private void print_https_cert(HttpsURLConnection con) {
if (con != null) {
try {
System.out.println("Response Code : " + con.getResponseCode());
System.out.println("Cipher Suite : " + con.getCipherSuite());
System.out.println("\n");
Certificate[] certs = con.getServerCertificates();
for (Certificate cert : certs) {
System.out.println("Cert Type : " + cert.getType());
System.out.println("Cert Hash Code : " + cert.hashCode());
System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm());
System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat());
System.out.println("\n");
}
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
/** Bypass host name verification */
public boolean verify(String hostname, SSLSession session) {
System.out.println("Bypassing verification of hostname: " + hostname);
try {
System.out.println("Peer principal: " + session.getPeerPrincipal().toString());
} catch (SSLPeerUnverifiedException e) {
System.err.println("Unable to get peer principal");
e.printStackTrace();
}
return true;
}
private Subject createSubject() throws IOException {
try {
Certificate[] chain = engine.getSession().getPeerCertificates();
CertPath certPath = cf.generateCertPath(asList(chain));
return new Subject(false, Collections.<Principal>emptySet(), singleton(certPath), emptySet());
} catch (SSLPeerUnverifiedException e) {
throw new IOException("Failed to establish identity of SSL peer: " + e.getMessage(), e);
} catch (CertificateException e) {
throw new IOException("Certificate failure: " + e.getMessage(), e);
}
}
public boolean verify(String hostName, SSLSession session) {
System.out.println("Server: " + hostName + ":" + session.getPeerPort());
try {
X509Certificate[] chain = session.getPeerCertificateChain();
for (X509Certificate cert : chain) {
System.out.println("DN: " + cert.getSubjectDN());
}
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
}
System.out.println("-----");
return true;
}
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
Log.d(TAG, "peerName: " + peerName);
} catch (SSLPeerUnverifiedException e) {
e.printStackTrace();
}
Log.d(TAG, "session: " + session);
Log.d(TAG, "protocol: " + protocol);
Log.d(TAG, "cipherSuite: " + cipherSuite);
}
/**
* Verifies the identity of the server.
*
* <p>The server certificate is verified first.
*
* <p>Then, the host name is compared with the content of the server certificate using the current
* host name verifier, if any.
*
* @param socket
*/
private void verifyPeerIdentity(String host, int port, Socket socket) throws IOException {
try {
CertificateCombinedException failInHandshake = null;
/// 1. VERIFY THE SERVER CERTIFICATE through the registered TrustManager (that should be an
// instance of AdvancedX509TrustManager)
try {
SSLSocket sock =
(SSLSocket) socket; // a new SSLSession instance is created as a "side effect"
sock.startHandshake();
} catch (RuntimeException e) {
if (e instanceof CertificateCombinedException) {
failInHandshake = (CertificateCombinedException) e;
} else {
Throwable cause = e.getCause();
Throwable previousCause = null;
while (cause != null
&& cause != previousCause
&& !(cause instanceof CertificateCombinedException)) {
previousCause = cause;
cause = cause.getCause();
}
if (cause != null && cause instanceof CertificateCombinedException) {
failInHandshake = (CertificateCombinedException) cause;
}
}
if (failInHandshake == null) {
throw e;
}
failInHandshake.setHostInUrl(host);
}
/// 2. VERIFY HOSTNAME
SSLSession newSession = null;
boolean verifiedHostname = true;
if (mHostnameVerifier != null) {
if (failInHandshake != null) {
/// 2.1 : a new SSLSession instance was NOT created in the handshake
X509Certificate serverCert = failInHandshake.getServerCertificate();
try {
mHostnameVerifier.verify(host, serverCert);
} catch (SSLException e) {
verifiedHostname = false;
}
} else {
/// 2.2 : a new SSLSession instance was created in the handshake
newSession = ((SSLSocket) socket).getSession();
if (!mTrustManager.isKnownServer(
(X509Certificate) (newSession.getPeerCertificates()[0]))) {
verifiedHostname = mHostnameVerifier.verify(host, newSession);
}
}
}
/// 3. Combine the exceptions to throw, if any
if (!verifiedHostname) {
SSLPeerUnverifiedException pue =
new SSLPeerUnverifiedException(
"Names in the server certificate do not match to " + host + " in the URL");
if (failInHandshake == null) {
failInHandshake =
new CertificateCombinedException(
(X509Certificate) newSession.getPeerCertificates()[0]);
failInHandshake.setHostInUrl(host);
}
failInHandshake.setSslPeerUnverifiedException(pue);
pue.initCause(failInHandshake);
throw pue;
} else if (failInHandshake != null) {
SSLHandshakeException hse =
new SSLHandshakeException("Server certificate could not be verified");
hse.initCause(failInHandshake);
throw hse;
}
} catch (IOException io) {
try {
socket.close();
} catch (Exception x) {
// NOTHING - irrelevant exception for the caller
}
throw io;
}
}
