roychoo
diff --git a/‎sample/src/main/java/com/loopj/android/http/sample/CustomCASample.java
Lines changed: 156 additions & 0 deletions b/‎sample/src/main/java/com/loopj/android/http/sample/CustomCASample.java
Lines changed: 156 additions & 0 deletions
diff --git a/‎sample/src/main/java/com/loopj/android/http/sample/WaypointsActivity.java
Lines changed: 2 additions & 1 deletion b/‎sample/src/main/java/com/loopj/android/http/sample/WaypointsActivity.java
Lines changed: 2 additions & 1 deletion
diff --git a/‎sample/src/main/java/com/loopj/android/http/sample/util/SecureSocketFactory.java
Lines changed: 200 additions & 0 deletions b/‎sample/src/main/java/com/loopj/android/http/sample/util/SecureSocketFactory.java
Lines changed: 200 additions & 0 deletions
@@ -0,0 +1,156 @@
+/*
+    Android Asynchronous Http Client Sample
+    Copyright (c) 2014 Marek Sebera <[email protected]>
+    http://loopj.com
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+*/
+
+package com.loopj.android.http.sample;
+
+import android.os.Bundle;
+import android.util.Log;
+import android.widget.Toast;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.http.Header;
+import org.apache.http.HttpEntity;
+
+
+import com.loopj.android.http.AsyncHttpClient;
+import com.loopj.android.http.BinaryHttpResponseHandler;
+import com.loopj.android.http.RequestHandle;
+import com.loopj.android.http.ResponseHandlerInterface;
+import com.loopj.android.http.sample.util.SecureSocketFactory;
+
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+/**
+ * This sample demonstrates the implementation of self-signed CA's and connection
+ * to servers with such certificates. Be sure to read 'res/raw/custom_ca.txt'
+ * for how-to instructions on how to generate a BKS file necessary for this
+ * sample.
+ *
+ * @author Noor Dawod <[email protected]>
+ */
+public class CustomCASample extends SampleParentActivity {
+
+    private static final String LOG_TAG = "CustomCASample";
+
+    private static final String SERVER_TEST_URL = "https://httpbin.org/get";
+    private static final String STORE_ALIAS = "TheAlias";
+    private static final String STORE_PASS = "ThePass";
+
+    // Instruct the library to retry connection when this exception is raised.
+    static {
+        AsyncHttpClient.allowRetryExceptionClass(javax.net.ssl.SSLException.class);
+    }
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        try {
+            InputStream is = null;
+            try {
+                // Configure the library to use a custom 'bks' file to perform
+                // SSL negotiation.
+                KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
+                is = getResources().openRawResource(R.raw.store);
+                store.load(is, STORE_PASS.toCharArray());
+                getAsyncHttpClient().setSSLSocketFactory(new SecureSocketFactory(store, STORE_ALIAS));
+            } catch(IOException e) {
+                throw new KeyStoreException(e);
+            } catch(CertificateException e) {
+                throw new KeyStoreException(e);
+            } catch(NoSuchAlgorithmException e) {
+                throw new KeyStoreException(e);
+            } catch(KeyManagementException e) {
+                throw new KeyStoreException(e);
+            } catch(UnrecoverableKeyException e) {
+                throw new KeyStoreException(e);
+            } finally {
+                AsyncHttpClient.silentCloseInputStream(is);
+            }
+        } catch(KeyStoreException e) {
+            Log.e(LOG_TAG, "Unable to initialize key store", e);
+            Toast.makeText(
+                this,
+                "Please read res/raw/custom_ca.txt\nto learn how to create your own\nkey store containing a custom CA",
+                Toast.LENGTH_LONG).show();
+        }
+    }
+
+    @Override
+    public int getSampleTitle() {
+        return R.string.title_custom_ca;
+    }
+
+    @Override
+    public boolean isRequestBodyAllowed() {
+        return true;
+    }
+
+    @Override
+    public boolean isRequestHeadersAllowed() {
+        return false;
+    }
+
+    @Override
