mirror of
https://github.com/ankidroid/Anki-Android.git
synced 2024-09-20 12:02:16 +02:00
add ankiweb-cert to ssl
This commit is contained in:
parent
9a364d957b
commit
c1458a3c19
BIN
res/raw/ankiweb_cert
Normal file
BIN
res/raw/ankiweb_cert
Normal file
Binary file not shown.
@ -1,136 +0,0 @@
|
|||||||
package com.byarger.exchangeit;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.net.Socket;
|
|
||||||
import java.net.UnknownHostException;
|
|
||||||
|
|
||||||
import javax.net.ssl.SSLContext;
|
|
||||||
import javax.net.ssl.SSLSocket;
|
|
||||||
import javax.net.ssl.TrustManager;
|
|
||||||
|
|
||||||
import org.apache.http.conn.ConnectTimeoutException;
|
|
||||||
import org.apache.http.conn.scheme.LayeredSocketFactory;
|
|
||||||
import org.apache.http.params.HttpConnectionParams;
|
|
||||||
import org.apache.http.params.HttpParams;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This socket factory will create ssl socket that accepts self signed
|
|
||||||
* certificate
|
|
||||||
*
|
|
||||||
* @author olamy
|
|
||||||
* @version $Id: EasySSLSocketFactory.java 765355 2009-04-15 20:59:07Z evenisse
|
|
||||||
* $
|
|
||||||
* @since 1.2.3
|
|
||||||
*/
|
|
||||||
public class EasySSLSocketFactory implements LayeredSocketFactory {
|
|
||||||
|
|
||||||
private SSLContext sslcontext = null;
|
|
||||||
|
|
||||||
private static SSLContext createEasySSLContext() throws IOException {
|
|
||||||
try {
|
|
||||||
SSLContext context = SSLContext.getInstance("TLS");
|
|
||||||
context.init(null, new TrustManager[] { new EasyX509TrustManager(
|
|
||||||
null) }, null);
|
|
||||||
return context;
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new IOException(e.getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private SSLContext getSSLContext() throws IOException {
|
|
||||||
if (this.sslcontext == null) {
|
|
||||||
this.sslcontext = createEasySSLContext();
|
|
||||||
}
|
|
||||||
return this.sslcontext;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.apache.http.conn.scheme.SocketFactory#connectSocket(java.net.Socket,
|
|
||||||
* java.lang.String, int, java.net.InetAddress, int,
|
|
||||||
* org.apache.http.params.HttpParams)
|
|
||||||
*/
|
|
||||||
public Socket connectSocket(Socket sock, String host, int port,
|
|
||||||
InetAddress localAddress, int localPort, HttpParams params)
|
|
||||||
throws IOException, UnknownHostException, ConnectTimeoutException {
|
|
||||||
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
|
|
||||||
int soTimeout = HttpConnectionParams.getSoTimeout(params);
|
|
||||||
|
|
||||||
InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
|
|
||||||
SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
|
|
||||||
|
|
||||||
if ((localAddress != null) || (localPort > 0)) {
|
|
||||||
// we need to bind explicitly
|
|
||||||
if (localPort < 0) {
|
|
||||||
localPort = 0; // indicates "any"
|
|
||||||
}
|
|
||||||
InetSocketAddress isa = new InetSocketAddress(localAddress,
|
|
||||||
localPort);
|
|
||||||
sslsock.bind(isa);
|
|
||||||
}
|
|
||||||
|
|
||||||
sslsock.connect(remoteAddress, connTimeout);
|
|
||||||
sslsock.setSoTimeout(soTimeout);
|
|
||||||
return sslsock;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.apache.http.conn.scheme.SocketFactory#createSocket()
|
|
||||||
*/
|
|
||||||
public Socket createSocket() throws IOException {
|
|
||||||
return getSSLContext().getSocketFactory().createSocket();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.apache.http.conn.scheme.SocketFactory#isSecure(java.net.Socket)
|
|
||||||
*/
|
|
||||||
public boolean isSecure(Socket socket) throws IllegalArgumentException {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see org.apache.http.conn.scheme.LayeredSocketFactory#createSocket(java.net.Socket,
|
|
||||||
* java.lang.String, int, boolean)
|
|
||||||
*/
|
|
||||||
public Socket createSocket(Socket socket, String host, int port,
|
|
||||||
boolean autoClose) throws IOException, UnknownHostException {
|
|
||||||
return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
|
|
||||||
}
|
|
||||||
|
|
||||||
// -------------------------------------------------------------------
|
|
||||||
// javadoc in org.apache.http.conn.scheme.SocketFactory says :
|
|
||||||
// Both Object.equals() and Object.hashCode() must be overridden
|
|
||||||
// for the correct operation of some connection managers
|
|
||||||
// -------------------------------------------------------------------
|
|
||||||
|
|
||||||
public boolean equals(Object obj) {
|
|
||||||
return ((obj != null) && obj.getClass().equals(
|
|
||||||
EasySSLSocketFactory.class));
|
|
||||||
}
|
|
||||||
|
|
||||||
public int hashCode() {
|
|
||||||
return EasySSLSocketFactory.class.hashCode();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,93 +0,0 @@
|
|||||||
package com.byarger.exchangeit;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one
|
|
||||||
* or more contributor license agreements. See the NOTICE file
|
|
||||||
* distributed with this work for additional information
|
|
||||||
* regarding copyright ownership. The ASF licenses this file
|
|
||||||
* to you under the Apache License, Version 2.0 (the
|
|
||||||
* "License"); you may not use this file except in compliance
|
|
||||||
* with the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing,
|
|
||||||
* software distributed under the License is distributed on an
|
|
||||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
||||||
* KIND, either express or implied. See the License for the
|
|
||||||
* specific language governing permissions and limitations
|
|
||||||
* under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
import java.security.KeyStore;
|
|
||||||
import java.security.KeyStoreException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.security.cert.CertificateException;
|
|
||||||
import java.security.cert.X509Certificate;
|
|
||||||
|
|
||||||
import javax.net.ssl.TrustManager;
|
|
||||||
import javax.net.ssl.TrustManagerFactory;
|
|
||||||
import javax.net.ssl.X509TrustManager;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @author olamy
|
|
||||||
* @version $Id: EasyX509TrustManager.java 765355 2009-04-15 20:59:07Z evenisse $
|
|
||||||
* @since 1.2.3
|
|
||||||
*/
|
|
||||||
public class EasyX509TrustManager
|
|
||||||
implements X509TrustManager
|
|
||||||
{
|
|
||||||
|
|
||||||
private X509TrustManager standardTrustManager = null;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Constructor for EasyX509TrustManager.
|
|
||||||
*/
|
|
||||||
public EasyX509TrustManager( KeyStore keystore )
|
|
||||||
throws NoSuchAlgorithmException, KeyStoreException
|
|
||||||
{
|
|
||||||
super();
|
|
||||||
TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
|
|
||||||
factory.init( keystore );
|
|
||||||
TrustManager[] trustmanagers = factory.getTrustManagers();
|
|
||||||
if ( trustmanagers.length == 0 )
|
|
||||||
{
|
|
||||||
throw new NoSuchAlgorithmException( "no trust manager found" );
|
|
||||||
}
|
|
||||||
this.standardTrustManager = (X509TrustManager) trustmanagers[0];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
|
|
||||||
*/
|
|
||||||
public void checkClientTrusted( X509Certificate[] certificates, String authType )
|
|
||||||
throws CertificateException
|
|
||||||
{
|
|
||||||
standardTrustManager.checkClientTrusted( certificates, authType );
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
|
|
||||||
*/
|
|
||||||
public void checkServerTrusted( X509Certificate[] certificates, String authType )
|
|
||||||
throws CertificateException
|
|
||||||
{
|
|
||||||
if ( ( certificates != null ) && ( certificates.length == 1 ) )
|
|
||||||
{
|
|
||||||
certificates[0].checkValidity();
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
standardTrustManager.checkServerTrusted( certificates, authType );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
|
|
||||||
*/
|
|
||||||
public X509Certificate[] getAcceptedIssuers()
|
|
||||||
{
|
|
||||||
return this.standardTrustManager.getAcceptedIssuers();
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -30,7 +30,6 @@ import android.util.Log;
|
|||||||
import android.util.Pair;
|
import android.util.Pair;
|
||||||
|
|
||||||
import com.ichi2.anki.AnkiDroidApp;
|
