Menu
I am new to this SSL and X509Certificate Concepts. What all I need is, Is there any way to get the Certificate Information from a given Url
For Example: If User has typed https://www.google.com then I need the Certificate Information for that Programmatically.
Edit:
Finally, I got the Certificate Information from Server.
Now, my questions are:
1. How can I Check Certificate is Trusted or not ?
2. How can I add the Certificate to the Trust Manager ?
3. Even, if it is Un-trusted Certificate, if the user wants to continue with that then i need to add the certificate to the Trust Manager. How can i Achieve this?
4. Is it that, inorder to check a Certificate is trusted or not, do we really need to have another certificate to compare ?
I am very much new to these X.509 Certificate.
Any help will be really Appreciated.
EDIT:
This is what i have Tried. But, none of them is Helping me. I need to get the Certificate is trusted or not.
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
LoginActivity.isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
LoginActivity.isInValid = true;
e.printStackTrace();
}
try {
cert.verify(trustedRoot.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
try {
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
}
cert.verify(trustedHost.getPublicKey());
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
} else {
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
// for (X509Certificate cert : chain) {
// URL url;
// String host = "";
// if (baseHostString.equalsIgnoreCase("")) {
// final Settings settings = mApplication
// .getSettings();
// try {
// url = new URL(
// settings.serverAddress.toString());
// host = url.getAuthority();
// } catch (MalformedURLException e) {
// e.printStackTrace();
// }
// } else {
//
// }
//
// String dn = cert.getSubjectDN().getName();
// String CN = getValByAttributeTypeFromIssuerDN(dn,
// "CN=");
// if (CN.equalsIgnoreCase(host)) {
// if (cert.getIssuerX500Principal().equals(
// trustedRoot.getIssuerX500Principal())) {
// return;
// } else {
// }
// } else {
// }
// }
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm).checkServerTrusted(
chain, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
219
Finally, cracked!
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
((X509TrustManager) tm).checkClientTrusted(
chain, authType);
}
}
}
@Override
public void checkServerTrusted(
final X509Certificate[] chain, String authType) {
for (X509Certificate cert : chain) {
final String mCertificatinoType = cert.getType();
Date afterDate = cert.getNotAfter();
Date beforeDate = cert.getNotBefore();
Date currentDate = new Date();
try {
cert.checkValidity(new Date());
} catch (CertificateExpiredException e) {
isExpired = true;
e.printStackTrace();
} catch (CertificateNotYetValidException e) {
isInValid = true;
e.printStackTrace();
}
if (afterDate.compareTo(currentDate)
* currentDate.compareTo(beforeDate) > 0) {
isExpired = false;
} else {
isExpired = true;
}
String dn = cert.getSubjectDN().getName();
String CN = getValByAttributeTypeFromIssuerDN(dn,
"CN=");
String host = "";
if (TextUtils.isEmpty(query)) {
if (baseHostString.equalsIgnoreCase("")) {
final Settings settings = mApplication
.getSettings();
try {
URL url = new URL(
settings.serverAddress
.toString());
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
} else {
try {
URL url = new URL(baseHostString);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced,
"");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
} else {
try {
URL url = new URL(query);
host = url.getAuthority();
if (host.contains(String.valueOf(url
.getPort()))) {
String toBeReplaced = ":"
+ url.getPort();
host = host.replace(toBeReplaced, "");
}
} catch (MalformedURLException e) {
e.printStackTrace();
}
}
if (CN.equalsIgnoreCase(host)) {
isHostMisMatch = false;
} else {
isHostMisMatch = true;
}
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
try {
((X509TrustManager) tm)
.checkServerTrusted(chain,
authType);
} catch (CertificateException e) {
if (e.getMessage() != null
&& e.getMessage()
.contains(
"Trust anchor for certification path not found.")) {
isNotTrusted = true;
mApplication
.setCurrentCertificate(chain);
}
e.printStackTrace();
}
}
}
if (cert.getIssuerX500Principal().equals(
trustedRoot.getIssuerX500Principal())) {
return;
}
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
ArrayList<X509Certificate> issuers = new ArrayList<>();
for (TrustManager tm : managers) {
if (tm instanceof X509TrustManager) {
issuers.addAll(Arrays
.asList(((X509TrustManager) tm)
.getAcceptedIssuers()));
}
}
return issuers.toArray(new X509Certificate[issuers
.size()]);
}
};
Thanks Everybody.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With