integrate trust manager into conversations

This commit is contained in:
Daniel Gultsch 2018-02-16 18:58:57 +01:00
parent bd90f2140d
commit de0272fd1a
46 changed files with 40 additions and 1054 deletions

View file

@ -33,7 +33,6 @@ ext {
}
dependencies {
implementation project(':libs:MemorizingTrustManager')
implementation project(':libs:EnhancedListView')
playstoreImplementation 'com.google.android.gms:play-services-gcm:11.8.0'
implementation 'org.sufficientlysecure:openpgp-api:10.0'

View file

@ -1,11 +0,0 @@
bin
build
gen
local.properties
example/bin
example/gen
tags
.project
.classpath
.gradle
.*.swp

View file

@ -1,11 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="de.duenndns.ssl"
android:versionCode="1"
android:versionName="1.0">
<application android:label="MemorizingTrustManager">
<activity android:name="de.duenndns.ssl.MemorizingActivity"
android:theme="@android:style/Theme.Translucent.NoTitleBar" />
</application>
</manifest>

View file

@ -1,21 +0,0 @@
The MIT license.
Copyright (c) 2010 Georg Lukas <georg@op-co.de>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

View file

@ -1,125 +0,0 @@
# MemorizingTrustManager - Private Cloud Support for Your App
MemorizingTrustManager (MTM) is a project to enable smarter and more secure use
of SSL on Android. If it encounters an unknown SSL certificate, it asks the
user whether to accept the certificate once, permanently or to abort the
connection. This is a step in preventing man-in-the-middle attacks by blindly
accepting any invalid, self-signed and/or expired certificates.
MTM is aimed at providing seamless integration into your Android application,
and the source code is available under the MIT license.
## Screenshots
![MemorizingTrustManager dialog](mtm-screenshot.png)
![MemorizingTrustManager notification](mtm-notification.png)
![MemorizingTrustManager server name dialog](mtm-servername.png)
## Status
MemorizingTrustManager is in production use in the
[yaxim XMPP client](https://yaxim.org/). It is usable and easy to integrate,
though it does not yet support hostname validation (the Java API makes it
**hard** to integrate).
## Integration
MTM is easy to integrate into your own application. Follow these steps or have
a look into the demo application in the `example` directory.
### 1. Add MTM to your project
Download the MTM source from GitHub, or add it as a
[git submodule](http://git-scm.com/docs/git-submodule):
# plain download:
git clone https://github.com/ge0rg/MemorizingTrustManager
# submodule:
git submodule add https://github.com/ge0rg/MemorizingTrustManager
Then add a library project dependency to `default.properties`:
android.library.reference.1=MemorizingTrustManager
### 2. Add the MTM (popup) Activity to your manifest
Edit your `AndroidManifest.xml` and add the MTM activity element right before the
end of your closing `</application>` tag.
...
<activity android:name="de.duenndns.ssl.MemorizingActivity"
android:theme="@android:style/Theme.Translucent.NoTitleBar"
/>
</application>
</manifest>
### 3. Hook MTM as the default TrustManager for your connection type
Hooking MemorizingTrustmanager in HTTPS connections:
// register MemorizingTrustManager for HTTPS
SSLContext sc = SSLContext.getInstance("TLS");
MemorizingTrustManager mtm = new MemorizingTrustManager(this);
sc.init(null, new X509TrustManager[] { mtm }, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(
mtm.wrapHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier()));
Or, for aSmack you can use `setCustomSSLContext()`:
org.jivesoftware.smack.ConnectionConfiguration connectionConfiguration = …
SSLContext sc = SSLContext.getInstance("TLS");
MemorizingTrustManager mtm = new MemorizingTrustManager(this);
sc.init(null, new X509TrustManager[] { mtm }, new java.security.SecureRandom());
connectionConfiguration.setCustomSSLContext(sc);
connectionConfiguration.setHostnameVerifier(
mtm.wrapHostnameVerifier(new org.apache.http.conn.ssl.StrictHostnameVerifier()));
By default, MTM falls back to the system `TrustManager` before asking the user.
If you do not trust the establishment, you can enforce a dialog on *every new
connection* by supplying a `defaultTrustManager = null` parameter to the
constructor:
MemorizingTrustManager mtm = new MemorizingTrustManager(this, null);
If you want to use a different underlying `TrustManager`, like
[AndroidPinning](https://github.com/moxie0/AndroidPinning), just supply that to
MTM's constructor:
X509TrustManager pinning = new PinningTrustManager(SystemKeyStore.getInstance(),
new String[] {"f30012bbc18c231ac1a44b788e410ce754182513"}, 0);
MemorizingTrustManager mtm = new MemorizingTrustManager(this, pinning);
### 4. Profit!
### Logging
MTM uses java.util.logging (JUL) for logging purposes. If you have not
configured a Handler for JUL, then Android will by default log all
messages of Level.INFO or higher. In order to get also the debug log
messages (those with Level.FINE or lower) you need to configure a
Handler accordingly. The MTM example project contains
de.duenndns.mtmexample.JULHandler, which allows to enable and disable
debug logging at runtime.
## Alternatives
MemorizingTrustManager is not the only one out there.
[**NetCipher**](https://guardianproject.info/code/netcipher/) is an Android
library made by the [Guardian Project](https://guardianproject.info/) to
improve network security for mobile apps. It comes with a StrongTrustManager
to do more thorough certificate checks, an independent Root CA store, and code
to easily route your traffic through
[the Tor network](https://www.torproject.org/) using [Orbot](https://guardianproject.info/apps/orbot/).
[**AndroidPinning**](https://github.com/moxie0/AndroidPinning) is another Android
library, written by [Moxie Marlinspike](http://www.thoughtcrime.org/) to allow
pinning of server certificates, improving security against government-scale
MitM attacks. Use this if your app is made to communicate with a specific
server!
## Contribute
Please [help translating MTM into more languages](https://translations.launchpad.net/yaxim/master/+pots/mtm/)!

