Fixes to Custom CA Sample

smarek · smarek · commit ba17f5ab3480 · 2014-06-09T21:32:10.000+02:00
diff --git a/sample/src/main/AndroidManifest.xml b/sample/src/main/AndroidManifest.xml
@@ -32,6 +32,7 @@
         <activity android:name=".IntentServiceSample"/>
         <activity android:name=".SaxSample"/>
         <activity android:name=".FilesSample"/>
+        <activity android:name=".CustomCASample"/>
 
         <service android:name=".services.ExampleIntentService"/>
     </application>
diff --git a/sample/src/main/java/com/loopj/android/http/sample/CustomCASample.java b/sample/src/main/java/com/loopj/android/http/sample/CustomCASample.java
@@ -18,23 +18,23 @@
 
 package com.loopj.android.http.sample;
 
+import android.app.AlertDialog;
+import android.content.DialogInterface;
 import android.os.Bundle;
 import android.util.Log;
 import android.widget.Toast;
 
-import java.io.IOException;
-import java.io.InputStream;
-
-import org.apache.http.Header;
-import org.apache.http.HttpEntity;
-
-
 import com.loopj.android.http.AsyncHttpClient;
 import com.loopj.android.http.BinaryHttpResponseHandler;
 import com.loopj.android.http.RequestHandle;
 import com.loopj.android.http.ResponseHandlerInterface;
 import com.loopj.android.http.sample.util.SecureSocketFactory;
 
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
@@ -43,10 +43,9 @@
 import java.security.cert.CertificateException;
 
 /**
- * This sample demonstrates the implementation of self-signed CA's and connection
- * to servers with such certificates. Be sure to read 'res/raw/custom_ca.txt'
- * for how-to instructions on how to generate a BKS file necessary for this
- * sample.
+ * This sample demonstrates the implementation of self-signed CA's and connection to servers with
+ * such certificates. Be sure to read 'res/raw/custom_ca.txt' for how-to instructions on how to
+ * generate a BKS file necessary for this sample.
  *
  * @author Noor Dawod <github@fineswap.com>
  */
@@ -75,28 +74,66 @@ protected void onCreate(Bundle savedInstanceState) {
                 is = getResources().openRawResource(R.raw.store);
                 store.load(is, STORE_PASS.toCharArray());
                 getAsyncHttpClient().setSSLSocketFactory(new SecureSocketFactory(store, STORE_ALIAS));
-            } catch(IOException e) {
+            } catch (IOException e) {
                 throw new KeyStoreException(e);
-            } catch(CertificateException e) {
+            } catch (CertificateException e) {
                 throw new KeyStoreException(e);
-            } catch(NoSuchAlgorithmException e) {
+            } catch (NoSuchAlgorithmException e) {
                 throw new KeyStoreException(e);
-            } catch(KeyManagementException e) {
+            } catch (KeyManagementException e) {
                 throw new KeyStoreException(e);
-            } catch(UnrecoverableKeyException e) {
+            } catch (UnrecoverableKeyException e) {
                 throw new KeyStoreException(e);
             } finally {
                 AsyncHttpClient.silentCloseInputStream(is);
             }
-        } catch(KeyStoreException e) {
+        } catch (KeyStoreException e) {
             Log.e(LOG_TAG, "Unable to initialize key store", e);
             Toast.makeText(
-                this,
-                "Please read res/raw/custom_ca.txt\nto learn how to create your own\nkey store containing a custom CA",
-                Toast.LENGTH_LONG).show();
+                    this,
+                    "Please read res/raw/custom_ca.txt\nto learn how to create your own\nkey store containing a custom CA",
+                    Toast.LENGTH_LONG).show();
+            showCustomCAHelp();
         }
     }
 
+    /**
+     * Returns contents of `custom_ca.txt` as CharSequence
+     *
+     * @return contents of custom_ca.txt from Assets
+     */
+    private CharSequence getReadmeText() {
+        String rtn = "";
+        try {
+            InputStream stream = getResources().openRawResource(R.raw.custom_ca);
+            java.util.Scanner s = new java.util.Scanner(stream)
+                    .useDelimiter("\\A");
+            rtn = s.hasNext() ? s.next() : "";
+        } catch (Exception | Error e) {
+            Log.e(LOG_TAG, "License couldn't be retrieved", e);
+        }
+        return rtn;
+    }
+
+    /**
+     * Will display AlertDialog reading `custom_ca.txt` from Assets, to avoid strict Lint issue
+     */
+    private void showCustomCAHelp() {
+        AlertDialog.Builder builder = new AlertDialog.Builder(this);
+        builder.setTitle(R.string.title_custom_ca);
+        builder.setMessage(getReadmeText());
+        builder.setNeutralButton(android.R.string.cancel,
+                new DialogInterface.OnClickListener() {
+
+                    @Override
+                    public void onClick(DialogInterface dialog, int which) {
+                        dialog.dismiss();
+                    }
+                }
+        );
+        builder.show();
+    }
+
     @Override
     public int getSampleTitle() {
         return R.string.title_custom_ca;
diff --git a/sample/src/main/java/com/loopj/android/http/sample/util/SecureSocketFactory.java b/sample/src/main/java/com/loopj/android/http/sample/util/SecureSocketFactory.java
@@ -18,20 +18,19 @@
 
 package com.loopj.android.http.sample.util;
 
