Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <jni.h>
- #include <stdio.h>
- #include <android/log.h>
- #include <android/asset_manager.h>
- #include <android/asset_manager_jni.h>
- #include <openssl/ssl.h>
- #include <openssl/asn1.h>
- #include <openssl/bio.h>
- #include <openssl/x509.h>
- #include <openssl/x509_vfy.h>
- #include <openssl/pem.h>
- #include <openssl/x509v3.h>
- #include <openssl/err.h>
- #include <openssl/conf.h>
- #include <string.h>
- using std::string;
- #define DEBUG_LOG_TAG "kaidul_SSL"
- #define SSL_ASSERT(X, ...) \
- if(!(X)) { \
- return 0; \
- }
- #define SSL_LOG(...) \
- printf(__VA_ARGS__);
- static int verify_certificate_hostname(X509 *cert, char *hostname) {
- int extcount;
- int success = 0;
- char name[256];
- X509_NAME *subj;
- const char *extstr;
- CONF_VALUE *nval;
- X509_EXTENSION *ext;
- X509V3_EXT_METHOD *meth;
- STACK_OF(CONF_VALUE) *val;
- void *ext_internal;
- if ((extcount = X509_get_ext_count(cert)) > 0) {
- for (int i = 0; !success && i < extcount; i++) {
- ext = X509_get_ext(cert, i);
- extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
- if (!strcasecmp(extstr, "subjectAltName")) {
- if (!(meth = X509V3_EXT_get(ext))) break;
- const unsigned char *data = ext->value->data;
- ext_internal = X509V3_EXT_d2i(ext);
- val = meth->i2v(meth, ext_internal, 0);
- for (int j = 0; j < sk_CONF_VALUE_num(val); j++) {
- nval = sk_CONF_VALUE_value(val, j);
- if (!strcasecmp(nval->name, "DNS") && !strcasecmp(nval->value, hostname)) {
- success = 1;
- break;
- }
- }
- }
- }
- }
- if (!success && (subj = X509_get_subject_name(cert)) && X509_NAME_get_text_by_NID(subj, NID_commonName, name, sizeof(name)) > 0) {
- name[sizeof(name) - 1] = '\0';
- if (!strcasecmp(name, hostname)) success = 1;
- }
- return success;
- }
- static int certificate_verifier_callback(void *ctx, void *arg)
- {
- SSL_LOG("Callback called for certificate verification.");
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
- char *hostname = "www.smartbabymonitor.ugrow.philips.com";
- X509_STORE_CTX store_ctx = X509_STORE_CTX(*(X509_STORE_CTX*)ctx);
- int rc = X509_verify_cert(&store_ctx);
- X509 *cert = X509_STORE_CTX_get_current_cert(&store_ctx);
- SSL_ASSERT(cert != NULL, "Server certificate invalid.");
- SSL_LOG("Server Certificate valid.");
- int err = X509_STORE_CTX_get_error(&store_ctx);
- switch(err) {
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- SSL_ASSERT(false, "Certificate is not valid yet.");
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- SSL_ASSERT(false, "Certificate is expired.");
- break;
- case X509_V_ERR_CRL_NOT_YET_VALID:
- SSL_ASSERT(false, "Certificate Revocation List is not yet valid.");
- break;
- case X509_V_ERR_CRL_HAS_EXPIRED:
- SSL_ASSERT(false, "Certificate Revocation List is expired.");
- break;
- default:
- break;
- }
- SSL_LOG("Certificate is up-to-date.");
- SSL_LOG("CRL list checking success.");
- /* Server Certificate hostnam+e verification */
- SSL_ASSERT(verify_certificate_hostname(cert, hostname) == 1, "Hostname verification failed.");
- SSL_LOG("Hostname verification success.");
- const char *path = "/home/nayeem/Desktop/philips_trusted_cert.pem";
- FILE* fp = fopen(path, "r");
- if(!fp) {
- SAFE_LOG("Unable to open local certificate.");
- __android_log_print(ANDROID_LOG_DEBUG, DEBUG_LOG_TAG, "\nUnable to open local certificate.\n");
- return 0;
- }
- fseek(fp, 0, SEEK_END);
- size_t size = ftell(fp);
- char* data = new char[size];
- rewind(fp);
- fread(data, sizeof(char), size, fp);
- fclose(fp);
- BIO *bio = BIO_new(BIO_s_mem());
- BIO_puts(bio, data);
- delete[] data;
- X509 *cert2 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
- BIO_free(bio);
- if(!cert2) {
- X509_free(cert);
- return 0;
- }
- EVP_PKEY *pkey = X509_get_pubkey(cert2);
- int result = X509_verify(cert, pkey);
- if(result > 0) {
- } else {
- }
- EVP_PKEY_free(pkey);
- X509_free(cert2);
- X509_free(cert);
- return result == 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement