Search in sources :

Example 1 with X509CertificateHolder

use of org.spongycastle.cert.X509CertificateHolder in project kdeconnect-android by KDE.

the class SslHelper method initialiseCertificate.

public static void initialiseCertificate(Context context) {
    PrivateKey privateKey;
    PublicKey publicKey;
    try {
        privateKey = RsaHelper.getPrivateKey(context);
        publicKey = RsaHelper.getPublicKey(context);
    } catch (Exception e) {
        Log.e("SslHelper", "Error getting keys, can't create certificate");
        return;
    }
    SharedPreferences settings = PreferenceManager.getDefaultSharedPreferences(context);
    if (!settings.contains("certificate")) {
        try {
            X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
            nameBuilder.addRDN(BCStyle.CN, DeviceHelper.getDeviceId(context));
            nameBuilder.addRDN(BCStyle.OU, "KDE Connect");
            nameBuilder.addRDN(BCStyle.O, "KDE");
            Calendar calendar = Calendar.getInstance();
            calendar.add(Calendar.YEAR, -1);
            Date notBefore = calendar.getTime();
            calendar.add(Calendar.YEAR, 10);
            Date notAfter = calendar.getTime();
            X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(nameBuilder.build(), BigInteger.ONE, notBefore, notAfter, nameBuilder.build(), publicKey);
            ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").setProvider(BC).build(privateKey);
            certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateBuilder.build(contentSigner));
            SharedPreferences.Editor edit = settings.edit();
            edit.putString("certificate", Base64.encodeToString(certificate.getEncoded(), 0));
            edit.apply();
        } catch (Exception e) {
            e.printStackTrace();
            Log.e("KDE/initialiseCert", "Exception");
            return;
        }
    } else {
        try {
            SharedPreferences globalSettings = PreferenceManager.getDefaultSharedPreferences(context);
            byte[] certificateBytes = Base64.decode(globalSettings.getString("certificate", ""), 0);
            X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
            certificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
        } catch (Exception e) {
            Log.e("KDE/SslHelper", "Exception reading own certificate");
            e.printStackTrace();
        }
    }
}
Also used : PrivateKey(java.security.PrivateKey) X500NameBuilder(org.spongycastle.asn1.x500.X500NameBuilder) SharedPreferences(android.content.SharedPreferences) PublicKey(java.security.PublicKey) JcaContentSignerBuilder(org.spongycastle.operator.jcajce.JcaContentSignerBuilder) Calendar(java.util.Calendar) ContentSigner(org.spongycastle.operator.ContentSigner) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) Date(java.util.Date) JcaX509v3CertificateBuilder(org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509v3CertificateBuilder(org.spongycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter) JcaX509v3CertificateBuilder(org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder) X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder)

Example 2 with X509CertificateHolder

use of org.spongycastle.cert.X509CertificateHolder in project kdeconnect-android by KDE.

the class SslHelper method getSslContext.

public static SSLContext getSslContext(Context context, String deviceId, boolean isDeviceTrusted) {
    //TODO: Cache
    try {
        // Get device private key
        PrivateKey privateKey = RsaHelper.getPrivateKey(context);
        // Get remote device certificate if trusted
        X509Certificate remoteDeviceCertificate = null;
        if (isDeviceTrusted) {
            SharedPreferences devicePreferences = context.getSharedPreferences(deviceId, Context.MODE_PRIVATE);
            byte[] certificateBytes = Base64.decode(devicePreferences.getString("certificate", ""), 0);
            X509CertificateHolder certificateHolder = new X509CertificateHolder(certificateBytes);
            remoteDeviceCertificate = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certificateHolder);
        }
        // Setup keystore
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setKeyEntry("key", privateKey, "".toCharArray(), new Certificate[] { certificate });
        // Set certificate if device trusted
        if (remoteDeviceCertificate != null) {
            keyStore.setCertificateEntry(deviceId, remoteDeviceCertificate);
        }
        // Setup key manager factory
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, "".toCharArray());
        // Setup default trust manager
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        // Setup custom trust manager if device not trusted
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        } };
        //Newer TLS versions are only supported on API 16+
        SSLContext tlsContext = SSLContext.getInstance("TLSv1");
        if (isDeviceTrusted) {
            tlsContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), RandomHelper.secureRandom);
        } else {
            tlsContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, RandomHelper.secureRandom);
        }
        return tlsContext;
    } catch (Exception e) {
        Log.e("KDE/SslHelper", "Error creating tls context");
        e.printStackTrace();
    }
    return null;
}
Also used : PrivateKey(java.security.PrivateKey) SharedPreferences(android.content.SharedPreferences) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager) JcaX509CertificateConverter(org.spongycastle.cert.jcajce.JcaX509CertificateConverter) X509TrustManager(javax.net.ssl.X509TrustManager) X509CertificateHolder(org.spongycastle.cert.X509CertificateHolder) TrustManagerFactory(javax.net.ssl.TrustManagerFactory)

Aggregations

SharedPreferences (android.content.SharedPreferences)2 IOException (java.io.IOException)2 PrivateKey (java.security.PrivateKey)2 CertificateException (java.security.cert.CertificateException)2 X509CertificateHolder (org.spongycastle.cert.X509CertificateHolder)2 JcaX509CertificateConverter (org.spongycastle.cert.jcajce.JcaX509CertificateConverter)2 KeyStore (java.security.KeyStore)1 PublicKey (java.security.PublicKey)1 X509Certificate (java.security.cert.X509Certificate)1 Calendar (java.util.Calendar)1 Date (java.util.Date)1 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1 SSLContext (javax.net.ssl.SSLContext)1 TrustManager (javax.net.ssl.TrustManager)1 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1 X509TrustManager (javax.net.ssl.X509TrustManager)1 X500NameBuilder (org.spongycastle.asn1.x500.X500NameBuilder)1 X509v3CertificateBuilder (org.spongycastle.cert.X509v3CertificateBuilder)1 JcaX509v3CertificateBuilder (org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder)1 ContentSigner (org.spongycastle.operator.ContentSigner)1