List of usage examples for javax.net.ssl X509ExtendedKeyManager X509ExtendedKeyManager
protected X509ExtendedKeyManager()
From source file:ee.ria.xroad.common.request.ManagementRequestClient.java
private void createProxyHttpClient() throws Exception { log.trace("createProxyHttpClient()"); TrustManager tm = new X509TrustManager() { @Override//from w w w. j a v a 2s . c om public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; KeyManager km = new X509ExtendedKeyManager() { private static final String ALIAS = "MgmtAuthKeyManager"; @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { return ALIAS; } @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { return ALIAS; } @Override public X509Certificate[] getCertificateChain(String alias) { try { return new X509Certificate[] { InternalSSLKey.load().getCert() }; } catch (Exception e) { log.error("Failed to load internal TLS key", e); return new X509Certificate[] {}; } } @Override public String[] getClientAliases(String keyType, Principal[] issuers) { return null; } @Override public PrivateKey getPrivateKey(String alias) { try { return InternalSSLKey.load().getKey(); } catch (Exception e) { log.error("Failed to load internal TLS key", e); return null; } } @Override public String[] getServerAliases(String keyType, Principal[] issuers) { return null; } @Override public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) { return ALIAS; } @Override public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { return ALIAS; } }; proxyHttpClient = createHttpClient(km, tm); }
From source file:com.irccloud.android.NetworkConnection.java
@SuppressWarnings("deprecation") public NetworkConnection() { String version;//from ww w .j a v a2 s. co m String network_type = null; try { version = "/" + IRCCloudApplication.getInstance().getPackageManager().getPackageInfo( IRCCloudApplication.getInstance().getApplicationContext().getPackageName(), 0).versionName; } catch (Exception e) { version = ""; } try { ConnectivityManager cm = (ConnectivityManager) IRCCloudApplication.getInstance() .getSystemService(Context.CONNECTIVITY_SERVICE); NetworkInfo ni = cm.getActiveNetworkInfo(); if (ni != null) network_type = ni.getTypeName(); } catch (Exception e) { } try { config = new JSONObject(PreferenceManager .getDefaultSharedPreferences(IRCCloudApplication.getInstance().getApplicationContext()) .getString("config", "{}")); } catch (JSONException e) { e.printStackTrace(); config = new JSONObject(); } useragent = "IRCCloud" + version + " (" + android.os.Build.MODEL + "; " + Locale.getDefault().getCountry().toLowerCase() + "; " + "Android " + android.os.Build.VERSION.RELEASE; WindowManager wm = (WindowManager) IRCCloudApplication.getInstance() .getSystemService(Context.WINDOW_SERVICE); useragent += "; " + wm.getDefaultDisplay().getWidth() + "x" + wm.getDefaultDisplay().getHeight(); if (network_type != null) useragent += "; " + network_type; useragent += ")"; WifiManager wfm = (WifiManager) IRCCloudApplication.getInstance().getApplicationContext() .getSystemService(Context.WIFI_SERVICE); wifiLock = wfm.createWifiLock(TAG); kms = new X509ExtendedKeyManager[1]; kms[0] = new X509ExtendedKeyManager() { @Override public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) { return SSLAuthAlias; } @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { throw new UnsupportedOperationException(); } @Override public X509Certificate[] getCertificateChain(String alias) { return SSLAuthCertificateChain; } @Override public String[] getClientAliases(String keyType, Principal[] issuers) { throw new UnsupportedOperationException(); } @Override public String[] getServerAliases(String keyType, Principal[] issuers) { throw new UnsupportedOperationException(); } @Override public PrivateKey getPrivateKey(String alias) { return SSLAuthKey; } }; tms = new TrustManager[1]; tms[0] = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { throw new CertificateException("Not implemented"); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509"); trustManagerFactory.init((KeyStore) null); for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) { if (trustManager instanceof X509TrustManager) { X509TrustManager x509TrustManager = (X509TrustManager) trustManager; x509TrustManager.checkServerTrusted(chain, authType); } } } catch (KeyStoreException e) { throw new CertificateException(e); } catch (NoSuchAlgorithmException e) { throw new CertificateException(e); } if (BuildConfig.SSL_FPS != null && BuildConfig.SSL_FPS.length > 0) { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sha1 = md.digest(chain[0].getEncoded()); // http://stackoverflow.com/questions/9655181/convert-from-byte-array-to-hex-string-in-java final char[] hexArray = "0123456789ABCDEF".toCharArray(); char[] hexChars = new char[sha1.length * 2]; for (int j = 0; j < sha1.length; j++) { int v = sha1[j] & 0xFF; hexChars[j * 2] = hexArray[v >>> 4]; hexChars[j * 2 + 1] = hexArray[v & 0x0F]; } String hexCharsStr = new String(hexChars); boolean matched = false; for (String fp : BuildConfig.SSL_FPS) { if (fp.equals(hexCharsStr)) { matched = true; break; } } if (!matched) throw new CertificateException("Incorrect CN in cert chain"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; WebSocketClient.setTrustManagers(tms); }