Merge branch 'master' into merge_1.1.2
resolves AntennaPod/AntennaPod#805
This commit is contained in:
commit
236757e803
|
@ -75,84 +75,9 @@ public class GpodnetService {
|
|||
|
||||
public GpodnetService() {
|
||||
httpClient = AntennapodHttpClient.getHttpClient();
|
||||
if (Build.VERSION.SDK_INT <= 10) {
|
||||
Log.d(TAG, "Use custom SSL factory");
|
||||
SSLSocketFactory factory = getCustomSslSocketFactory();
|
||||
httpClient.setSslSocketFactory(factory);
|
||||
}
|
||||
BASE_HOST = GpodnetPreferences.getHostname();
|
||||
}
|
||||
|
||||
private synchronized static SSLSocketFactory getCustomSslSocketFactory() {
|
||||
try {
|
||||
TrustManagerFactory defaultTrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||
defaultTrustManagerFactory.init((KeyStore) null); // use system keystore
|
||||
final X509TrustManager defaultTrustManager = (X509TrustManager) defaultTrustManagerFactory.getTrustManagers()[0];
|
||||
TrustManager[] customTrustManagers = new TrustManager[]{new X509TrustManager() {
|
||||
@Override
|
||||
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||
return null;
|
||||
}
|
||||
@Override
|
||||
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
|
||||
}
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] chain, String authType)
|
||||
throws CertificateException {
|
||||
// chain may out of order - construct data structures to walk from server certificate to root certificate
|
||||
Map<Principal, X509Certificate> certificates = new HashMap<Principal, X509Certificate>(chain.length - 1);
|
||||
X509Certificate subject = null;
|
||||
for (X509Certificate cert : chain) {
|
||||
cert.checkValidity();
|
||||
if (cert.getSubjectDN().toString().startsWith("CN=" + DEFAULT_BASE_HOST)) {
|
||||
subject = cert;
|
||||
} else {
|
||||
certificates.put(cert.getSubjectDN(), cert);
|
||||
}
|
||||
}
|
||||
if (subject == null) {
|
||||
throw new CertificateException("Chain does not contain a certificate for " + DEFAULT_BASE_HOST);
|
||||
}
|
||||
// follow chain to root CA
|
||||
while (certificates.get(subject.getIssuerDN()) != null) {
|
||||
subject.checkValidity();
|
||||
X509Certificate issuer = certificates.get(subject.getIssuerDN());
|
||||
try {
|
||||
subject.verify(issuer.getPublicKey());
|
||||
} catch (Exception e) {
|
||||
Log.d(TAG, "failed: " + issuer.getSubjectDN() + " -> " + subject.getSubjectDN());
|
||||
throw new CertificateException("Could not verify certificate");
|
||||
}
|
||||
subject = issuer;
|
||||
}
|
||||
X500Principal rootAuthority = subject.getIssuerX500Principal();
|
||||
boolean accepted = false;
|
||||
for (X509Certificate cert :
|
||||
defaultTrustManager.getAcceptedIssuers()) {
|
||||
if (cert.getSubjectX500Principal().equals(rootAuthority)) {
|
||||
try {
|
||||
subject.verify(cert.getPublicKey());
|
||||
accepted = true;
|
||||
} catch (Exception e) {
|
||||
Log.d(TAG, "failed: " + cert.getSubjectDN() + " -> " + subject.getSubjectDN());
|
||||
throw new CertificateException("Could not verify root certificate");
|
||||
}
|
||||
}
|
||||
}
|
||||
if (accepted == false) {
|
||||
throw new CertificateException("Could not verify root certificate");
|
||||
}
|
||||
}
|
||||
}};
|
||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||
sslContext.init(null, customTrustManagers, null);
|
||||
return sslContext.getSocketFactory();
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the [count] most used tags.
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue