XaskeL

Untitled

Oct 17th, 2019
118
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. package io.fabric.sdk.android.services.network;
  2.  
  3. import io.fabric.sdk.android.Fabric;
  4. import io.fabric.sdk.android.Logger;
  5. import java.security.KeyStoreException;
  6. import java.security.MessageDigest;
  7. import java.security.NoSuchAlgorithmException;
  8. import java.security.cert.CertificateException;
  9. import java.security.cert.X509Certificate;
  10. import java.util.Arrays;
  11. import java.util.Collections;
  12. import java.util.HashSet;
  13. import java.util.LinkedList;
  14. import java.util.List;
  15. import java.util.Set;
  16. import javax.net.ssl.TrustManager;
  17. import javax.net.ssl.TrustManagerFactory;
  18. import javax.net.ssl.X509TrustManager;
  19.  
  20. class PinningTrustManager implements X509TrustManager {
  21. private static final X509Certificate[] NO_ISSUERS = new X509Certificate[0];
  22. private static final long PIN_FRESHNESS_DURATION_MILLIS = 15552000000L;
  23. private final Set<X509Certificate> cache = Collections.synchronizedSet(new HashSet());
  24. private final long pinCreationTimeMillis;
  25. private final List<byte[]> pins = new LinkedList();
  26. private final SystemKeyStore systemKeyStore;
  27. private final TrustManager[] systemTrustManagers;
  28.  
  29. public PinningTrustManager(SystemKeyStore systemKeyStore2, PinningInfoProvider pinningInfoProvider) {
  30. this.systemTrustManagers = initializeSystemTrustManagers(systemKeyStore2);
  31. this.systemKeyStore = systemKeyStore2;
  32. this.pinCreationTimeMillis = pinningInfoProvider.getPinCreationTimeInMillis();
  33. for (String hexStringToByteArray : pinningInfoProvider.getPins()) {
  34. this.pins.add(hexStringToByteArray(hexStringToByteArray));
  35. }
  36. }
  37.  
  38. private TrustManager[] initializeSystemTrustManagers(SystemKeyStore systemKeyStore2) {
  39. try {
  40. TrustManagerFactory instance = TrustManagerFactory.getInstance("X509");
  41. instance.init(systemKeyStore2.trustStore);
  42. return instance.getTrustManagers();
  43. } catch (NoSuchAlgorithmException e) {
  44. throw new AssertionError(e);
  45. } catch (KeyStoreException e2) {
  46. throw new AssertionError(e2);
  47. }
  48. }
  49.  
  50. private boolean isValidPin(X509Certificate x509Certificate) throws CertificateException {
  51. try {
  52. byte[] digest = MessageDigest.getInstance("SHA1").digest(x509Certificate.getPublicKey().getEncoded());
  53. for (byte[] equals : this.pins) {
  54. if (Arrays.equals(equals, digest)) {
  55. return true;
  56. }
  57. }
  58. return false;
  59. } catch (NoSuchAlgorithmException e) {
  60. throw new CertificateException(e);
  61. }
  62. }
  63.  
  64. private void checkSystemTrust(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
  65. for (TrustManager trustManager : this.systemTrustManagers) {
  66. ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
  67. }
  68. }
  69.  
  70. private void checkPinTrust(X509Certificate[] x509CertificateArr) throws CertificateException {
  71. if (this.pinCreationTimeMillis == -1 || System.currentTimeMillis() - this.pinCreationTimeMillis <= PIN_FRESHNESS_DURATION_MILLIS) {
  72. X509Certificate[] cleanChain = CertificateChainCleaner.getCleanChain(x509CertificateArr, this.systemKeyStore);
  73. int length = cleanChain.length;
  74. int i = 0;
  75. while (i < length) {
  76. if (!isValidPin(cleanChain[i])) {
  77. i++;
  78. } else {
  79. return;
  80. }
  81. }
  82. throw new CertificateException("No valid pins found in chain!");
  83. }
  84. Logger logger = Fabric.getLogger();
  85. String str = Fabric.TAG;
  86. StringBuilder sb = new StringBuilder();
  87. sb.append("Certificate pins are stale, (");
  88. sb.append(System.currentTimeMillis() - this.pinCreationTimeMillis);
  89. sb.append(" millis vs ");
  90. sb.append(PIN_FRESHNESS_DURATION_MILLIS);
  91. sb.append(" millis) falling back to system trust.");
  92. logger.w(str, sb.toString());
  93. }
  94.  
  95. public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
  96. throw new CertificateException("Client certificates not supported!");
  97. }
  98.  
  99. public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
  100. if (!this.cache.contains(x509CertificateArr[0])) {
  101. checkSystemTrust(x509CertificateArr, str);
  102. checkPinTrust(x509CertificateArr);
  103. this.cache.add(x509CertificateArr[0]);
  104. }
  105. }
  106.  
  107. public X509Certificate[] getAcceptedIssuers() {
  108. return NO_ISSUERS;
  109. }
  110.  
  111. private byte[] hexStringToByteArray(String str) {
  112. int length = str.length();
  113. byte[] bArr = new byte[(length / 2)];
  114. for (int i = 0; i < length; i += 2) {
  115. bArr[i / 2] = (byte) ((Character.digit(str.charAt(i), 16) << 4) + Character.digit(str.charAt(i + 1), 16));
  116. }
  117. return bArr;
  118. }
  119. }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×