View file

@ -1,17 +0,0 @@
# This file is used to override default values used by the Ant build system.
#
# This file must be checked in Version Control Systems, as it is
# integral to the build system of your project.
# This file is only used by the Ant script.
# You can use this to override default values such as
# 'source.dir' for the location of your java source folder and
# 'out.dir' for the location of your output folder.
# You can also use it define how the release builds are signed by declaring
# the following properties:
# 'key.store' for the location of your keystore and
# 'key.alias' for the name of the key to use.
# The password will be asked during the build when you use the 'release' target.

View file

@ -1,33 +0,0 @@
buildscript {
repositories {
google()
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:3.0.1'
}
}
apply plugin: 'com.android.library'
android {
compileSdkVersion 27
buildToolsVersion "27.0.3"
defaultConfig {
minSdkVersion 14
targetSdkVersion 25
}
sourceSets {
main {
manifest.srcFile 'AndroidManifest.xml'
java.srcDirs = ['src']
resources.srcDirs = ['src']
aidl.srcDirs = ['src']
renderscript.srcDirs = ['src']
res.srcDirs = ['res']
assets.srcDirs = ['assets']
}
}
}

View file

@ -1,92 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project name="MemorizingTrustManager" default="help">
<!-- The local.properties file is created and updated by the 'android' tool.
It contains the path to the SDK. It should *NOT* be checked into
Version Control Systems. -->
<property file="local.properties" />
<!-- The ant.properties file can be created by you. It is only edited by the
'android' tool to add properties to it.
This is the place to change some Ant specific build properties.
Here are some properties you may want to change/update:
source.dir
The name of the source directory. Default is 'src'.
out.dir
The name of the output directory. Default is 'bin'.
For other overridable properties, look at the beginning of the rules
files in the SDK, at tools/ant/build.xml
Properties related to the SDK location or the project target should
be updated using the 'android' tool with the 'update' action.
This file is an integral part of the build system for your
application and should be checked into Version Control Systems.
-->
<property file="ant.properties" />
<!-- if sdk.dir was not set from one of the property file, then
get it from the ANDROID_HOME env var.
This must be done before we load project.properties since
the proguard config can use sdk.dir -->
<property environment="env" />
<condition property="sdk.dir" value="${env.ANDROID_HOME}">
<isset property="env.ANDROID_HOME" />
</condition>
<!-- The project.properties file is created and updated by the 'android'
tool, as well as ADT.
This contains project specific properties such as project target, and library
dependencies. Lower level build properties are stored in ant.properties
(or in .classpath for Eclipse projects).
This file is an integral part of the build system for your
application and should be checked into Version Control Systems. -->
<loadproperties srcFile="project.properties" />
<!-- quick check on sdk.dir -->
<fail
message="sdk.dir is missing. Make sure to generate local.properties using 'android update project' or to inject it through the ANDROID_HOME environment variable."
unless="sdk.dir"
/>
<!--
Import per project custom build rules if present at the root of the project.
This is the place to put custom intermediary targets such as:
-pre-build
-pre-compile
-post-compile (This is typically used for code obfuscation.
Compiled code location: ${out.classes.absolute.dir}
If this is not done in place, override ${out.dex.input.absolute.dir})
-post-package
-post-build
-pre-clean
-->
<import file="custom_rules.xml" optional="true" />
<!-- Import the actual build file.
To customize existing targets, there are two options:
- Customize only one target:
- copy/paste the target into this file, *before* the
<import> task.
- customize it to your needs.
- Customize the whole content of build.xml
- copy/paste the content of the rules files (minus the top node)
into this file, replacing the <import> task.
- customize to your needs.
***********************
****** IMPORTANT ******
***********************
In all cases you must update the value of version-tag below to read 'custom' instead of an integer,
in order to avoid having your file be overridden by tools such as "android update project"
-->
<!-- version-tag: 1 -->
<import file="${sdk.dir}/tools/ant/build.xml" />
</project>

