Programmatically add server certificate information to Trust Manager Android
I am new to this concept SSL
and X509Certificate
. What I need is, is there a way to get the certificate information from a given certificateUrl
For example: if the user entered https://www.google.com, I need to enter the information for that certificate programmatically.
edit:
Finally, I got the certificate information from Server .
Now, my question is:
1. How to check if a certificate is trusted?
2. How do I add a certificate to the trust manager?
3. Even with an untrusted certificate, if the user wants to keep using it, then I need to add the certificate to the trust manager. How can I do this?
4. Do we really need another certificate for comparison in order to check if the certificate is trusted?
I am very new to theseX.509 Certificate.
Any help would be greatly appreciated.
edit:
This is what I have tried. However, none of them are helping me. I need to get whether the certificate is trusted.
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
LoginActivity.isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
LoginActivity.isInValid = true;
e.printStackTrace();
}
try {
cert.verify(trustedRoot.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
try {
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
}
cert.verify(trustedHost.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
} else {
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
// for (X509Certificate cert : chain) {
// URL url;
// String host = "";
// if (baseHostString.equalsIgnoreCase("")) {
// final Settings settings = mApplication
// .getSettings();
// try {
// url = new URL(
// settings.serverAddress.toString());
// host = url.getAuthority();
// } catch (MalformedURLException e) {
// e.printStackTrace();
// }
// } else {
//
// }
//
// String dn = cert.getSubjectDN().getName();
// String CN = getValByAttributeTypeFromIssuerDN(dn,
// "CN=");
// if (CN.equalsIgnoreCase(host)) {
// if (cert.getIssuerX500Principal().equals(
// trustedRoot.getIssuerX500Principal())) {
// return;
// } else {
// }
// } else {
// }
// }
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm).checkServerTrusted(
chain, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
Finally cracked!
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(
final X509Certificate[] chain, String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
isInValid = true;
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
isExpired = false;
} else {
isExpired = true;
}
String dn = cert.getSubjectDN().getName();
String CN = getValByAttributeTypeFromIssuerDN(dn,
"CN=");
String host = "";
if (TextUtils.isEmpty(query)) {
if (baseHostString.equalsIgnoreCase("")) {
final Settings settings = mApplication
.getSettings();
try {
URL url = new URL(
settings.serverAddress
.toString());
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
} else {
try {
URL url = new URL(baseHostString);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
} else {
try {
URL url = new URL(query);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced, "");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
if (CN.equalsIgnoreCase(host)) {
isHostMisMatch = false;
} else {
isHostMisMatch = true;
}
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm)
.checkServerTrusted(chain,
authType);
} catch (CertificateException e) {
if (e.getMessage() != null
&& e.getMessage()
.contains(
"Trust anchor for certification path not found.")) {
isNotTrusted = true;
mApplication
.setCurrentCertificate(chain);
}
e.printStackTrace();
}
}
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
thank you all.