+import android.annotation.TargetApi;
 import android.util.Log;
 
 import com.loopj.android.http.AsyncHttpClient;
+
 import org.apache.http.conn.ssl.SSLSocketFactory;
 
-import java.lang.reflect.Field;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.lang.reflect.Field;
 import java.net.InetAddress;
 import java.net.Socket;
-import java.net.UnknownHostException;
-import java.security.cert.Certificate;
-import java.security.cert.X509Certificate;
 import java.security.InvalidKeyException;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
@@ -40,16 +39,17 @@
 import java.security.NoSuchProviderException;
 import java.security.SignatureException;
 import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
 /**
- * A class to authenticate a secured connection against a custom CA using a
- * BKS store.
+ * A class to authenticate a secured connection against a custom CA using a BKS store.
  *
  * @author Noor Dawod <github@fineswap.com>
  */
@@ -61,25 +61,20 @@ public class SecureSocketFactory extends SSLSocketFactory {
     private final X509Certificate[] acceptedIssuers;
 
     /**
-     * Instantiate a new secured factory pertaining to the passed store. Be sure
-     * to initialize the store with the password using
-     * {@link java.security.KeyStore#load(java.io.InputStream, char[])} method.
+     * Instantiate a new secured factory pertaining to the passed store. Be sure to initialize the
+     * store with the password using {@link java.security.KeyStore#load(java.io.InputStream,
+     * char[])} method.
      *
      * @param store The key store holding the certificate details
      * @param alias The alias of the certificate to use
-     * @throws CertificateException
-     * @throws NoSuchAlgorithmException
-     * @throws KeyManagementException
-     * @throws KeyStoreException
-     * @throws UnrecoverableKeyException
      */
     public SecureSocketFactory(KeyStore store, String alias)
-        throws
-        CertificateException,
-        NoSuchAlgorithmException,
-        KeyManagementException,
-        KeyStoreException,
-        UnrecoverableKeyException {
+            throws
+            CertificateException,
+            NoSuchAlgorithmException,
+            KeyManagementException,
+            KeyStoreException,
+            UnrecoverableKeyException {
 
         super(store);
 
@@ -88,10 +83,10 @@ public SecureSocketFactory(KeyStore store, String alias)
 
         // Turn it to X509 format.
         InputStream is = new ByteArrayInputStream(rootca.getEncoded());
-        X509Certificate x509ca = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(is);
+        X509Certificate x509ca = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(is);
         AsyncHttpClient.silentCloseInputStream(is);
 
-        if(null == x509ca) {
+        if (null == x509ca) {
             throw new CertificateException("Embedded SSL certificate has expired.");
         }
 
@@ -103,72 +98,72 @@ public SecureSocketFactory(KeyStore store, String alias)
 
