Example usage for android.net.http SslError getPrimaryError

List of usage examples for android.net.http SslError getPrimaryError

Introduction

In this page you can find the example usage for android.net.http SslError getPrimaryError.

Prototype

public int getPrimaryError() 

Source Link

Document

Gets the most severe SSL error in this object's set of errors.

Usage

From source file:com.appnexus.opensdk.MRAIDImplementation.java

WebViewClient getWebViewClient() {

    return new WebViewClient() {

        @Override//from w  w w  . j a v  a  2s .  com
        public boolean shouldOverrideUrlLoading(WebView view, String url) {
            if (!url.startsWith("mraid:") && !url.startsWith("javascript:")) {
                Intent intent;
                if (owner.owner.getOpensNativeBrowser()) {
                    intent = new Intent(Intent.ACTION_VIEW, Uri.parse(url));
                } else {
                    intent = new Intent(owner.getContext(), BrowserActivity.class);
                    intent.putExtra("url", url);
                }
                try {
                    owner.getContext().startActivity(intent);
                } catch (ActivityNotFoundException e) {
                    Clog.w(Clog.mraidLogTag, Clog.getString(R.string.opening_url_failed, url));
                }
                return true;
            } else if (url.startsWith("mraid://")) {
                MRAIDImplementation.this.dispatch_mraid_call(url);

                return true;
            }

            // See if any native activities can handle the Url
            try {
                owner.getContext().startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse(url)));
                // If it's an IAV, prevent it from closing
                if (owner.owner instanceof InterstitialAdView) {
                    ((InterstitialAdView) (owner.owner)).interacted();
                }
                return true;
            } catch (ActivityNotFoundException e) {
                return false;
            }
        }

        @Override
        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
            Clog.e(Clog.httpRespLogTag,
                    Clog.getString(R.string.webclient_error, error.getPrimaryError(), error.toString()));
        }

        @Override
        public void onReceivedError(WebView view, int errorCode, String description, String failingURL) {
            Clog.e(Clog.httpRespLogTag, Clog.getString(R.string.webclient_error, errorCode, description));
        }

        @Override
        public void onPageFinished(WebView view, String url) {
            // Fire the ready event only once
            if (!readyFired) {
                view.loadUrl(String.format("javascript:window.mraid.util.setPlacementType('%s')",
                        owner.owner.isBanner() ? "inline" : "interstitial"));
                view.loadUrl("javascript:window.mraid.util.setIsViewable(true)");
                view.loadUrl("javascript:window.mraid.util.stateChangeEvent('default')");
                view.loadUrl("javascript:window.mraid.util.readyEvent();");

                // Store width and height for close()
                default_width = owner.getLayoutParams().width;
                default_height = owner.getLayoutParams().height;

                readyFired = true;
            }
        }
    };
}

From source file:android.core.TestEventHandler.java

/**
 * SSL certificate error callback. Handles SSL error(s) on the way
 * up to the user.//from  www.jav  a  2 s. co m
 */
public boolean handleSslErrorRequest(SslError error) {
    int primaryError = error.getPrimaryError();

    if (false) {
        Log.v(LOGTAG, "TestEventHandler: handleSslErrorRequest(): " + " primary error:" + primaryError
                + " certificate: " + error.getCertificate());
    }

    eventsReceived[TEST_SSL_CERTIFICATE_ERROR] = true;
    if (notExpecting[TEST_SSL_CERTIFICATE_ERROR]) {
        expectDetails.append("SSL Certificate error event received " + "but not expected");
        expectDetails.append("\r\n");
    }

    if (expectSslErrors != -1) {
        if (expectSslErrors == primaryError) {
            expectSslErrors = -1;
        } else {
            expectDetails
                    .append("SslCertificateError id expected:" + expectSslErrors + " got: " + primaryError);
            expectDetails.append("\r\n");
        }
    }

    // SslCertificate match here?

    if (expectSslErrors == -1) // && expectSslCertificate == certificate?
        expects[TEST_SSL_CERTIFICATE_ERROR] = false;

    // return false so that we won't block the thread
    return false;
}

From source file:android.webkit.LoadListener.java

/**
 * SSL certificate error callback. Handles SSL error(s) on the way up
 * to the user.//  w  w w . j a  va 2 s  . c  o m
 * IMPORTANT: as this is called from network thread, can't call native
 * directly
 */
public void handleSslErrorRequest(SslError error) {
    if (Config.LOGV) {
        Log.v(LOGTAG, "LoadListener.handleSslErrorRequest(): url:" + url() + " primary error: "
                + error.getPrimaryError() + " certificate: " + error.getCertificate());
    }

    if (!mCancelled) {
        mSslError = error;
        Network.getInstance(mContext).handleSslErrorRequest(this);
    }
}

From source file:android.net.http.CertificateChainValidator.java

/**
 * Performs the handshake and server certificates validation
 * @param sslSocket The secure connection socket
 * @param domain The website domain//from  w ww. j  av  a 2s . co m
 * @return An SSL error object if there is an error and null otherwise
 */
public SslError doHandshakeAndValidateServerCertificates(HttpsConnection connection, SSLSocket sslSocket,
        String domain) throws SSLHandshakeException, IOException {

    ++sTotal;

    SSLContext sslContext = HttpsConnection.getContext();
    if (sslContext == null) {
        closeSocketThrowException(sslSocket, "SSL context is null");
    }

    X509Certificate[] serverCertificates = null;

    long sessionBeforeHandshakeLastAccessedTime = 0;
    byte[] sessionBeforeHandshakeId = null;

    SSLSession sessionAfterHandshake = null;

    synchronized (sslContext) {
        // get SSL session before the handshake
        SSLSession sessionBeforeHandshake = getSSLSession(sslContext, connection.getHost());
        if (sessionBeforeHandshake != null) {
            sessionBeforeHandshakeLastAccessedTime = sessionBeforeHandshake.getLastAccessedTime();

            sessionBeforeHandshakeId = sessionBeforeHandshake.getId();
        }

        // start handshake, close the socket if we fail
        try {
            sslSocket.setUseClientMode(true);
            sslSocket.startHandshake();
        } catch (IOException e) {
            closeSocketThrowException(sslSocket, e.getMessage(), "failed to perform SSL handshake");
        }

        // retrieve the chain of the server peer certificates
        Certificate[] peerCertificates = sslSocket.getSession().getPeerCertificates();

        if (peerCertificates == null || peerCertificates.length <= 0) {
            closeSocketThrowException(sslSocket, "failed to retrieve peer certificates");
        } else {
            serverCertificates = new X509Certificate[peerCertificates.length];
            for (int i = 0; i < peerCertificates.length; ++i) {
                serverCertificates[i] = (X509Certificate) (peerCertificates[i]);
            }

            // update the SSL certificate associated with the connection
            if (connection != null) {
                if (serverCertificates[0] != null) {
                    connection.setCertificate(new SslCertificate(serverCertificates[0]));
                }
            }
        }

        // get SSL session after the handshake
        sessionAfterHandshake = getSSLSession(sslContext, connection.getHost());
    }

    if (sessionBeforeHandshakeLastAccessedTime != 0 && sessionAfterHandshake != null
            && Arrays.equals(sessionBeforeHandshakeId, sessionAfterHandshake.getId())
            && sessionBeforeHandshakeLastAccessedTime < sessionAfterHandshake.getLastAccessedTime()) {

        if (HttpLog.LOGV) {
            HttpLog.v("SSL session was reused: total reused: " + sTotalReused + " out of total of: " + sTotal);

            ++sTotalReused;
        }

        // no errors!!!
        return null;
    }

    // check if the first certificate in the chain is for this site
    X509Certificate currCertificate = serverCertificates[0];
    if (currCertificate == null) {
        closeSocketThrowException(sslSocket, "certificate for this site is null");
    } else {
        if (!DomainNameChecker.match(currCertificate, domain)) {
            String errorMessage = "certificate not for this host: " + domain;

            if (HttpLog.LOGV) {
                HttpLog.v(errorMessage);
            }

            sslSocket.getSession().invalidate();
            return new SslError(SslError.SSL_IDMISMATCH, currCertificate);
        }
    }

    //
    // first, we validate the chain using the standard validation
    // solution; if we do not find any errors, we are done; if we
    // fail the standard validation, we re-validate again below,
    // this time trying to retrieve any individual errors we can
    // report back to the user.
    //
    try {
        synchronized (mDefaultTrustManager) {
            mDefaultTrustManager.checkServerTrusted(serverCertificates, "RSA");