View file

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="de.duenndns.mtmexample"
android:versionCode="1"
android:versionName="1.0">
<uses-sdk
android:minSdkVersion="3"
android:targetSdkVersion="19" />
<uses-permission android:name="android.permission.INTERNET" />
<application android:label="@string/app_name" android:icon="@android:drawable/ic_lock_lock">
<activity
android:name=".MTMExample"
android:configChanges="keyboardHidden|orientation|screenSize|screenLayout"
android:label="@string/app_name" >
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<!-- ADD THE FOLLOWING TO YOUR MANIFEST: -->
<activity android:name="de.duenndns.ssl.MemorizingActivity"
android:theme="@android:style/Theme.Translucent.NoTitleBar" />
</application>
</manifest>

View file

@ -1,18 +0,0 @@
# This file is used to override default values used by the Ant build system.
#
# This file must be checked in Version Control Systems, as it is
# integral to the build system of your project.
# This file is only used by the Ant script.
# You can use this to override default values such as
# 'source.dir' for the location of your java source folder and
# 'out.dir' for the location of your output folder.
# You can also use it define how the release builds are signed by declaring
# the following properties:
# 'key.store' for the location of your keystore and
# 'key.alias' for the name of the key to use.
# The password will be asked during the build when you use the 'release' target.
application.package=de.duenndns.mtmexample

View file

@ -1,23 +0,0 @@
apply plugin: 'android'
dependencies {
compile rootProject
}
android {
compileSdkVersion 19
buildToolsVersion "19.1"
defaultConfig {
minSdkVersion 7
targetSdkVersion 19
}
sourceSets {
main {
manifest.srcFile 'AndroidManifest.xml'
java.srcDirs = ['src']
res.srcDirs = ['res']
}
}
}

View file

@ -1,92 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<project name="MTMExample" default="help">
<!-- The local.properties file is created and updated by the 'android' tool.
It contains the path to the SDK. It should *NOT* be checked into
Version Control Systems. -->
<property file="local.properties" />
<!-- The ant.properties file can be created by you. It is only edited by the
'android' tool to add properties to it.
This is the place to change some Ant specific build properties.
Here are some properties you may want to change/update:
source.dir
The name of the source directory. Default is 'src'.
out.dir
The name of the output directory. Default is 'bin'.
For other overridable properties, look at the beginning of the rules
files in the SDK, at tools/ant/build.xml
Properties related to the SDK location or the project target should
be updated using the 'android' tool with the 'update' action.
This file is an integral part of the build system for your
application and should be checked into Version Control Systems.
-->
<property file="ant.properties" />
<!-- if sdk.dir was not set from one of the property file, then
get it from the ANDROID_HOME env var.
This must be done before we load project.properties since
the proguard config can use sdk.dir -->
<property environment="env" />
<condition property="sdk.dir" value="${env.ANDROID_HOME}">
<isset property="env.ANDROID_HOME" />
</condition>
<!-- The project.properties file is created and updated by the 'android'
tool, as well as ADT.
This contains project specific properties such as project target, and library
dependencies. Lower level build properties are stored in ant.properties
(or in .classpath for Eclipse projects).
This file is an integral part of the build system for your
application and should be checked into Version Control Systems. -->
<loadproperties srcFile="project.properties" />
<!-- quick check on sdk.dir -->
<fail
message="sdk.dir is missing. Make sure to generate local.properties using 'android update project' or to inject it through the ANDROID_HOME environment variable."
unless="sdk.dir"
/>
<!--
Import per project custom build rules if present at the root of the project.
This is the place to put custom intermediary targets such as:
-pre-build
-pre-compile
-post-compile (This is typically used for code obfuscation.
Compiled code location: ${out.classes.absolute.dir}
If this is not done in place, override ${out.dex.input.absolute.dir})
-post-package
-post-build
-pre-clean
-->
<import file="custom_rules.xml" optional="true" />
<!-- Import the actual build file.
To customize existing targets, there are two options:
- Customize only one target:
- copy/paste the target into this file, *before* the
<import> task.
- customize it to your needs.
- Customize the whole content of build.xml
- copy/paste the content of the rules files (minus the top node)
into this file, replacing the <import> task.
- customize to your needs.
***********************
****** IMPORTANT ******
***********************
In all cases you must update the value of version-tag below to read 'custom' instead of an integer,
in order to avoid having your file be overridden by tools such as "android update project"
-->
<!-- version-tag: 1 -->
<import file="${sdk.dir}/tools/ant/build.xml" />
</project>

