Example usage for android.net SSLCertificateSocketFactory setTrustManagers

List of usage examples for android.net SSLCertificateSocketFactory setTrustManagers

Introduction

In this page you can find the example usage for android.net SSLCertificateSocketFactory setTrustManagers.

Prototype

public void setTrustManagers(TrustManager[] trustManager) 

Source Link

Document

Sets the TrustManager s to be used for connections made by this factory.

Usage

From source file:com.android.emailcommon.utility.SSLUtils.java

/**
 * Returns a {@link javax.net.ssl.SSLSocketFactory}.
 * Optionally bypass all SSL certificate checks.
 *
 * @param insecure if true, bypass all SSL certificate checks
 *///www. j a v  a  2  s. c  o m
public synchronized static SSLCertificateSocketFactory getSSLSocketFactory(Context context, HostAuth hostAuth,
        boolean insecure) {
    if (insecure) {
        SSLCertificateSocketFactory insecureFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
                .getInsecure(0, null);
        insecureFactory.setTrustManagers(
                new TrustManager[] { new SameCertificateCheckingTrustManager(context, hostAuth) });
        return insecureFactory;
    } else {
        if (sSecureFactory == null) {
            sSecureFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0, null);
        }
        return sSecureFactory;
    }
}

From source file:org.transdroid.util.IgnoreTlsSniSocketFactory.java

@Override
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException {
    if (autoClose) {
        // we don't need the plainSocket
        plainSocket.close();/* w  w  w.  ja v  a2s . c  om*/
    }

    SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
            .getDefault(0);

    // For self-signed certificates use a custom trust manager
    sslSocketFactory.setTrustManagers(new TrustManager[] { new IgnoreSSLTrustManager() });

    // create and connect SSL socket, but don't do hostname/certificate verification yet
    SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port);

    // enable TLSv1.1/1.2 if available
    ssl.setEnabledProtocols(ssl.getSupportedProtocols());

    // set up SNI before the handshake
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
        sslSocketFactory.setHostname(ssl, host);
    } else {
        try {
            java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class);
            setHostnameMethod.invoke(ssl, host);
        } catch (Exception e) {
            throw new IOException("SNI not usable: " + e, e);
        }
    }

    return ssl;
}

From source file:org.transdroid.daemon.util.TlsSniSocketFactory.java

@Override
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException {
    if (autoClose) {
        // we don't need the plainSocket
        plainSocket.close();/*  w  ww . j a v  a  2 s. co  m*/
    }

    SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
            .getDefault(0);

    // For self-signed certificates use a custom trust manager
    if (acceptAllCertificates) {
        sslSocketFactory.setTrustManagers(new TrustManager[] { new IgnoreSSLTrustManager() });
    } else if (selfSignedCertificateKey != null) {
        sslSocketFactory
                .setTrustManagers(new TrustManager[] { new SelfSignedTrustManager(selfSignedCertificateKey) });
    }

    // create and connect SSL socket, but don't do hostname/certificate verification yet
    SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port);

    // enable TLSv1.1/1.2 if available
    ssl.setEnabledProtocols(ssl.getSupportedProtocols());

    // set up SNI before the handshake
    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
        sslSocketFactory.setHostname(ssl, host);
    } else {
        try {
            java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class);
            setHostnameMethod.invoke(ssl, host);
        } catch (Exception e) {
            Log.d(TlsSniSocketFactory.class.getSimpleName(), "SNI not usable: " + e);
        }
    }

    // verify hostname and certificate
    SSLSession session = ssl.getSession();
    if (!(acceptAllCertificates || selfSignedCertificateKey != null)
            && !hostnameVerifier.verify(host, session)) {
        throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host);
    }

    /*DLog.d(TlsSniSocketFactory.class.getSimpleName(),
    "Established " + session.getProtocol() + " connection with " + session.getPeerHost() +
          " using " + session.getCipherSuite());*/

    return ssl;
}

From source file:com.rastating.droidbeard.net.TlsSocketFactory.java

@Override
public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose)
        throws IOException, UnknownHostException {
    // Create and connect SSL socket, but don't do hostname/certificate verification yet
    SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory
            .getDefault(0);//from   w w w .  jav a 2  s.co  m

    // Setup custom trust manager if we are trusting all certificates
    if (mTrustAllCertificates) {
        TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };

        sslSocketFactory.setTrustManagers(new TrustManager[] { tm });
    }

    SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(InetAddress.getByName(host), port);

    // Enable TLSv1.1/1.2 if available
    // (see https://github.com/rfc2822/davdroid/issues/229)
    ssl.setEnabledProtocols(ssl.getSupportedProtocols());
    SSLSession session = ssl.getSession();

    // Verify hostname and certificate if we aren't trusting all certificates
    if (!mTrustAllCertificates) {
        if (!hostnameVerifier.verify(host, session))
            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + host);
    }

    Log.i("droidbeard", "Established " + session.getProtocol() + " connection with " + session.getPeerHost()
            + " using " + session.getCipherSuite());
    return ssl;
}