Agregar información del certificado del servidor a Trust Manager Android mediante programación

x509certificate (1)

¡Finalmente, agrietado!

X509TrustManager trustManager = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { for (TrustManager tm : managers) { if (tm instanceof X509TrustManager) { ((X509TrustManager) tm).checkClientTrusted( chain, authType); } } } @Override public void checkServerTrusted( final X509Certificate[] chain, String authType) { for (X509Certificate cert : chain) { final String mCertificatinoType = cert.getType(); Date afterDate = cert.getNotAfter(); Date beforeDate = cert.getNotBefore(); Date currentDate = new Date(); try { cert.checkValidity(new Date()); } catch (CertificateExpiredException e) { isExpired = true; e.printStackTrace(); } catch (CertificateNotYetValidException e) { isInValid = true; e.printStackTrace(); } if (afterDate.compareTo(currentDate) * currentDate.compareTo(beforeDate) > 0) { isExpired = false; } else { isExpired = true; } String dn = cert.getSubjectDN().getName(); String CN = getValByAttributeTypeFromIssuerDN(dn, "CN="); String host = ""; if (TextUtils.isEmpty(query)) { if (baseHostString.equalsIgnoreCase("")) { final Settings settings = mApplication .getSettings(); try { URL url = new URL( settings.serverAddress .toString()); host = url.getAuthority(); if (host.contains(String.valueOf(url .getPort()))) { String toBeReplaced = ":" + url.getPort(); host = host.replace(toBeReplaced, ""); } } catch (MalformedURLException e) { e.printStackTrace(); } } else { try { URL url = new URL(baseHostString); host = url.getAuthority(); if (host.contains(String.valueOf(url .getPort()))) { String toBeReplaced = ":" + url.getPort(); host = host.replace(toBeReplaced, ""); } } catch (MalformedURLException e) { e.printStackTrace(); } } } else { try { URL url = new URL(query); host = url.getAuthority(); if (host.contains(String.valueOf(url .getPort()))) { String toBeReplaced = ":" + url.getPort(); host = host.replace(toBeReplaced, ""); } } catch (MalformedURLException e) { e.printStackTrace(); } } if (CN.equalsIgnoreCase(host)) { isHostMisMatch = false; } else { isHostMisMatch = true; } for (TrustManager tm : managers) { if (tm instanceof X509TrustManager) { try { ((X509TrustManager) tm) .checkServerTrusted(chain, authType); } catch (CertificateException e) { if (e.getMessage() != null && e.getMessage() .contains( "Trust anchor for certification path not found.")) { isNotTrusted = true; mApplication .setCurrentCertificate(chain); } e.printStackTrace(); } } } if (cert.getIssuerX500Principal().equals( trustedRoot.getIssuerX500Principal())) { return; } } } @Override public X509Certificate[] getAcceptedIssuers() { ArrayList<X509Certificate> issuers = new ArrayList<>(); for (TrustManager tm : managers) { if (tm instanceof X509TrustManager) { issuers.addAll(Arrays .asList(((X509TrustManager) tm) .getAcceptedIssuers())); } } return issuers.toArray(new X509Certificate[issuers .size()]); } };

Gracias a todos.

Soy nuevo en este SSL y X509Certificate Concepts. Lo único que necesito es: ¿Existe alguna forma de obtener la información del certificado de una Url determinada?

Por ejemplo: si el usuario ha escrito https://www.google.com , necesito la información del certificado para eso mediante programación.

Editar:

Finalmente, obtuve la información del certificado del servidor .

Ahora, mis preguntas son:

1. ¿Cómo puedo verificar el certificado es de confianza o no?

2. ¿Cómo puedo agregar el certificado al Trust Manager?

3. Incluso, si se trata de un certificado no confiable, si el usuario desea continuar con eso, entonces necesito agregar el certificado al administrador de confianza. ¿Cómo puedo conseguir esto?

4. ¿Es que, para verificar si un Certificado es confiable o no, realmente necesitamos tener otro certificado para comparar?

Soy muy nuevo en estos X.509 Certificate.

Cualquier ayuda sería realmente apreciada.

EDITAR:

Esto es lo que he intentado. Pero, ninguno de ellos me está ayudando. Necesito obtener el certificado es de confianza o no.

X509TrustManager trustManager = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { for (TrustManager tm : managers) { if (tm instanceof X509TrustManager) { ((X509TrustManager) tm).checkClientTrusted( chain, authType); } } } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) { for (X509Certificate cert : chain) { final String mCertificatinoType = cert.getType(); Date afterDate = cert.getNotAfter(); Date beforeDate = cert.getNotBefore(); Date currentDate = new Date(); try { cert.checkValidity(new Date()); } catch (CertificateExpiredException e) { LoginActivity.isExpired = true; e.printStackTrace(); } catch (CertificateNotYetValidException e) { LoginActivity.isInValid = true; e.printStackTrace(); } try { cert.verify(trustedRoot.getPublicKey()); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (SignatureException e) { e.printStackTrace(); } try { if (cert.getIssuerX500Principal().equals( trustedRoot.getIssuerX500Principal())) { } cert.verify(trustedHost.getPublicKey()); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (SignatureException e) { e.printStackTrace(); } if (afterDate.compareTo(currentDate) * currentDate.compareTo(beforeDate) > 0) { } else { } if (cert.getIssuerX500Principal().equals( trustedRoot.getIssuerX500Principal())) { return; } } // for (X509Certificate cert : chain) { // URL url; // String host = ""; // if (baseHostString.equalsIgnoreCase("")) { // final Settings settings = mApplication // .getSettings(); // try { // url = new URL( // settings.serverAddress.toString()); // host = url.getAuthority(); // } catch (MalformedURLException e) { // e.printStackTrace(); // } // } else { // // } // // String dn = cert.getSubjectDN().getName(); // String CN = getValByAttributeTypeFromIssuerDN(dn, // "CN="); // if (CN.equalsIgnoreCase(host)) { // if (cert.getIssuerX500Principal().equals( // trustedRoot.getIssuerX500Principal())) { // return; // } else { // } // } else { // } // } for (TrustManager tm : managers) { if (tm instanceof X509TrustManager) { try { ((X509TrustManager) tm).checkServerTrusted( chain, authType); } catch (CertificateException e) { e.printStackTrace(); } } } } @Override public X509Certificate[] getAcceptedIssuers() { ArrayList<X509Certificate> issuers = new ArrayList<>(); for (TrustManager tm : managers) { if (tm instanceof X509TrustManager) { issuers.addAll(Arrays .asList(((X509TrustManager) tm) .getAcceptedIssuers())); } } return issuers.toArray(new X509Certificate[issuers .size()]); } };