            // no errors!!!
            return null;
        }
    } catch (CertificateException e) {
        if (HttpLog.LOGV) {
            HttpLog.v("failed to pre-validate the certificate chain, error: " + e.getMessage());
        }
    }

    sslSocket.getSession().invalidate();

    SslError error = null;

    // we check the root certificate separately from the rest of the
    // chain; this is because we need to know what certificate in
    // the chain resulted in an error if any
    currCertificate = serverCertificates[serverCertificates.length - 1];
    if (currCertificate == null) {
        closeSocketThrowException(sslSocket, "root certificate is null");
    }

    // check if the last certificate in the chain (root) is trusted
    X509Certificate[] rootCertificateChain = { currCertificate };
    try {
        synchronized (mDefaultTrustManager) {
            mDefaultTrustManager.checkServerTrusted(rootCertificateChain, "RSA");
        }
    } catch (CertificateExpiredException e) {
        String errorMessage = e.getMessage();
        if (errorMessage == null) {
            errorMessage = "root certificate has expired";
        }

        if (HttpLog.LOGV) {
            HttpLog.v(errorMessage);
        }

        error = new SslError(SslError.SSL_EXPIRED, currCertificate);
    } catch (CertificateNotYetValidException e) {
        String errorMessage = e.getMessage();
        if (errorMessage == null) {
            errorMessage = "root certificate not valid yet";
        }

        if (HttpLog.LOGV) {
            HttpLog.v(errorMessage);
        }

        error = new SslError(SslError.SSL_NOTYETVALID, currCertificate);
    } catch (CertificateException e) {
        String errorMessage = e.getMessage();
        if (errorMessage == null) {
            errorMessage = "root certificate not trusted";
        }

        if (HttpLog.LOGV) {
            HttpLog.v(errorMessage);
        }

        return new SslError(SslError.SSL_UNTRUSTED, currCertificate);
    }

    // Then go through the certificate chain checking that each
    // certificate trusts the next and that each certificate is
    // within its valid date range. Walk the chain in the order
    // from the CA to the end-user
    X509Certificate prevCertificate = serverCertificates[serverCertificates.length - 1];

    for (int i = serverCertificates.length - 2; i >= 0; --i) {
        currCertificate = serverCertificates[i];

        // if a certificate is null, we cannot verify the chain
        if (currCertificate == null) {
            closeSocketThrowException(sslSocket, "null certificate in the chain");
        }

        // verify if trusted by chain
        if (!prevCertificate.getSubjectDN().equals(currCertificate.getIssuerDN())) {
            String errorMessage = "not trusted by chain";

            if (HttpLog.LOGV) {
                HttpLog.v(errorMessage);
            }

            return new SslError(SslError.SSL_UNTRUSTED, currCertificate);
        }

        try {
            currCertificate.verify(prevCertificate.getPublicKey());
        } catch (GeneralSecurityException e) {
            String errorMessage = e.getMessage();
            if (errorMessage == null) {
                errorMessage = "not trusted by chain";
            }

            if (HttpLog.LOGV) {
                HttpLog.v(errorMessage);
            }

            return new SslError(SslError.SSL_UNTRUSTED, currCertificate);
        }

        // verify if the dates are valid
        try {
            currCertificate.checkValidity();
        } catch (CertificateExpiredException e) {
            String errorMessage = e.getMessage();
            if (errorMessage == null) {
                errorMessage = "certificate expired";
            }

            if (HttpLog.LOGV) {
                HttpLog.v(errorMessage);
            }

            if (error == null || error.getPrimaryError() < SslError.SSL_EXPIRED) {
                error = new SslError(SslError.SSL_EXPIRED, currCertificate);
            }
        } catch (CertificateNotYetValidException e) {
            String errorMessage = e.getMessage();
            if (errorMessage == null) {
                errorMessage = "certificate not valid yet";
            }

            if (HttpLog.LOGV) {
                HttpLog.v(errorMessage);
            }

            if (error == null || error.getPrimaryError() < SslError.SSL_NOTYETVALID) {
                error = new SslError(SslError.SSL_NOTYETVALID, currCertificate);
            }
        }

        prevCertificate = currCertificate;
    }

    // if we do not have an error to report back to the user, throw
    // an exception (a generic error will be reported instead)
    if (error == null) {
        closeSocketThrowException(sslSocket,
                "failed to pre-validate the certificate chain due to a non-standard error");
    }

    return error;
}