import com.ichi2.anki.AnkiDroidApp;
|
||||||
import com.ichi2.async.DeckTask.TaskData;
|
|
||||||
|
|
||||||
import org.json.JSONArray;
|
import org.json.JSONArray;
|
||||||
import org.json.JSONException;
|
import org.json.JSONException;
|
||||||
|
@ -16,9 +16,10 @@
|
|||||||
|
|
||||||
package com.ichi2.libanki.sync;
|
package com.ichi2.libanki.sync;
|
||||||
|
|
||||||
|
import com.ichi2.anki2.R;
|
||||||
|
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
|
|
||||||
import com.byarger.exchangeit.EasySSLSocketFactory;
|
|
||||||
import com.ichi2.anki.AnkiDroidApp;
|
import com.ichi2.anki.AnkiDroidApp;
|
||||||
import com.ichi2.async.Connection;
|
import com.ichi2.async.Connection;
|
||||||
import com.ichi2.libanki.Collection;
|
import com.ichi2.libanki.Collection;
|
||||||
@ -34,6 +35,7 @@ import org.apache.http.conn.params.ConnPerRouteBean;
|
|||||||
import org.apache.http.conn.scheme.PlainSocketFactory;
|
import org.apache.http.conn.scheme.PlainSocketFactory;
|
||||||
import org.apache.http.conn.scheme.Scheme;
|
import org.apache.http.conn.scheme.Scheme;
|
||||||
import org.apache.http.conn.scheme.SchemeRegistry;
|
import org.apache.http.conn.scheme.SchemeRegistry;
|
||||||
|
import org.apache.http.conn.ssl.SSLSocketFactory;
|
||||||
import org.apache.http.entity.AbstractHttpEntity;
|
import org.apache.http.entity.AbstractHttpEntity;
|
||||||
import org.apache.http.impl.client.DefaultHttpClient;
|
import org.apache.http.impl.client.DefaultHttpClient;
|
||||||
import org.apache.http.impl.conn.SingleClientConnManager;
|
import org.apache.http.impl.conn.SingleClientConnManager;
|
||||||
@ -57,6 +59,7 @@ import java.io.InputStreamReader;
|
|||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.io.StringWriter;
|
import java.io.StringWriter;
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
|
import java.security.KeyStore;
|
||||||
import java.util.zip.GZIPOutputStream;
|
import java.util.zip.GZIPOutputStream;
|
||||||
|
|
||||||
public class BasicHttpSyncer implements HttpSyncer {
|
public class BasicHttpSyncer implements HttpSyncer {
|
||||||
@ -152,7 +155,7 @@ public class BasicHttpSyncer implements HttpSyncer {
|
|||||||
|
|
||||||
SchemeRegistry schemeRegistry = new SchemeRegistry();
|
SchemeRegistry schemeRegistry = new SchemeRegistry();
|
||||||
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
|
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
|
||||||
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
|
schemeRegistry.register(new Scheme("https", newSslSocketFactory(), 443));
|
||||||
|
|
||||||
HttpParams params = new BasicHttpParams();
|
HttpParams params = new BasicHttpParams();
|
||||||
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
|
params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
|
||||||
@ -326,4 +329,27 @@ public class BasicHttpSyncer implements HttpSyncer {
|
|||||||
public HttpResponse register(String user, String pw) {
|
public HttpResponse register(String user, String pw) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private SSLSocketFactory newSslSocketFactory() {
|
||||||
|
try {
|
||||||
|
KeyStore trusted = KeyStore.getInstance("BKS");
|
||||||
|
InputStream in = AnkiDroidApp.getInstance().getApplicationContext().getResources().openRawResource(R.raw.ankiweb_cert);
|
||||||
|
try {
|
||||||
|
trusted.load(in, "mysecret".toCharArray());
|
||||||
|
} finally {
|
||||||
|
in.close();
|
||||||
|
}
|
||||||
|
SSLSocketFactory sf = new SSLSocketFactory(trusted);
|
||||||
|
sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
|
||||||
|
return sf;
|
||||||
|
} catch (Exception e) {
|
||||||
|
Log.e(AnkiDroidApp.TAG, "Certificate error");
|
||||||
|
// to update the ankiweb.cert:
|
||||||
|
// 1. get http://bouncycastle.org/download/bcprov-jdk16-145.jar
|
||||||
|
// 2. keytool -importcert -v -trustcacerts -file "path_to_cert/interm_ca.cer" -alias IntermediateCA -keystore "res/raw/ankiweb_cert" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype BKS -storepass mysecret
|
||||||
|
// 3. copy ankiweb_cert to res/raw/
|
||||||
|
throw new AssertionError(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user