add ankiweb-cert to ssl

2024-09-20 12:02:16 +02:00 · 2012-06-03 16:09:04 +02:00 · 2012-06-03 16:09:04 +02:00 · c1458a3c19
commit c1458a3c19
parent 9a364d957b
5 changed files with 28 additions and 232 deletions
--- a/res/raw/ankiweb_cert
+++ b/res/raw/ankiweb_cert
--- a/src/com/byarger/exchangeit/EasySSLSocketFactory.java
+++ b/src/com/byarger/exchangeit/EasySSLSocketFactory.java
@ -1,136 +0,0 @@
-package com.byarger.exchangeit;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocket;
-import javax.net.ssl.TrustManager;
-
-import org.apache.http.conn.ConnectTimeoutException;
-import org.apache.http.conn.scheme.LayeredSocketFactory;
-import org.apache.http.params.HttpConnectionParams;
-import org.apache.http.params.HttpParams;
-
-/**
- * This socket factory will create ssl socket that accepts self signed
- * certificate
- * 
- * @author olamy
- * @version $Id: EasySSLSocketFactory.java 765355 2009-04-15 20:59:07Z evenisse
- *          $
- * @since 1.2.3
- */
-public class EasySSLSocketFactory implements LayeredSocketFactory {
-
-	private SSLContext sslcontext = null;
-
-	private static SSLContext createEasySSLContext() throws IOException {
-		try {
-			SSLContext context = SSLContext.getInstance("TLS");
-			context.init(null, new TrustManager[] { new EasyX509TrustManager(
-					null) }, null);
-			return context;
-		} catch (Exception e) {
-			throw new IOException(e.getMessage());
-		}
-	}
-
-	private SSLContext getSSLContext() throws IOException {
-		if (this.sslcontext == null) {
-			this.sslcontext = createEasySSLContext();
-		}
-		return this.sslcontext;
-	}
-
-	/**
-	 * @see org.apache.http.conn.scheme.SocketFactory#connectSocket(java.net.Socket,
-	 *      java.lang.String, int, java.net.InetAddress, int,
-	 *      org.apache.http.params.HttpParams)
-	 */
-	public Socket connectSocket(Socket sock, String host, int port,
-			InetAddress localAddress, int localPort, HttpParams params)
-			throws IOException, UnknownHostException, ConnectTimeoutException {
-		int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
-		int soTimeout = HttpConnectionParams.getSoTimeout(params);
-
-		InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
-		SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
-
-		if ((localAddress != null) || (localPort > 0)) {
-			// we need to bind explicitly
-			if (localPort < 0) {
-				localPort = 0; // indicates "any"
-			}
-			InetSocketAddress isa = new InetSocketAddress(localAddress,
-					localPort);
-			sslsock.bind(isa);
-		}
-
-		sslsock.connect(remoteAddress, connTimeout);
-		sslsock.setSoTimeout(soTimeout);
-		return sslsock;
-
-	}
-
-	/**
-	 * @see org.apache.http.conn.scheme.SocketFactory#createSocket()
-	 */
-	public Socket createSocket() throws IOException {
-		return getSSLContext().getSocketFactory().createSocket();
-	}
-
-	/**
-	 * @see org.apache.http.conn.scheme.SocketFactory#isSecure(java.net.Socket)
-	 */
-	public boolean isSecure(Socket socket) throws IllegalArgumentException {
-		return true;
-	}
-
-	/**
-	 * @see org.apache.http.conn.scheme.LayeredSocketFactory#createSocket(java.net.Socket,
-	 *      java.lang.String, int, boolean)
-	 */
-	public Socket createSocket(Socket socket, String host, int port,
-			boolean autoClose) throws IOException, UnknownHostException {
-        return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
-	}
-
-	// -------------------------------------------------------------------
-	// javadoc in org.apache.http.conn.scheme.SocketFactory says :
-	// Both Object.equals() and Object.hashCode() must be overridden
-	// for the correct operation of some connection managers
-	// -------------------------------------------------------------------
-
-	public boolean equals(Object obj) {
-		return ((obj != null) && obj.getClass().equals(
-				EasySSLSocketFactory.class));
-	}
-
-	public int hashCode() {
-		return EasySSLSocketFactory.class.hashCode();
-	}
-
-}
--- a/src/com/byarger/exchangeit/EasyX509TrustManager.java
+++ b/src/com/byarger/exchangeit/EasyX509TrustManager.java
@ -1,93 +0,0 @@
-package com.byarger.exchangeit;
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-/**
- * @author olamy
- * @version $Id: EasyX509TrustManager.java 765355 2009-04-15 20:59:07Z evenisse $
- * @since 1.2.3
- */
-public class EasyX509TrustManager
-    implements X509TrustManager
-{
-
-    private X509TrustManager standardTrustManager = null;
-
-    /**
-     * Constructor for EasyX509TrustManager.
-     */
-    public EasyX509TrustManager( KeyStore keystore )
-        throws NoSuchAlgorithmException, KeyStoreException
-    {
-        super();
-        TrustManagerFactory factory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
-        factory.init( keystore );
-        TrustManager[] trustmanagers = factory.getTrustManagers();
-        if ( trustmanagers.length == 0 )
-        {
-            throw new NoSuchAlgorithmException( "no trust manager found" );
-        }
-        this.standardTrustManager = (X509TrustManager) trustmanagers[0];
-    }
-
-    /**
-     * @see javax.net.ssl.X509TrustManager#checkClientTrusted(X509Certificate[],String authType)
-     */
-    public void checkClientTrusted( X509Certificate[] certificates, String authType )
-        throws CertificateException
-    {
-        standardTrustManager.checkClientTrusted( certificates, authType );
-    }
-
-    /**
-     * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],String authType)
-     */
-    public void checkServerTrusted( X509Certificate[] certificates, String authType )
-        throws CertificateException
-    {
-        if ( ( certificates != null ) && ( certificates.length == 1 ) )
-        {
-            certificates[0].checkValidity();
-        }
-        else
-        {
-            standardTrustManager.checkServerTrusted( certificates, authType );
-        }
-    }
-
-    /**
-     * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
-     */
-    public X509Certificate[] getAcceptedIssuers()
-    {
-        return this.standardTrustManager.getAcceptedIssuers();
-    }
-
-}
--- a/src/com/ichi2/libanki/Sched.java
+++ b/src/com/ichi2/libanki/Sched.java
@ -30,7 +30,6 @@ import android.util.Log;
 import android.util.Pair;

 import com.ichi2.anki.AnkiDroidApp;
-import com.ichi2.async.DeckTask.TaskData;

 import org.json.JSONArray;
 import org.json.JSONException;
--- a/src/com/ichi2/libanki/sync/BasicHttpSyncer.java
+++ b/src/com/ichi2/libanki/sync/BasicHttpSyncer.java
@ -16,9 +16,10 @@

 package com.ichi2.libanki.sync;

+import com.ichi2.anki2.R;
+
 import android.util.Log;

-import com.byarger.exchangeit.EasySSLSocketFactory;
 import com.ichi2.anki.AnkiDroidApp;
 import com.ichi2.async.Connection;
 import com.ichi2.libanki.Collection;
@ -34,6 +35,7 @@ import org.apache.http.conn.params.ConnPerRouteBean;
 import org.apache.http.conn.scheme.PlainSocketFactory;
 import org.apache.http.conn.scheme.Scheme;
 import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.entity.AbstractHttpEntity;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.conn.SingleClientConnManager;
@ -57,6 +59,7 @@ import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.io.StringWriter;
 import java.io.UnsupportedEncodingException;
+import java.security.KeyStore;
 import java.util.zip.GZIPOutputStream;

 public class BasicHttpSyncer implements HttpSyncer {
@ -152,7 +155,7 @@ public class BasicHttpSyncer implements HttpSyncer {

 	        SchemeRegistry schemeRegistry = new SchemeRegistry();
 	        schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
-	        schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
+	        schemeRegistry.register(new Scheme("https", newSslSocketFactory(), 443));
 	         
 	        HttpParams params = new BasicHttpParams();
 	        params.setParameter(ConnManagerPNames.MAX_TOTAL_CONNECTIONS, 30);
@ -326,4 +329,27 @@ public class BasicHttpSyncer implements HttpSyncer {
 	public HttpResponse register(String user, String pw) {
 		return null;
 	}
+
+	private SSLSocketFactory newSslSocketFactory() {
+	    try {
+	        KeyStore trusted = KeyStore.getInstance("BKS");
+	        InputStream in = AnkiDroidApp.getInstance().getApplicationContext().getResources().openRawResource(R.raw.ankiweb_cert);
+	        try {
+	            trusted.load(in, "mysecret".toCharArray());
+	        } finally {
+	            in.close();
+	        }
+	        SSLSocketFactory sf = new SSLSocketFactory(trusted);
+	        sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+	        return sf;
+	    } catch (Exception e) {
+	    	Log.e(AnkiDroidApp.TAG, "Certificate error");
+	    	// to update the ankiweb.cert:
+	    	// 1. get http://bouncycastle.org/download/bcprov-jdk16-145.jar
+	    	// 2. keytool -importcert -v -trustcacerts -file "path_to_cert/interm_ca.cer" -alias IntermediateCA -keystore "res/raw/ankiweb_cert" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "path_to_bouncycastle/bcprov-jdk16-145.jar" -storetype BKS -storepass mysecret
+	    	// 3. copy ankiweb_cert to res/raw/
+	        throw new AssertionError(e);
+	    }
+	}
+
 }