Mercurial > 510Connectbot

comparison app/src/main/java/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 438:d29cce60f393

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
migrate from Eclipse to Android Studio
author Carl Byington <carl@five-ten-sg.com>
date Thu, 03 Dec 2015 11:23:55 -0800
parents src/org/tn5250j/framework/transport/SSL/SSLImplementation.java@77ac18bc1b2f
children
comparison
equal deleted inserted replaced
437:208b31032318 438:d29cce60f393
1 package org.tn5250j.framework.transport.SSL;
2
3 /*
4 * @(#)SSLImplementation.java
5 * @author Stephen M. Kennedy
6 *
7 * Copyright: Copyright (c) 2001
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2, or (at your option)
12 * any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this software; see the file COPYING. If not, write to
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330,
22 * Boston, MA 02111-1307 USA
23 *
24 */
25
26 import java.io.File;
27 import java.io.FileInputStream;
28 import java.io.FileOutputStream;
29 import java.net.Socket;
30 import java.security.KeyStore;
31 import java.security.cert.CertificateException;
32 import java.security.cert.X509Certificate;
33
34 import javax.net.ssl.KeyManagerFactory;
35 import javax.net.ssl.SSLContext;
36 import javax.net.ssl.SSLSocket;
37 import javax.net.ssl.TrustManager;
38 import javax.net.ssl.TrustManagerFactory;
39 import javax.net.ssl.X509TrustManager;
40
41 import com.five_ten_sg.connectbot.R;
42 import com.five_ten_sg.connectbot.service.TerminalBridge;
43 import com.five_ten_sg.connectbot.service.TerminalManager;
44
45 import org.tn5250j.framework.transport.SSLInterface;
46 import android.util.Log;
47
48
49 /**
50 * <p>
51 * This class implements the SSLInterface and is used to create SSL socket
52 * instances.
53 * </p>
54 *
55 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com>
56 *
57 */
58 public class SSLImplementation implements SSLInterface, X509TrustManager {
59 private static final String TAG = "SSLImplementation";
60 SSLContext sslContext = null;
61 KeyStore userks = null;
62 private String userKsPath;
63 private char[] userksPassword = "changeit".toCharArray();
64
65 TerminalBridge bridge = null;
66 TerminalManager manager = null;
67 String target = null; // destination:port
68
69 KeyManagerFactory userkmf = null;
70
71 TrustManagerFactory usertmf = null;
72
73 TrustManager[] userTrustManagers = null;
74
75 X509Certificate[] acceptedIssuers;
76
77 public SSLImplementation(TerminalBridge bridge, TerminalManager manager) {
78 this.bridge = bridge;
79 this.manager = manager;
80 }
81
82 public void init(String sslType, String homeDirectory) {
83 try {
84 Log.d(TAG, "Initializing User KeyStore");
85 userKsPath = homeDirectory + File.separator + "keystore";
86 File userKsFile = new File(userKsPath);
87 userks = KeyStore.getInstance(KeyStore.getDefaultType());
88 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile)
89 : null, userksPassword);
90 Log.d(TAG, "Initializing User Key Manager Factory");
91 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory
92 .getDefaultAlgorithm());
93 userkmf.init(userks, userksPassword);
94 Log.d(TAG, "Initializing User Trust Manager Factory");
95 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory
96 .getDefaultAlgorithm());
97 usertmf.init(userks);
98 userTrustManagers = usertmf.getTrustManagers();
99 Log.d(TAG, "Initializing SSL Context");
100 sslContext = SSLContext.getInstance(sslType);
101 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null);
102 }
103 catch (Exception ex) {
104 Log.e(TAG, "Error initializing SSL [" + ex.getMessage() + "]");
105 }
106 }
107
108 public Socket createSSLSocket(String destination, int port) {
109 if (sslContext == null)
110 throw new IllegalStateException("SSL Context Not Initialized");
111
112 SSLSocket socket = null;
113
114 try {
115 target = destination + ":" + String.valueOf(port);
116 socket = (SSLSocket) sslContext.getSocketFactory().createSocket(
117 destination, port);
118 }
119 catch (Exception e) {
120 Log.e(TAG, "Error creating ssl socket [" + e.getMessage() + "]");
121 }
122
123 return socket;
124 }
125
126 // X509TrustManager Methods
127
128 /*
129 * (non-Javadoc)
130 *
131 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()
132 */
133 public X509Certificate[] getAcceptedIssuers() {
134 return acceptedIssuers;
135 }
136
137 /*
138 * (non-Javadoc)
139 *
140 * @see
141 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.
142 * X509Certificate[], java.lang.String)
143 */
144 public void checkClientTrusted(X509Certificate[] arg0, String arg1)
145 throws CertificateException {
146 throw new SecurityException("checkClientTrusted unsupported");
147 }
148
149 /*
150 * (non-Javadoc)
151 *
152 * @see
153 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.
154 * X509Certificate[], java.lang.String)
155 */
156 public void checkServerTrusted(X509Certificate[] chain, String type)
157 throws CertificateException {
158 try {
159 for (int i = 0; i < userTrustManagers.length; i++) {
160 if (userTrustManagers[i] instanceof X509TrustManager) {
161 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i];
162 X509Certificate[] calist = trustManager
163 .getAcceptedIssuers();
164
165 if (calist.length > 0) {
166 trustManager.checkServerTrusted(chain, type);
167 }
168 else {
169 throw new CertificateException(
170 "Empty list of accepted issuers (a.k.a. root CA list).");
171 }
172 }
173 }
174
175 return;
176 }
177 catch (CertificateException ce) {
178 X509Certificate cert = chain[0];
179 String certInfo = manager.res.getString(R.string.host_cert_version) + cert.getVersion() + "\r\n";
180 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_serial) + cert.getSerialNumber() + "\r\n");
181 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_algorithm) + cert.getSigAlgName() + "\r\n");
182 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_issuer) + cert.getIssuerDN().getName() + "\r\n");
183 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_from) + cert.getNotBefore() + "\r\n");
184 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_to) + cert.getNotAfter() + "\r\n");
185 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_dn) + cert.getSubjectDN().getName() + "\r\n");
186 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_publickey) + cert.getPublicKey().getFormat() + "\r\n");
187 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target));
188 bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo));
189 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate));
190
191 if ((result == null) || (!result.booleanValue())) {
192 throw new java.security.cert.CertificateException(
193 "Certificate Rejected");
194 }
195
196 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate));
197
198 if ((result != null) && (result.booleanValue())) {
199 try {
200 userks.setCertificateEntry(cert.getSubjectDN().getName(),
201 cert);
202 userks.store(new FileOutputStream(userKsPath),
203 userksPassword);
204 }
205 catch (Exception e) {
206 Log.e(TAG, "Error saving certificate [" + e.getMessage()
207 + "]");
208 e.printStackTrace();
209 }
210 }
211 }
212 }
213 }