/** * Constructor for AdvancedX509TrustManager * * @param knownServersKeyStore Local certificates store with server certificates explicitly trusted by the user. * @throws CertStoreException When no default X509TrustManager instance was found in the system. */ public AdvancedX509TrustManager(KeyStore knownServersKeyStore) throws NoSuchAlgorithmException, KeyStoreException, CertStoreException { super(); TrustManagerFactory factory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init((KeyStore)null); mStandardTrustManager = findX509TrustManager(factory); mKnownServersKeyStore = knownServersKeyStore; }
if (!isKnownServer(certificates[0])) { CertificateCombinedException result = new CertificateCombinedException(certificates[0]); try {
public static AdvancedSslSocketFactory getAdvancedSslSocketFactory(Context context) throws GeneralSecurityException, IOException { if (mAdvancedSslSocketFactory == null) { KeyStore trustStore = getKnownServersStore(context); AdvancedX509TrustManager trustMgr = new AdvancedX509TrustManager(trustStore); TrustManager[] tms = new TrustManager[] { trustMgr }; SSLContext sslContext; try { sslContext = SSLContext.getInstance("TLSv1.2"); } catch (NoSuchAlgorithmException e) { Log_OC.w(TAG, "TLSv1.2 is not supported in this device; falling through TLSv1.0"); sslContext = SSLContext.getInstance("TLSv1"); // should be available in any device; see reference of supported protocols in // http://developer.android.com/reference/javax/net/ssl/SSLSocket.html } sslContext.init(null, tms, null); mHostnameVerifier = new BrowserCompatHostnameVerifier(); mAdvancedSslSocketFactory = new AdvancedSslSocketFactory(sslContext, trustMgr, mHostnameVerifier); } return mAdvancedSslSocketFactory; }
if (!isKnownServer(certificates[0])) { CertificateCombinedException result = new CertificateCombinedException(certificates[0]); try {
public static OkHttpClient getOkHttpClient() { if (sOkHttpClient == null) { try { final X509TrustManager trustManager = new AdvancedX509TrustManager( NetworkUtils.getKnownServersStore(sContext)); final SSLContext sslContext = SSLContext.getInstance("TLS");
if (!mTrustManager.isKnownServer((X509Certificate) (newSession.getPeerCertificates()[0]))) { verifiedHostname = mHostnameVerifier.verify(host, newSession);
/** * Constructor for AdvancedX509TrustManager * * @param knownServersKeyStore Local certificates store with server certificates explicitly trusted by the user. * @throws CertStoreException When no default X509TrustManager instance was found in the system. */ public AdvancedX509TrustManager(KeyStore knownServersKeyStore) throws NoSuchAlgorithmException, KeyStoreException, CertStoreException { super(); TrustManagerFactory factory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); factory.init((KeyStore)null); mStandardTrustManager = findX509TrustManager(factory); mKnownServersKeyStore = knownServersKeyStore; }