diff options
author | ByteHamster <ByteHamster@users.noreply.github.com> | 2024-07-18 22:49:45 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-07-18 22:49:45 +0200 |
commit | a2806562b50fd5d871ad0cd5b88a4a8a420add86 (patch) | |
tree | 9061ddff9df5442250f0f6cf1fd32e633033bf68 | |
parent | 600ad2af3d819b0556496f9b03ab07858718fba5 (diff) | |
download | AntennaPod-a2806562b50fd5d871ad0cd5b88a4a8a420add86.zip |
Backport GlobalSign R6 certificate (#7293)
GlobalSign has migrated to R6, which is only shipped with Android 10+.
Blubrry switched to the new root CA, which causes certificate errors for some users.
AntennaPod currently supports Android 5.0+ and is installed on about 25k
Google Play devices with Android 5-9.
-rw-r--r-- | net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java | 33 | ||||
-rw-r--r-- | net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java | 2 |
2 files changed, 35 insertions, 0 deletions
diff --git a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java index ecfc99e15..9fff9454c 100644 --- a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java +++ b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java @@ -102,4 +102,37 @@ public class BackportCaCerts { + "mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n" + "emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n" + "-----END CERTIFICATE-----"; + + public static final String GLOBALSIGN_R6 = "-----BEGIN CERTIFICATE-----\n" + + "MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDE\n" + + "gMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2\n" + + "JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNM\n" + + "zQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBS\n" + + "NjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiI\n" + + "wDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQ\n" + + "ssgrRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuT\n" + + "ToVBu1kZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSK\n" + + "vGRMIRxDaNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n\n" + + "16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9\n" + + "CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJ\n" + + "Da38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiW\n" + + "m05OWgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4\n" + + "UoQSwC+n+7o/hbguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQ\n" + + "Ce24DWJfncBZ4nWUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFl\n" + + "WQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZ\n" + + "cIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjA\n" + + "PBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToD\n" + + "AfBgNVHSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFA\n" + + "AOCAgEAgyXt6NH9lVLNnsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcW\n" + + "c+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKP\n" + + "rmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waN\n" + + "rlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944\n" + + "Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl\n" + + "+68KnyBr3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU\n" + + "3/gKbaKxCXcPu9czc8FB10jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTO\n" + + "wY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsVi\n" + + "VO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9\n" + + "x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDf\n" + + "LRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=\n" + + "-----END CERTIFICATE-----"; } diff --git a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java index cda4298fd..fda826e15 100644 --- a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java +++ b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java @@ -49,6 +49,8 @@ public class BackportTrustManager { new ByteArrayInputStream(BackportCaCerts.SECTIGO_USER_TRUST.getBytes(Charset.forName("UTF-8"))))); keystore.setCertificateEntry("LETSENCRYPT_ISRG_CA", cf.generateCertificate( new ByteArrayInputStream(BackportCaCerts.LETSENCRYPT_ISRG.getBytes(Charset.forName("UTF-8"))))); + keystore.setCertificateEntry("GLOBALSIGN_R6", cf.generateCertificate( + new ByteArrayInputStream(BackportCaCerts.GLOBALSIGN_R6.getBytes(Charset.forName("UTF-8"))))); List<X509TrustManager> managers = new ArrayList<>(); managers.add(getSystemTrustManager(keystore)); |