+    public String getDefaultURL() {
+        return SERVER_TEST_URL;
+    }
+
+    @Override
+    public ResponseHandlerInterface getResponseHandler() {
+        return new BinaryHttpResponseHandler() {
+            @Override
+            public void onStart() {
+                clearOutputs();
+            }
+
+            @Override
+            public String[] getAllowedContentTypes() {
+                // Allowing all data for debug purposes
+                return new String[]{".*"};
+            }
+
+            public void onSuccess(int statusCode, Header[] headers, byte[] binaryData) {
+                debugStatusCode(LOG_TAG, statusCode);
+                debugHeaders(LOG_TAG, headers);
+                debugResponse(LOG_TAG, "Received response is " + binaryData.length + " bytes");
+            }
+
+            @Override
+            public void onFailure(int statusCode, Header[] headers, byte[] errorResponse, Throwable e) {
+                debugHeaders(LOG_TAG, headers);
+                debugStatusCode(LOG_TAG, statusCode);
+                debugThrowable(LOG_TAG, e);
+                if (errorResponse != null) {
+                    debugResponse(LOG_TAG, "Received response is " + errorResponse.length + " bytes");
+                }
+            }
+        };
+    }
+
+    @Override
+    public RequestHandle executeSample(AsyncHttpClient client, String URL, Header[] headers, HttpEntity entity, ResponseHandlerInterface responseHandler) {
+        return client.get(this, URL, headers, null, responseHandler);
+    }
+}
@@ -47,7 +47,8 @@ public class WaypointsActivity extends ListActivity {
         new SampleConfig(R.string.title_synchronous, SynchronousClientSample.class),
         new SampleConfig(R.string.title_intent_service_sample, IntentServiceSample.class),
         new SampleConfig(R.string.title_post_files, FilesSample.class),
-        new SampleConfig(R.string.title_persistent_cookies, PersistentCookiesSample.class)
+        new SampleConfig(R.string.title_persistent_cookies, PersistentCookiesSample.class),
+        new SampleConfig(R.string.title_custom_ca, CustomCASample.class)
     };
 
     @Override
 
@@ -0,0 +1,200 @@
+/*
+    Android Asynchronous Http Client Sample
+    Copyright (c) 2014 Marek Sebera <[email protected]>
+    http://loopj.com
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+*/
+
+package com.loopj.android.http.sample.util;
+
+import android.util.Log;
+
+import com.loopj.android.http.AsyncHttpClient;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+
+import java.lang.reflect.Field;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.InvalidKeyException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SignatureException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * A class to authenticate a secured connection against a custom CA using a
+ * BKS store.
+ *
+ * @author Noor Dawod <[email protected]>
+ */
+public class SecureSocketFactory extends SSLSocketFactory {
+
+    private static final String LOG_TAG = "SecureSocketFactory";
+
+    private final SSLContext sslCtx;
+    private final X509Certificate[] acceptedIssuers;
+
+    /**
+     * Instantiate a new secured factory pertaining to the passed store. Be sure
+     * to initialize the store with the password using
+     * {@link java.security.KeyStore#load(java.io.InputStream, char[])} method.
+     *
+     * @param store The key store holding the certificate details
+     * @param alias The alias of the certificate to use
+     * @throws CertificateException
+     * @throws NoSuchAlgorithmException
+     * @throws KeyManagementException
+     * @throws KeyStoreException
+     * @throws UnrecoverableKeyException
+     */
+    public SecureSocketFactory(KeyStore store, String alias)
+        throws
+        CertificateException,
+        NoSuchAlgorithmException,
+        KeyManagementException,
+        KeyStoreException,
+        UnrecoverableKeyException {
+
+        super(store);
+
+        // Loading the CA certificate from store.
+        final Certificate rootca = store.getCertificate(alias);
+
+        // Turn it to X509 format.