         sslCtx = SSLContext.getInstance("TLS");
         sslCtx.init(
-            null,
-            new TrustManager[] {
-                new X509TrustManager() {
-                    @Override
-                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-                    }
-
-                    @Override
-                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-                        Exception error = null;
-
-                        if(null == chain || 0 == chain.length) {
-                            error = new CertificateException("Certificate chain is invalid.");
-                        } else if(null == authType || 0 == authType.length()) {
-                            error = new CertificateException("Authentication type is invalid.");
-                        } else {
-                            Log.i(LOG_TAG, "Chain includes " + chain.length + " certificates.");
-                            try {
-                                for(X509Certificate cert : chain) {
-                                    Log.i(LOG_TAG, "Server Certificate Details:");
-                                    Log.i(LOG_TAG, "---------------------------");
-                                    Log.i(LOG_TAG, "IssuerDN: " + cert.getIssuerDN().toString());
-                                    Log.i(LOG_TAG, "SubjectDN: " + cert.getSubjectDN().toString());
-                                    Log.i(LOG_TAG, "Serial Number: " + cert.getSerialNumber());
-                                    Log.i(LOG_TAG, "Version: " + cert.getVersion());
-                                    Log.i(LOG_TAG, "Not before: " + cert.getNotBefore().toString());
-                                    Log.i(LOG_TAG, "Not after: " + cert.getNotAfter().toString());
-                                    Log.i(LOG_TAG, "---------------------------");
-
-                                    // Make sure that it hasn't expired.
-                                    cert.checkValidity();
-
-                                    // Verify the certificate's public key chain.
-                                    cert.verify(rootca.getPublicKey());
+                null,
+                new TrustManager[]{
+                        new X509TrustManager() {
+                            @Override
+                            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+                            }
+
+                            @Override
+                            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+                                Exception error = null;
+
+                                if (null == chain || 0 == chain.length) {
+                                    error = new CertificateException("Certificate chain is invalid.");
+                                } else if (null == authType || 0 == authType.length()) {
+                                    error = new CertificateException("Authentication type is invalid.");
+                                } else {
+                                    Log.i(LOG_TAG, "Chain includes " + chain.length + " certificates.");
+                                    try {
+                                        for (X509Certificate cert : chain) {
+                                            Log.i(LOG_TAG, "Server Certificate Details:");
+                                            Log.i(LOG_TAG, "---------------------------");
+                                            Log.i(LOG_TAG, "IssuerDN: " + cert.getIssuerDN().toString());
+                                            Log.i(LOG_TAG, "SubjectDN: " + cert.getSubjectDN().toString());
+                                            Log.i(LOG_TAG, "Serial Number: " + cert.getSerialNumber());
+                                            Log.i(LOG_TAG, "Version: " + cert.getVersion());
+                                            Log.i(LOG_TAG, "Not before: " + cert.getNotBefore().toString());
+                                            Log.i(LOG_TAG, "Not after: " + cert.getNotAfter().toString());
+                                            Log.i(LOG_TAG, "---------------------------");
+
+                                            // Make sure that it hasn't expired.
+                                            cert.checkValidity();
+
+                                            // Verify the certificate's public key chain.
+                                            cert.verify(rootca.getPublicKey());
+                                        }
+                                    } catch (InvalidKeyException e) {
+                                        error = e;
+                                    } catch (NoSuchAlgorithmException e) {
+                                        error = e;
+                                    } catch (NoSuchProviderException e) {
+                                        error = e;
+                                    } catch (SignatureException e) {
+                                        error = e;
+                                    }
+                                }
+                                if (null != error) {
+                                    Log.e(LOG_TAG, "Certificate error", error);
+                                    throw new CertificateException(error);
                                 }
-                            } catch(InvalidKeyException e) {
-                                error = e;
-                            } catch(NoSuchAlgorithmException e) {
-                                error = e;
-                            } catch(NoSuchProviderException e) {
-                                error = e;
-                            } catch(SignatureException e) {
-                                error = e;
+                            }
+
+                            @Override
+                            public X509Certificate[] getAcceptedIssuers() {
+                                return acceptedIssuers;
                             }
                         }
-                        if(null != error) {
-                            Log.e(LOG_TAG, "Certificate error", error);
-                            throw new CertificateException(error);
-                        }
-                    }
-
-                    @Override
-                    public X509Certificate[] getAcceptedIssuers() {
-                        return acceptedIssuers;
-                    }
-                }
-            },
-            null
+                },
+                null
         );
 
         setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
     }
 
     @Override
     public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
-        throws IOException, UnknownHostException {
+            throws IOException {
 
         injectHostname(socket, host);
         return sslCtx.getSocketFactory().createSocket(socket, host, port, autoClose);
@@ -180,21 +175,21 @@ public Socket createSocket() throws IOException {
     }
 
     /**
-     * Pre-ICS Android had a bug resolving HTTPS addresses. This workaround
-     * fixes that bug.
+     * Pre-ICS Android had a bug resolving HTTPS addresses. This workaround fixes that bug.
      *
      * @param socket The socket to alter
-     * @param host Hostname to connect to
-     * @see https://code.google.com/p/android/issues/detail?id=13117#c14
+     * @param host   Hostname to connect to
+     * @see <a href="https://code.google.com/p/android/issues/detail?id=13117#c14">https://code.google.com/p/android/issues/detail?id=13117#c14</a>
      */
+    @TargetApi(4)
     private void injectHostname(Socket socket, String host) {
-        if(android.os.Build.VERSION.SDK_INT < 14) {
-            try {
+        try {
+            if (android.os.Build.VERSION.SDK_INT < 14) {
                 Field field = InetAddress.class.getDeclaredField("hostName");
                 field.setAccessible(true);
                 field.set(socket.getInetAddress(), host);
-            } catch(Exception ignored) {
             }
+        } catch (Exception ignored) {
         }
     }
 }
