summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorByteHamster <ByteHamster@users.noreply.github.com>2024-07-18 22:49:45 +0200
committerGitHub <noreply@github.com>2024-07-18 22:49:45 +0200
commita2806562b50fd5d871ad0cd5b88a4a8a420add86 (patch)
tree9061ddff9df5442250f0f6cf1fd32e633033bf68
parent600ad2af3d819b0556496f9b03ab07858718fba5 (diff)
downloadAntennaPod-a2806562b50fd5d871ad0cd5b88a4a8a420add86.zip
Backport GlobalSign R6 certificate (#7293)
GlobalSign has migrated to R6, which is only shipped with Android 10+. Blubrry switched to the new root CA, which causes certificate errors for some users. AntennaPod currently supports Android 5.0+ and is installed on about 25k Google Play devices with Android 5-9.
-rw-r--r--net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java33
-rw-r--r--net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java2
2 files changed, 35 insertions, 0 deletions
diff --git a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java
index ecfc99e15..9fff9454c 100644
--- a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java
+++ b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportCaCerts.java
@@ -102,4 +102,37 @@ public class BackportCaCerts {
+ "mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n"
+ "emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n"
+ "-----END CERTIFICATE-----";
+
+ public static final String GLOBALSIGN_R6 = "-----BEGIN CERTIFICATE-----\n"
+ + "MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDE\n"
+ + "gMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2\n"
+ + "JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNM\n"
+ + "zQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBS\n"
+ + "NjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiI\n"
+ + "wDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQ\n"
+ + "ssgrRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuT\n"
+ + "ToVBu1kZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSK\n"
+ + "vGRMIRxDaNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n\n"
+ + "16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9\n"
+ + "CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJ\n"
+ + "Da38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiW\n"
+ + "m05OWgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4\n"
+ + "UoQSwC+n+7o/hbguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQ\n"
+ + "Ce24DWJfncBZ4nWUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFl\n"
+ + "WQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZ\n"
+ + "cIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjA\n"
+ + "PBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToD\n"
+ + "AfBgNVHSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFA\n"
+ + "AOCAgEAgyXt6NH9lVLNnsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcW\n"
+ + "c+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKP\n"
+ + "rmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waN\n"
+ + "rlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944\n"
+ + "Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl\n"
+ + "+68KnyBr3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU\n"
+ + "3/gKbaKxCXcPu9czc8FB10jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTO\n"
+ + "wY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsVi\n"
+ + "VO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9\n"
+ + "x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDf\n"
+ + "LRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=\n"
+ + "-----END CERTIFICATE-----";
}
diff --git a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java
index cda4298fd..fda826e15 100644
--- a/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java
+++ b/net/ssl/src/main/java/de/danoeh/antennapod/net/ssl/BackportTrustManager.java
@@ -49,6 +49,8 @@ public class BackportTrustManager {
new ByteArrayInputStream(BackportCaCerts.SECTIGO_USER_TRUST.getBytes(Charset.forName("UTF-8")))));
keystore.setCertificateEntry("LETSENCRYPT_ISRG_CA", cf.generateCertificate(
new ByteArrayInputStream(BackportCaCerts.LETSENCRYPT_ISRG.getBytes(Charset.forName("UTF-8")))));
+ keystore.setCertificateEntry("GLOBALSIGN_R6", cf.generateCertificate(
+ new ByteArrayInputStream(BackportCaCerts.GLOBALSIGN_R6.getBytes(Charset.forName("UTF-8")))));
List<X509TrustManager> managers = new ArrayList<>();
managers.add(getSystemTrustManager(keystore));