diff options
author | Tom Hennen <TomHennen@users.noreply.github.com> | 2015-05-08 17:58:48 -0400 |
---|---|---|
committer | Tom Hennen <TomHennen@users.noreply.github.com> | 2015-05-08 17:58:48 -0400 |
commit | f88c80cced6c3b529a6ef1addafaa930fb41d58f (patch) | |
tree | 9f2f5f03ca49e4e20ba7947926527625070bd503 | |
parent | 393e647b1039af8916c387551ef390a8892a6475 (diff) | |
parent | d715cece62a1267bc401e9770203b55a1d755a09 (diff) | |
download | AntennaPod-f88c80cced6c3b529a6ef1addafaa930fb41d58f.zip |
Merge pull request #799 from mfietz/version_1.1.21.1.2
Fix gpodder certificate validation
-rw-r--r-- | app/src/main/AndroidManifest.xml | 4 | ||||
-rw-r--r-- | app/src/main/assets/about.html | 2 | ||||
-rw-r--r-- | core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java | 75 |
3 files changed, 3 insertions, 78 deletions
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml index 7a4c8366e..bbdc5a4d7 100644 --- a/app/src/main/AndroidManifest.xml +++ b/app/src/main/AndroidManifest.xml @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="de.danoeh.antennapod" - android:versionCode="51" - android:versionName="1.1.1"> + android:versionCode="52" + android:versionName="1.1.2"> <uses-permission android:name="android.permission.INTERNET"/> <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/> diff --git a/app/src/main/assets/about.html b/app/src/main/assets/about.html index d8face548..d9fcb80ca 100644 --- a/app/src/main/assets/about.html +++ b/app/src/main/assets/about.html @@ -41,7 +41,7 @@ <div id="header" align="center"> <img src="logo.png" alt="Logo" width="100px" height="100px"/> - <p>AntennaPod, Version 1.1</p> + <p>AntennaPod, Version 1.1.2</p> <p>Copyright © 2014 Daniel Oeh</p> diff --git a/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java b/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java index a353c984a..4d88449d6 100644 --- a/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java +++ b/core/src/main/java/de/danoeh/antennapod/core/gpoddernet/GpodnetService.java @@ -72,84 +72,9 @@ public class GpodnetService { public GpodnetService() { httpClient = AntennapodHttpClient.getHttpClient(); - if (Build.VERSION.SDK_INT <= 10) { - Log.d(TAG, "Use custom SSL factory"); - SSLSocketFactory factory = getCustomSslSocketFactory(); - httpClient.setSslSocketFactory(factory); - } BASE_HOST = GpodnetPreferences.getHostname(); } - private synchronized static SSLSocketFactory getCustomSslSocketFactory() { - try { - TrustManagerFactory defaultTrustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - defaultTrustManagerFactory.init((KeyStore) null); // use system keystore - final X509TrustManager defaultTrustManager = (X509TrustManager) defaultTrustManagerFactory.getTrustManagers()[0]; - TrustManager[] customTrustManagers = new TrustManager[]{new X509TrustManager() { - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return null; - } - @Override - public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { - } - @Override - public void checkServerTrusted(X509Certificate[] chain, String authType) - throws CertificateException { - // chain may out of order - construct data structures to walk from server certificate to root certificate - Map<Principal, X509Certificate> certificates = new HashMap<Principal, X509Certificate>(chain.length - 1); - X509Certificate subject = null; - for (X509Certificate cert : chain) { - cert.checkValidity(); - if (cert.getSubjectDN().toString().startsWith("CN=" + DEFAULT_BASE_HOST)) { - subject = cert; - } else { - certificates.put(cert.getSubjectDN(), cert); - } - } - if (subject == null) { - throw new CertificateException("Chain does not contain a certificate for " + DEFAULT_BASE_HOST); - } - // follow chain to root CA - while (certificates.get(subject.getIssuerDN()) != null) { - subject.checkValidity(); - X509Certificate issuer = certificates.get(subject.getIssuerDN()); - try { - subject.verify(issuer.getPublicKey()); - } catch (Exception e) { - Log.d(TAG, "failed: " + issuer.getSubjectDN() + " -> " + subject.getSubjectDN()); - throw new CertificateException("Could not verify certificate"); - } - subject = issuer; - } - X500Principal rootAuthority = subject.getIssuerX500Principal(); - boolean accepted = false; - for (X509Certificate cert : - defaultTrustManager.getAcceptedIssuers()) { - if (cert.getSubjectX500Principal().equals(rootAuthority)) { - try { - subject.verify(cert.getPublicKey()); - accepted = true; - } catch (Exception e) { - Log.d(TAG, "failed: " + cert.getSubjectDN() + " -> " + subject.getSubjectDN()); - throw new CertificateException("Could not verify root certificate"); - } - } - } - if (accepted == false) { - throw new CertificateException("Could not verify root certificate"); - } - } - }}; - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, customTrustManagers, null); - return sslContext.getSocketFactory(); - } catch (Exception e) { - e.printStackTrace(); - } - return null; - } - /** * Returns the [count] most used tags. */ |