|
|
@@ -0,0 +1,91 @@ |
|
|
package your.package; |
|
|
|
|
|
import android.content.Context; |
|
|
|
|
|
import javax.net.ssl.SSLContext; |
|
|
import javax.net.ssl.TrustManagerFactory; |
|
|
import java.io.BufferedInputStream; |
|
|
import java.io.IOException; |
|
|
import java.io.InputStream; |
|
|
import java.security.KeyManagementException; |
|
|
import java.security.KeyStore; |
|
|
import java.security.KeyStoreException; |
|
|
import java.security.NoSuchAlgorithmException; |
|
|
import java.security.cert.Certificate; |
|
|
import java.security.cert.CertificateException; |
|
|
import java.security.cert.CertificateFactory; |
|
|
import java.security.cert.X509Certificate; |
|
|
|
|
|
/** |
|
|
* this script to be used with Android Asynchronous Networking and Image Loading |
|
|
* https://github.com/koush/ion/ |
|
|
* and maybe for other library and SSL Connection Script |
|
|
* |
|
|
* Save Cloudflare Origin CA — RSA Root as CloudFlareCA.crt at assets folder in Android Studio project |
|
|
* https://support.cloudflare.com/hc/en-us/articles/218689638-What-are-the-root-certificate-authorities-CAs-used-with-CloudFlare-Origin-CA- |
|
|
* put this file anywhere in your src folder |
|
|
* |
|
|
* Use it like this |
|
|
try { |
|
|
KeyPinStore keystore = KeyPinStore.getInstance(this); |
|
|
AsyncHttpClient.getDefaultInstance().getSSLSocketMiddleware().setSSLContext(keystore.getContext()); |
|
|
AsyncHttpClient.getDefaultInstance().getSSLSocketMiddleware().setTrustManagers(keystore.getTmf().getTrustManagers()); |
|
|
}catch (Exception e){} |
|
|
* and do Ion Connection |
|
|
* |
|
|
* Created by Ricardo Iramar dos Santos on 14/08/2015. |
|
|
* https://github.com/riramar/pubkey-pin-android/blob/master/src/org/owasp/pubkeypin/KeyPinStore.java |
|
|
*/ |
|
|
public class KeyPinStore { |
|
|
|
|
|
private static KeyPinStore instance = null; |
|
|
private SSLContext sslContext = SSLContext.getInstance("TLS"); |
|
|
private TrustManagerFactory tmf; |
|
|
|
|
|
public static synchronized KeyPinStore getInstance(Context cx) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException{ |
|
|
if (instance == null){ |
|
|
instance = new KeyPinStore(cx); |
|
|
} |
|
|
return instance; |
|
|
} |
|
|
|
|
|
private KeyPinStore(Context context) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException{ |
|
|
// https://developer.android.com/training/articles/security-ssl.html |
|
|
// Load CAs from an InputStream |
|
|
// (could be from a resource or ByteArrayInputStream or ...) |
|
|
CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
|
|
// randomCA.crt should be in the Assets directory (tip from here http://littlesvr.ca/grumble/2014/07/21/android-programming-connect-to-an-https-server-with-self-signed-certificate/) |
|
|
InputStream caInput = new BufferedInputStream(context.getAssets().open("cloudflare.crt")); |
|
|
Certificate ca; |
|
|
try { |
|
|
ca = cf.generateCertificate(caInput); |
|
|
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); |
|
|
} finally { |
|
|
caInput.close(); |
|
|
} |
|
|
|
|
|
// Create a KeyStore containing our trusted CAs |
|
|
String keyStoreType = KeyStore.getDefaultType(); |
|
|
KeyStore keyStore = KeyStore.getInstance(keyStoreType); |
|
|
keyStore.load(null, null); |
|
|
keyStore.setCertificateEntry("ca", ca); |
|
|
|
|
|
// Create a TrustManager that trusts the CAs in our KeyStore |
|
|
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); |
|
|
tmf = TrustManagerFactory.getInstance(tmfAlgorithm); |
|
|
tmf.init(keyStore); |
|
|
|
|
|
// Create an SSLContext that uses our TrustManager |
|
|
// SSLContext context = SSLContext.getInstance("TLS"); |
|
|
sslContext.init(null, tmf.getTrustManagers(), null); |
|
|
} |
|
|
|
|
|
public SSLContext getContext(){ |
|
|
return sslContext; |
|
|
} |
|
|
|
|
|
public TrustManagerFactory getTmf(){ |
|
|
return tmf; |
|
|
} |
|
|
} |
|
|
|
ibnux created this gist