManager;
}
private void setAuthentification() {
// Auth
final SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
final String user = prefs.getString("pref_username", "");
final String pass = prefs.getString("pref_password", "");
// Enable preemptive Authentification
addRequestInterceptor(preemptiveAuth,0);
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(user, pass);
getCredentialsProvider().setCredentials(AuthScope.ANY, credentials);
}
private SSLSocketFactory newSslSocketFactory() {
final X509HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
try {
KeyStore trustStore = KeyStore.getInstance("BKS");
final InputStream in = context.getResources().openRawResource(R.raw.truststore);
try {
trustStore.load(in, "freitagsrunde".toCharArray());
} finally {
in.close();
}
SSLSocketFactory factory = new SSLSocketFactory(trustStore);
factory.setHostnameVerifier(hostnameVerifier);
return factory;
} catch (Exception e) {
throw new AssertionError(e);
}
}
HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() {
public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);
CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(
ClientContext.CREDS_PROVIDER);
HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
if (authState.getAuthScheme() == null) {
AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort());
Credentials creds = credsProvider.getCredentials(authScope);
if (creds != null) {
authState.setAuthScheme(new BasicScheme());
authState.setCredentials(creds);
}
}
}
};
}
......@@ -28,9 +28,14 @@ import android.preference.PreferenceManager;
import de.k4ever.k4android.R;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
......@@ -88,24 +93,64 @@ public class KassenHttpUtils {
if (mRequestQueue == null) {
SSLContext ctx;
try {
KeyStore trustStore = KeyStore.getInstance("BKS");
final InputStream in = mCtx.getResources().openRawResource(R.raw.truststore);
try {
trustStore.load(in, "freitagsrunde".toCharArray());
} finally {
in.close();
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
ctx = SSLContext.getInstance("TLS");
ctx.init(null, tmf.getTrustManagers(), null);
} catch (Exception e) {
throw new AssertionError(e);
}
try {
// get default trust manager
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
X509TrustManager defaultTrustManager = null;
for (TrustManager tm : tmf.getTrustManagers()) {
if (tm instanceof X509TrustManager) {
defaultTrustManager = (X509TrustManager) tm;
break;
}
}
// load custom trust manager
KeyStore customKeyStore = KeyStore.getInstance("BKS");
final InputStream in = mCtx.getResources().openRawResource(R.raw.truststore);
customKeyStore.load(in, "freitagsrunde".toCharArray());
in.close();
TrustManagerFactory customTrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
customTrustManagerFactory.init(customKeyStore);
X509TrustManager customTrustManager = null;
for (TrustManager tm : customTrustManagerFactory.getTrustManagers()) {
if (tm instanceof X509TrustManager) {
customTrustManager = (X509TrustManager) tm;
break;
}
}
// create new trust manager using custom and default TM
final X509TrustManager finalDefaultTrustManager = defaultTrustManager;
final X509TrustManager finalCustomTrustManager = customTrustManager;
X509TrustManager customMergedTrustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
finalDefaultTrustManager.checkClientTrusted(x509Certificates, s);
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
try {
finalCustomTrustManager.checkServerTrusted(x509Certificates, s);
} catch (CertificateException e) {
finalDefaultTrustManager.checkServerTrusted(x509Certificates, s);
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return finalDefaultTrustManager.getAcceptedIssuers();
}
};
ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { customMergedTrustManager }, null);
} catch (Exception e) {
throw new AssertionError(e);
}
mRequestQueue = Volley.newRequestQueue(
mCtx.getApplicationContext(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment