mirror of
https://github.com/ankidroid/Anki-Android.git
synced 2024-09-20 03:52:15 +02:00
add ankiweb-cert to ssl
This commit is contained in:
parent
9a364d957b
commit
c1458a3c19
BIN
res/raw/ankiweb_cert
Normal file
BIN
res/raw/ankiweb_cert
Normal file
Binary file not shown.
@ -1,136 +0,0 @@
|
||||
package com.byarger.exchangeit;
|
||||
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetAddress;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.Socket;
|
||||
import java.net.UnknownHostException;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSocket;
|
||||
import javax.net.ssl.TrustManager;
|
||||
|
||||
import org.apache.http.conn.ConnectTimeoutException;
|
||||
import org.apache.http.conn.scheme.LayeredSocketFactory;
|
||||
import org.apache.http.params.HttpConnectionParams;
|
||||
import org.apache.http.params.HttpParams;
|
||||
|
||||
/**
|
||||
* This socket factory will create ssl socket that accepts self signed
|
||||
* certificate
|
||||
*
|
||||
* @author olamy
|
||||
* @version $Id: EasySSLSocketFactory.java 765355 2009-04-15 20:59:07Z evenisse
|
||||
* $
|
||||
* @since 1.2.3
|
||||
*/
|
||||
public class EasySSLSocketFactory implements LayeredSocketFactory {
|
||||
|
||||
private SSLContext sslcontext = null;
|
||||
|
||||
private static SSLContext createEasySSLContext() throws IOException {
|
||||
try {
|
||||
SSLContext context = SSLContext.getInstance("TLS");
|
||||
context.init(null, new TrustManager[] { new EasyX509TrustManager(
|
||||
null) }, null);
|
||||
return context;
|
||||
} catch (Exception e) {
|
||||
throw new IOException(e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
private SSLContext getSSLContext() throws IOException {
|
||||
if (this.sslcontext == null) {
|
||||
this.sslcontext = createEasySSLContext();
|
||||
}
|
||||
return this.sslcontext;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.apache.http.conn.scheme.SocketFactory#connectSocket(java.net.Socket,
|
||||
* java.lang.String, int, java.net.InetAddress, int,
|
||||
* org.apache.http.params.HttpParams)
|
||||
*/
|
||||
public Socket connectSocket(Socket sock, String host, int port,
|
||||
InetAddress localAddress, int localPort, HttpParams params)
|
||||
throws IOException, UnknownHostException, ConnectTimeoutException {
|
||||
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
|
||||
int soTimeout = HttpConnectionParams.getSoTimeout(params);
|
||||
|
||||
InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
|
||||
SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
|
||||
|
||||
if ((localAddress != null) || (localPort > 0)) {
|
||||
// we need to bind explicitly
|
||||
if (localPort < 0) {
|
||||
localPort = 0; // indicates "any"
|
||||
}
|
||||
InetSocketAddress isa = new InetSocketAddress(localAddress,
|
||||
localPort);
|
||||
sslsock.bind(isa);
|
||||
}
|
||||
|
||||
sslsock.connect(remoteAddress, connTimeout);
|
||||
sslsock.setSoTimeout(soTimeout);
|
||||
return sslsock;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.apache.http.conn.scheme.SocketFactory#createSocket()
|
||||
*/
|
||||
public Socket createSocket() throws IOException {
|
||||
return getSSLContext().getSocketFactory().createSocket();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.apache.http.conn.scheme.SocketFactory#isSecure(java.net.Socket)
|
||||
*/
|
||||
public boolean isSecure(Socket socket) throws IllegalArgumentException {
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see org.apache.http.conn.scheme.LayeredSocketFactory#createSocket(java.net.Socket,
|
||||
* java.lang.String, int, boolean)
|
||||
*/
|
||||
public Socket createSocket(Socket socket, String host, int port,
|
||||
boolean autoClose) throws IOException, UnknownHostException {
|
||||
return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
|
||||
}
|
||||
|
||||
// -------------------------------------------------------------------
|
||||
// javadoc in org.apache.http.conn.scheme.SocketFactory says :
|
||||
// Both Object.equals() and Object.hashCode() must be overridden
|
||||
// for the correct operation of some connection managers
|
||||
// -------------------------------------------------------------------
|
||||
|
||||
public boolean equals(Object obj) {
|
||||
return ((obj != null) && obj.getClass().equals(
|
||||
EasySSLSocketFactory.class));
|
||||
}
|
||||
|
||||
public int hashCode() {
|
||||
return EasySSLSocketFactory.class.hashCode();
|
||||
}
|
||||
|
||||
}
|
@ -1,93 +0,0 @@
|
||||
package com.byarger.exchangeit;
|
||||
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
|
||||
/**
|
||||
* @author olamy
|
||||
* @version $Id: EasyX509TrustManager.java 765355 2009-04-15 20:59:07Z evenisse $
|
||||
* @since 1.2.3
|
||||
*/
|
||||
public class EasyX509TrustManager
|
||||
implements X509TrustManager
|
||||
{
|
||||
|
||||
private X509TrustManager standardTrustManager = null;
|
||||
|
||||
/**
|
||||
* Constructor for EasyX509TrustManager.
