API tools faq
paste
Advertisement
XaskeL

Untitled

XaskeL
Oct 17th, 2019
254
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.02 KB | None | 0 0
raw download clone embed print report
  1. package io.fabric.sdk.android.services.network;
  2.  
  3. import io.fabric.sdk.android.Fabric;
  4. import io.fabric.sdk.android.Logger;
  5. import java.security.KeyStoreException;
  6. import java.security.MessageDigest;
  7. import java.security.NoSuchAlgorithmException;
  8. import java.security.cert.CertificateException;
  9. import java.security.cert.X509Certificate;
  10. import java.util.Arrays;
  11. import java.util.Collections;
  12. import java.util.HashSet;
  13. import java.util.LinkedList;
  14. import java.util.List;
  15. import java.util.Set;
  16. import javax.net.ssl.TrustManager;
  17. import javax.net.ssl.TrustManagerFactory;
  18. import javax.net.ssl.X509TrustManager;
  19.  
  20. class PinningTrustManager implements X509TrustManager {
  21. private static final X509Certificate[] NO_ISSUERS = new X509Certificate[0];
  22. private static final long PIN_FRESHNESS_DURATION_MILLIS = 15552000000L;
  23. private final Set<X509Certificate> cache = Collections.synchronizedSet(new HashSet());
  24. private final long pinCreationTimeMillis;
  25. private final List<byte[]> pins = new LinkedList();
  26. private final SystemKeyStore systemKeyStore;
  27. private final TrustManager[] systemTrustManagers;
  28.  
  29. public PinningTrustManager(SystemKeyStore systemKeyStore2, PinningInfoProvider pinningInfoProvider) {
  30. this.systemTrustManagers = initializeSystemTrustManagers(systemKeyStore2);
  31. this.systemKeyStore = systemKeyStore2;
  32. this.pinCreationTimeMillis = pinningInfoProvider.getPinCreationTimeInMillis();
  33. for (String hexStringToByteArray : pinningInfoProvider.getPins()) {
  34. this.pins.add(hexStringToByteArray(hexStringToByteArray));
  35. }
  36. }
  37.  
  38. private TrustManager[] initializeSystemTrustManagers(SystemKeyStore systemKeyStore2) {
  39. try {
  40. TrustManagerFactory instance = TrustManagerFactory.getInstance("X509");
  41. instance.init(systemKeyStore2.trustStore);
  42. return instance.getTrustManagers();
  43. } catch (NoSuchAlgorithmException e) {
  44. throw new AssertionError(e);
  45. } catch (KeyStoreException e2) {
  46. throw new AssertionError(e2);
  47. }
  48. }
  49.  
  50. private boolean isValidPin(X509Certificate x509Certificate) throws CertificateException {
  51. try {
  52. byte[] digest = MessageDigest.getInstance("SHA1").digest(x509Certificate.getPublicKey().getEncoded());
  53. for (byte[] equals : this.pins) {
  54. if (Arrays.equals(equals, digest)) {
  55. return true;
  56. }
  57. }
  58. return false;
  59. } catch (NoSuchAlgorithmException e) {
  60. throw new CertificateException(e);
  61. }
  62. }
  63.  
  64. private void checkSystemTrust(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
  65. for (TrustManager trustManager : this.systemTrustManagers) {
  66. ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
  67. }
  68. }
  69.  
  70. private void checkPinTrust(X509Certificate[] x509CertificateArr) throws CertificateException {
  71. if (this.pinCreationTimeMillis == -1 || System.currentTimeMillis() - this.pinCreationTimeMillis <= PIN_FRESHNESS_DURATION_MILLIS) {
  72. X509Certificate[] cleanChain = CertificateChainCleaner.getCleanChain(x509CertificateArr, this.systemKeyStore);
  73. int length = cleanChain.length;
  74. int i = 0;
  75. while (i < length) {
  76. if (!isValidPin(cleanChain[i])) {
  77. i++;
  78. } else {
  79. return;
  80. }
  81. }
  82. throw new CertificateException("No valid pins found in chain!");
  83. }
  84. Logger logger = Fabric.getLogger();
  85. String str = Fabric.TAG;
  86. StringBuilder sb = new StringBuilder();
  87. sb.append("Certificate pins are stale, (");
  88. sb.append(System.currentTimeMillis() - this.pinCreationTimeMillis);
  89. sb.append(" millis vs ");
  90. sb.append(PIN_FRESHNESS_DURATION_MILLIS);
  91. sb.append(" millis) falling back to system trust.");
  92. logger.w(str, sb.toString());
  93. }
  94.  
  95. public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
  96. throw new CertificateException("Client certificates not supported!");
  97. }
  98.  
  99. public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
  100. if (!this.cache.contains(x509CertificateArr[0])) {
  101. checkSystemTrust(x509CertificateArr, str);
  102. checkPinTrust(x509CertificateArr);
  103. this.cache.add(x509CertificateArr[0]);
  104. }
  105. }
  106.  
  107. public X509Certificate[] getAcceptedIssuers() {
  108. return NO_ISSUERS;
  109. }
  110.  
  111. private byte[] hexStringToByteArray(String str) {
  112. int length = str.length();
  113. byte[] bArr = new byte[(length / 2)];
  114. for (int i = 0; i < length; i += 2) {
  115. bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
  116. }
  117. return bArr;
  118. }
  119. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!