Mercurial > 510Connectbot
comparison app/src/main/java/org/tn5250j/framework/transport/SSL/SSLImplementation.java @ 438:d29cce60f393
migrate from Eclipse to Android Studio
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Thu, 03 Dec 2015 11:23:55 -0800 |
parents | src/org/tn5250j/framework/transport/SSL/SSLImplementation.java@77ac18bc1b2f |
children |
comparison
equal
deleted
inserted
replaced
437:208b31032318 | 438:d29cce60f393 |
---|---|
1 package org.tn5250j.framework.transport.SSL; | |
2 | |
3 /* | |
4 * @(#)SSLImplementation.java | |
5 * @author Stephen M. Kennedy | |
6 * | |
7 * Copyright: Copyright (c) 2001 | |
8 * | |
9 * This program is free software; you can redistribute it and/or modify | |
10 * it under the terms of the GNU General Public License as published by | |
11 * the Free Software Foundation; either version 2, or (at your option) | |
12 * any later version. | |
13 * | |
14 * This program is distributed in the hope that it will be useful, | |
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
17 * GNU General Public License for more details. | |
18 * | |
19 * You should have received a copy of the GNU General Public License | |
20 * along with this software; see the file COPYING. If not, write to | |
21 * the Free Software Foundation, Inc., 59 Temple Place, Suite 330, | |
22 * Boston, MA 02111-1307 USA | |
23 * | |
24 */ | |
25 | |
26 import java.io.File; | |
27 import java.io.FileInputStream; | |
28 import java.io.FileOutputStream; | |
29 import java.net.Socket; | |
30 import java.security.KeyStore; | |
31 import java.security.cert.CertificateException; | |
32 import java.security.cert.X509Certificate; | |
33 | |
34 import javax.net.ssl.KeyManagerFactory; | |
35 import javax.net.ssl.SSLContext; | |
36 import javax.net.ssl.SSLSocket; | |
37 import javax.net.ssl.TrustManager; | |
38 import javax.net.ssl.TrustManagerFactory; | |
39 import javax.net.ssl.X509TrustManager; | |
40 | |
41 import com.five_ten_sg.connectbot.R; | |
42 import com.five_ten_sg.connectbot.service.TerminalBridge; | |
43 import com.five_ten_sg.connectbot.service.TerminalManager; | |
44 | |
45 import org.tn5250j.framework.transport.SSLInterface; | |
46 import android.util.Log; | |
47 | |
48 | |
49 /** | |
50 * <p> | |
51 * This class implements the SSLInterface and is used to create SSL socket | |
52 * instances. | |
53 * </p> | |
54 * | |
55 * @author Stephen M. Kennedy <skennedy@tenthpowertech.com> | |
56 * | |
57 */ | |
58 public class SSLImplementation implements SSLInterface, X509TrustManager { | |
59 private static final String TAG = "SSLImplementation"; | |
60 SSLContext sslContext = null; | |
61 KeyStore userks = null; | |
62 private String userKsPath; | |
63 private char[] userksPassword = "changeit".toCharArray(); | |
64 | |
65 TerminalBridge bridge = null; | |
66 TerminalManager manager = null; | |
67 String target = null; // destination:port | |
68 | |
69 KeyManagerFactory userkmf = null; | |
70 | |
71 TrustManagerFactory usertmf = null; | |
72 | |
73 TrustManager[] userTrustManagers = null; | |
74 | |
75 X509Certificate[] acceptedIssuers; | |
76 | |
77 public SSLImplementation(TerminalBridge bridge, TerminalManager manager) { | |
78 this.bridge = bridge; | |
79 this.manager = manager; | |
80 } | |
81 | |
82 public void init(String sslType, String homeDirectory) { | |
83 try { | |
84 Log.d(TAG, "Initializing User KeyStore"); | |
85 userKsPath = homeDirectory + File.separator + "keystore"; | |
86 File userKsFile = new File(userKsPath); | |
87 userks = KeyStore.getInstance(KeyStore.getDefaultType()); | |
88 userks.load(userKsFile.exists() ? new FileInputStream(userKsFile) | |
89 : null, userksPassword); | |
90 Log.d(TAG, "Initializing User Key Manager Factory"); | |
91 userkmf = KeyManagerFactory.getInstance(KeyManagerFactory | |
92 .getDefaultAlgorithm()); | |
93 userkmf.init(userks, userksPassword); | |
94 Log.d(TAG, "Initializing User Trust Manager Factory"); | |
95 usertmf = TrustManagerFactory.getInstance(TrustManagerFactory | |
96 .getDefaultAlgorithm()); | |
97 usertmf.init(userks); | |
98 userTrustManagers = usertmf.getTrustManagers(); | |
99 Log.d(TAG, "Initializing SSL Context"); | |
100 sslContext = SSLContext.getInstance(sslType); | |
101 sslContext.init(userkmf.getKeyManagers(), new TrustManager[] {this}, null); | |
102 } | |
103 catch (Exception ex) { | |
104 Log.e(TAG, "Error initializing SSL [" + ex.getMessage() + "]"); | |
105 } | |
106 } | |
107 | |
108 public Socket createSSLSocket(String destination, int port) { | |
109 if (sslContext == null) | |
110 throw new IllegalStateException("SSL Context Not Initialized"); | |
111 | |
112 SSLSocket socket = null; | |
113 | |
114 try { | |
115 target = destination + ":" + String.valueOf(port); | |
116 socket = (SSLSocket) sslContext.getSocketFactory().createSocket( | |
117 destination, port); | |
118 } | |
119 catch (Exception e) { | |
120 Log.e(TAG, "Error creating ssl socket [" + e.getMessage() + "]"); | |
121 } | |
122 | |
123 return socket; | |
124 } | |
125 | |
126 // X509TrustManager Methods | |
127 | |
128 /* | |
129 * (non-Javadoc) | |
130 * | |
131 * @see javax.net.ssl.X509TrustManager#getAcceptedIssuers() | |
132 */ | |
133 public X509Certificate[] getAcceptedIssuers() { | |
134 return acceptedIssuers; | |
135 } | |
136 | |
137 /* | |
138 * (non-Javadoc) | |
139 * | |
140 * @see | |
141 * javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert. | |
142 * X509Certificate[], java.lang.String) | |
143 */ | |
144 public void checkClientTrusted(X509Certificate[] arg0, String arg1) | |
145 throws CertificateException { | |
146 throw new SecurityException("checkClientTrusted unsupported"); | |
147 } | |
148 | |
149 /* | |
150 * (non-Javadoc) | |
151 * | |
152 * @see | |
153 * javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert. | |
154 * X509Certificate[], java.lang.String) | |
155 */ | |
156 public void checkServerTrusted(X509Certificate[] chain, String type) | |
157 throws CertificateException { | |
158 try { | |
159 for (int i = 0; i < userTrustManagers.length; i++) { | |
160 if (userTrustManagers[i] instanceof X509TrustManager) { | |
161 X509TrustManager trustManager = (X509TrustManager) userTrustManagers[i]; | |
162 X509Certificate[] calist = trustManager | |
163 .getAcceptedIssuers(); | |
164 | |
165 if (calist.length > 0) { | |
166 trustManager.checkServerTrusted(chain, type); | |
167 } | |
168 else { | |
169 throw new CertificateException( | |
170 "Empty list of accepted issuers (a.k.a. root CA list)."); | |
171 } | |
172 } | |
173 } | |
174 | |
175 return; | |
176 } | |
177 catch (CertificateException ce) { | |
178 X509Certificate cert = chain[0]; | |
179 String certInfo = manager.res.getString(R.string.host_cert_version) + cert.getVersion() + "\r\n"; | |
180 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_serial) + cert.getSerialNumber() + "\r\n"); | |
181 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_algorithm) + cert.getSigAlgName() + "\r\n"); | |
182 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_issuer) + cert.getIssuerDN().getName() + "\r\n"); | |
183 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_from) + cert.getNotBefore() + "\r\n"); | |
184 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_to) + cert.getNotAfter() + "\r\n"); | |
185 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_dn) + cert.getSubjectDN().getName() + "\r\n"); | |
186 certInfo = certInfo.concat(manager.res.getString(R.string.host_cert_publickey) + cert.getPublicKey().getFormat() + "\r\n"); | |
187 bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, target)); | |
188 bridge.outputLine(manager.res.getString(R.string.host_certificate, certInfo)); | |
189 Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_accept_certificate)); | |
190 | |
191 if ((result == null) || (!result.booleanValue())) { | |
192 throw new java.security.cert.CertificateException( | |
193 "Certificate Rejected"); | |
194 } | |
195 | |
196 result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_save_certificate)); | |
197 | |
198 if ((result != null) && (result.booleanValue())) { | |
199 try { | |
200 userks.setCertificateEntry(cert.getSubjectDN().getName(), | |
201 cert); | |
202 userks.store(new FileOutputStream(userKsPath), | |
203 userksPassword); | |
204 } | |
205 catch (Exception e) { | |
206 Log.e(TAG, "Error saving certificate [" + e.getMessage() | |
207 + "]"); | |
208 e.printStackTrace(); | |
209 } | |
210 } | |
211 } | |
212 } | |
213 } |