+        InputStream is = new ByteArrayInputStream(rootca.getEncoded());
+        X509Certificate x509ca = (X509Certificate)CertificateFactory.getInstance("X.509").generateCertificate(is);
+        AsyncHttpClient.silentCloseInputStream(is);
+
+        if(null == x509ca) {
+            throw new CertificateException("Embedded SSL certificate has expired.");
+        }
+
+        // Check the CA's validity.
+        x509ca.checkValidity();
+
+        // Accepted CA is only the one installed in the store.
+        acceptedIssuers = new X509Certificate[]{x509ca};
+
+        sslCtx = SSLContext.getInstance("TLS");
+        sslCtx.init(
+            null,
+            new TrustManager[] {
+                new X509TrustManager() {
+                    @Override
+                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+                    }
+
+                    @Override
+                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+                        Exception error = null;
+
+                        if(null == chain || 0 == chain.length) {
+                            error = new CertificateException("Certificate chain is invalid.");
+                        } else if(null == authType || 0 == authType.length()) {
+                            error = new CertificateException("Authentication type is invalid.");
+                        } else {
+                            Log.i(LOG_TAG, "Chain includes " + chain.length + " certificates.");
+                            try {
+                                for(X509Certificate cert : chain) {
+                                    Log.i(LOG_TAG, "Server Certificate Details:");
+                                    Log.i(LOG_TAG, "---------------------------");
+                                    Log.i(LOG_TAG, "IssuerDN: " + cert.getIssuerDN().toString());
+                                    Log.i(LOG_TAG, "SubjectDN: " + cert.getSubjectDN().toString());
+                                    Log.i(LOG_TAG, "Serial Number: " + cert.getSerialNumber());
+                                    Log.i(LOG_TAG, "Version: " + cert.getVersion());
+                                    Log.i(LOG_TAG, "Not before: " + cert.getNotBefore().toString());
+                                    Log.i(LOG_TAG, "Not after: " + cert.getNotAfter().toString());
+                                    Log.i(LOG_TAG, "---------------------------");
+
+                                    // Make sure that it hasn't expired.
+                                    cert.checkValidity();
+
+                                    // Verify the certificate's public key chain.
+                                    cert.verify(rootca.getPublicKey());
+                                }
+                            } catch(InvalidKeyException e) {
+                                error = e;
+                            } catch(NoSuchAlgorithmException e) {
+                                error = e;
+                            } catch(NoSuchProviderException e) {
+                                error = e;
+                            } catch(SignatureException e) {
+                                error = e;
+                            }
+                        }
+                        if(null != error) {
+                            Log.e(LOG_TAG, "Certificate error", error);
+                            throw new CertificateException(error);
+                        }
+                    }
+
+                    @Override
+                    public X509Certificate[] getAcceptedIssuers() {
+                        return acceptedIssuers;
+                    }
+                }
+            },
+            null
+        );
+
+        setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+    }
+
+    @Override
+    public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
+        throws IOException, UnknownHostException {
+
+        injectHostname(socket, host);
+        return sslCtx.getSocketFactory().createSocket(socket, host, port, autoClose);
+    }
+
+    @Override
+    public Socket createSocket() throws IOException {
+        return sslCtx.getSocketFactory().createSocket();
+    }
+
+    /**
+     * Pre-ICS Android had a bug resolving HTTPS addresses. This workaround
+     * fixes that bug.
+     *
+     * @param socket The socket to alter
+     * @param host Hostname to connect to
+     * @see https://code.google.com/p/android/issues/detail?id=13117#c14
+     */
+    private void injectHostname(Socket socket, String host) {
+        if(android.os.Build.VERSION.SDK_INT < 14) {
+            try {
+                Field field = InetAddress.class.getDeclaredField("hostName");
+                field.setAccessible(true);
+                field.set(socket.getInetAddress(), host);
+            } catch(Exception ignored) {
+            }
+        }
+    }
+}