|
||||
*/
|
||||
public EasyX509TrustManager( KeyStore keystore )
|
||||
throws NoSuchAlgorithmException, KeyStoreException
|
||||
{
|
||||
super();
|
||||
TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
|
||||
factory.init( keystore );
|
||||
TrustManager[] trustmanagers = factory.getTrustManagers();
|
||||
if ( trustmanagers.length == 0 )
|
||||
{
|
||||
throw new NoSuchAlgorithmException( "no trust manager found" );
|
||||
}
|
||||
this.standardTrustManager = (X509TrustManager) trustmanagers[0];
|
||||
}
|
||||
|
||||
/**
|
||||
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
|
||||
*/
|
||||
public void checkClientTrusted( X509Certificate[] certificates, String authType )
|
||||
throws CertificateException
|
||||
{
|
||||
standardTrustManager.checkClientTrusted( certificates, authType );
|
||||
}
|
||||
|
||||
/**
|
||||
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
|
||||
*/
|
||||
public void checkServerTrusted( X509Certificate[] certificates, String authType )
|
||||
throws CertificateException
|
||||
{
|
||||
if ( ( certificates != null ) && ( certificates.length == 1 ) )
|
||||
{
|
||||
certificates[0].checkValidity();
|
||||
}
|
||||
else
|
||||
{
|
||||
standardTrustManager.checkServerTrusted( certificates, authType );
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
|
||||
*/
|
||||
public X509Certificate[] getAcceptedIssuers()
|
||||
{
|
||||
return this.standardTrustManager.getAcceptedIssuers();
|
||||
}
|
||||
|
||||
}
|
@ -30,7 +30,6 @@ import android.util.Log;
|
||||
import android.util.Pair;
|
||||
|
||||
import com.ichi2.anki.AnkiDroidApp;
|
||||
import com.ichi2.async.DeckTask.TaskData;
|
||||
|
||||
import org.json.JSONArray;
|
||||
import org.json.JSONException;
|
||||
|
@ -16,9 +16,10 @@
|
||||
|
||||
package com.ichi2.libanki.sync;
|
||||
|
||||
import com.ichi2.anki2.R;
|
||||
|
||||
import android.util.Log;
|
||||
|
||||
import com.byarger.exchangeit.EasySSLSocketFactory;
|
||||
import com.ichi2.anki.AnkiDroidApp;
|
||||
import com.ichi2.async.Connection;
|
||||
import com.ichi2.libanki.Collection;
|
||||
@ -34,6 +35,7 @@ import org.apache.http.conn.params.ConnPerRouteBean;
|
||||
import org.apache.http.conn.scheme.PlainSocketFactory;
|
||||
import org.apache.http.conn.scheme.Scheme;
|
||||
import org.apache.http.conn.scheme.SchemeRegistry;
|
||||
import org.apache.http.conn.ssl.SSLSocketFactory;
|
||||
import org.apache.http.entity.AbstractHttpEntity;
|
||||
import org.apache.http.impl.client.DefaultHttpClient;
|
||||
import org.apache.http.impl.conn.SingleClientConnManager;
|
||||
@ -57,6 +59,7 @@ import java.io.InputStreamReader;
|
||||
import java.io.OutputStream;
|
||||
import java.io.StringWriter;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.KeyStore;
|
||||
import java.util.zip.GZIPOutputStream;
|
||||
|
||||
public class BasicHttpSyncer implements HttpSyncer {
|
||||
@ -152,7 +155,7 @@ public class BasicHttpSyncer implements HttpSyncer {
|
||||
|
||||
SchemeRegistry schemeRegistry = new SchemeRegistry();
|
||||
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
|
||||
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
|
||||
schemeRegistry.register(new Scheme("https", newSslSocketFactory(), 443));
|
||||
|
||||
HttpParams params = new BasicHttpParams();
|
||||
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
|
||||
@ -326,4 +329,27 @@ public class BasicHttpSyncer implements HttpSyncer {
|
||||
public HttpResponse register(String user, String pw) {
|
||||
return null;
|
||||
}
|
||||
|
||||
private SSLSocketFactory newSslSocketFactory() {
|
||||
try {
|
||||
KeyStore trusted = KeyStore.getInstance("BKS");
|
||||
InputStream in = AnkiDroidApp.getInstance().getApplicationContext().getResources().openRawResource(R.raw.ankiweb_cert);
|
||||
try {
|
||||
trusted.load(in, "mysecret".toCharArray());
|
||||
} finally {
|
||||
in.close();
|
||||
}
|
||||
SSLSocketFactory sf = new SSLSocketFactory(trusted);
|
||||
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
|
||||
return sf;
|
||||
} catch (Exception e) {
|
||||
Log.e(AnkiDroidApp.TAG, "Certificate error");
|
||||
// to update the ankiweb.cert:
|
||||
// 1. get http://bouncycastle.org/download/bcprov-jdk16-145.jar
|
||||
// 2. keytool -importcert -v -trustcacerts -file "path_to_cert/interm_ca.cer" -alias IntermediateCA -keystore "res/raw/ankiweb_cert" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype BKS -storepass mysecret
|
||||
// 3. copy ankiweb_cert to res/raw/
|
||||
throw new AssertionError(e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user