Example 1 with X509CertificateHolder
use of org.spongycastle.cert.X509CertificateHolder in project kdeconnect-android by KDE.
the class SslHelper method initialiseCertificate.
public static void initialiseCertificate(Context context) {
PrivateKey privateKey;
PublicKey publicKey;
try {
privateKey = RsaHelper.getPrivateKey(context);
publicKey = RsaHelper.getPublicKey(context);
} catch (Exception e) {
Log.e("SslHelper", "Error getting keys, can't create certificate");
return;
}
SharedPreferences settings = PreferenceManager.getDefaultSharedPreferences(context);
if (!settings.contains("certificate")) {
try {
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
nameBuilder.addRDN(BCStyle.CN, DeviceHelper.getDeviceId(context));
nameBuilder.addRDN(BCStyle.OU, "KDE Connect");
nameBuilder.addRDN(BCStyle.O, "KDE");
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.YEAR, -1);
Date notBefore = calendar.getTime();
calendar.add(Calendar.YEAR, 10);
Date notAfter = calendar.getTime();
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), BigInteger.ONE, notBefore, notAfter, nameBuilder.build(), publicKey);
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(privateKey);
certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateBuilder.build(contentSigner));
SharedPreferences.Editor edit = settings.edit();
edit.putString("certificate", Base64.encodeToString(certificate.getEncoded(), 0));
edit.apply();
} catch (Exception e) {
e.printStackTrace();
Log.e("KDE/initialiseCert", "Exception");
return;
}
} else {
try {
SharedPreferences globalSettings = PreferenceManager.getDefaultSharedPreferences(context);
byte[] certificateBytes = Base64.decode(globalSettings.getString("certificate", ""), 0);
X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
} catch (Exception e) {
Log.e("KDE/SslHelper", "Exception reading own certificate");
e.printStackTrace();
}
}
}
Also used :
PrivateKey(java.security.PrivateKey)
X500NameBuilder(org.spongycastle.asn1.x500.X500NameBuilder)
SharedPreferences(android.content.SharedPreferences)
PublicKey(java.security.PublicKey)
JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder)
Calendar(java.util.Calendar)
ContentSigner(org.spongycastle.operator.ContentSigner)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
Date(java.util.Date)
JcaX509v3CertificateBuilder(org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.spongycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder)
Example 2 with X509CertificateHolder
use of org.spongycastle.cert.X509CertificateHolder in project kdeconnect-android by KDE.
the class SslHelper method getSslContext.
public static SSLContext getSslContext(Context context, String deviceId, boolean isDeviceTrusted) {
//TODO: Cache
try {
// Get device private key
PrivateKey privateKey = RsaHelper.getPrivateKey(context);
// Get remote device certificate if trusted
X509Certificate remoteDeviceCertificate = null;
if (isDeviceTrusted) {
SharedPreferences devicePreferences = context.getSharedPreferences(deviceId, Context.MODE_PRIVATE);
byte[] certificateBytes = Base64.decode(devicePreferences.getString("certificate", ""), 0);
X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
remoteDeviceCertificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
}
// Setup keystore
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setKeyEntry("key", privateKey, "".toCharArray(), new Certificate[] { certificate });
// Set certificate if device trusted
if (remoteDeviceCertificate != null) {
keyStore.setCertificateEntry(deviceId, remoteDeviceCertificate);
}
// Setup key manager factory
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "".toCharArray());
// Setup default trust manager
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
// Setup custom trust manager if device not trusted
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
//Newer TLS versions are only supported on API 16+
SSLContext tlsContext = SSLContext.getInstance("TLSv1");
if (isDeviceTrusted) {
tlsContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), RandomHelper.secureRandom);
} else {
tlsContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, RandomHelper.secureRandom);
}
return tlsContext;
} catch (Exception e) {
Log.e("KDE/SslHelper", "Error creating tls context");
e.printStackTrace();
}
return null;
}
Also used :
PrivateKey(java.security.PrivateKey)
SharedPreferences(android.content.SharedPreferences)
SSLContext(javax.net.ssl.SSLContext)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
Aggregations
SharedPreferences (android.content.SharedPreferences)2
IOException (java.io.IOException)2
PrivateKey (java.security.PrivateKey)2
CertificateException (java.security.cert.CertificateException)2
X509CertificateHolder (org.spongycastle.cert.X509CertificateHolder)2
JcaX509CertificateConverter (org.spongycastle.cert.jcajce.JcaX509CertificateConverter)2
KeyStore (java.security.KeyStore)1
PublicKey (java.security.PublicKey)1
X509Certificate (java.security.cert.X509Certificate)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
SSLContext (javax.net.ssl.SSLContext)1
TrustManager (javax.net.ssl.TrustManager)1
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1
X509TrustManager (javax.net.ssl.X509TrustManager)1
X500NameBuilder (org.spongycastle.asn1.x500.X500NameBuilder)1
X509v3CertificateBuilder (org.spongycastle.cert.X509v3CertificateBuilder)1
JcaX509v3CertificateBuilder (org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder)1
ContentSigner (org.spongycastle.operator.ContentSigner)1