View file

@ -1,20 +0,0 @@
# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}

View file

@ -1,12 +0,0 @@
# This file is automatically generated by Android Tools.
# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
#
# This file must be checked in Version Control Systems.
#
# To customize properties used by the Ant build system use,
# "ant.properties", and override values to adapt the script to your
# project structure.
android.library.reference.1=../
# Project target.
target=android-19

View file

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical"
android:layout_width="fill_parent"
android:layout_height="fill_parent" >
<EditText
android:id="@+id/url"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
android:hint="HTTPS address"
android:text="https://op-co.de/mtm/"
android:singleLine="true"
/>
<Button
android:id="@+id/connect"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
android:text="Connect"
/>
<TextView
android:id="@+id/content"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
android:layout_weight="1"
android:text="Please enter a HTTPS URL and press 'Connect'!"
android:textSize="11pt"
/>
<Button
android:id="@+id/manage"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
android:text="Clean up Certificates"
android:onClick="onManage"
/>
</LinearLayout>

View file

@ -1,4 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="app_name">MemorizingTrustManager Example</string>
</resources>

View file

@ -1,169 +0,0 @@
package de.duenndns.mtmexample;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringBufferInputStream;
import java.io.StringWriter;
import java.util.logging.Formatter;
import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import android.util.Log;
/**
* A <code>java.util.logging</code> (JUL) Handler for Android.
* <p>
* If you want fine-grained control over MTM's logging, you can copy this
* class to your code base and call the static {@link #initialize()} method.
* </p>
* <p>
* This JUL Handler passes log messages sent to JUL to the Android log, while
* keeping the format and stack traces of optionally supplied Exceptions. It
* further allows to install a {@link DebugLogSettings} class via
* {@link #setDebugLogSettings(DebugLogSettings)} that determines whether JUL log messages of
* level {@link java.util.logging.Level#FINE} or lower are logged. This gives
* the application developer more control over the logged messages, while
* allowing a library developer to place debug log messages without risking to
* spam the Android log.
* </p>
* <p>
* If there are no {@code DebugLogSettings} configured, then all messages sent
* to JUL will be logged.
* </p>
*
* @author Florian Schmaus
*
*/
@SuppressWarnings("deprecation")
public class JULHandler extends Handler {
/** Implement this interface to toggle debug logging.
*/
public interface DebugLogSettings {
public boolean isDebugLogEnabled();
}
private static final String CLASS_NAME = JULHandler.class.getName();
/**
* The global LogManager configuration.
* <p>
* This configures:
* <ul>
* <li> JULHandler as the default handler for all log messages
* <li> A default log level FINEST (300). Meaning that log messages of a level 300 or higher a
* logged
* </ul>
* </p>
*/
private static final InputStream LOG_MANAGER_CONFIG = new StringBufferInputStream(
// @formatter:off
"handlers = " + CLASS_NAME + '\n' +
".level = FINEST"
);
// @formatter:on
// Constants for Android vs. JUL debug level comparisons
private static final int FINE_INT = Level.FINE.intValue();
private static final int INFO_INT = Level.INFO.intValue();
private static final int WARN_INT = Level.WARNING.intValue();
private static final int SEVE_INT = Level.SEVERE.intValue();
private static final Logger LOGGER = Logger.getLogger(CLASS_NAME);
/** A formatter that creates output similar to Android's Log.x. */
private static final Formatter FORMATTER = new Formatter() {
@Override
public String format(LogRecord logRecord) {
Throwable thrown = logRecord.getThrown();
if (thrown != null) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw, false);
pw.write(logRecord.getMessage() + ' ');
thrown.printStackTrace(pw);
pw.flush();
return sw.toString();
} else {
return logRecord.getMessage();
}
}
};
private static DebugLogSettings sDebugLogSettings;
private static boolean initialized = false;
public static void initialize() {
try {
LogManager.getLogManager().readConfiguration(LOG_MANAGER_CONFIG);
initialized = true;
} catch (IOException e) {
Log.e("JULHandler", "Can not initialize configuration", e);
}
if (initialized) LOGGER.info("Initialzied java.util.logging logger");
}
public static void setDebugLogSettings(DebugLogSettings debugLogSettings) {
if (!isInitialized()) initialize();
sDebugLogSettings = debugLogSettings;
}
public static boolean isInitialized() {
return initialized;
}
public JULHandler() {
setFormatter(FORMATTER);
}
@Override
public void close() {}
@Override
public void flush() {}
@Override
public boolean isLoggable(LogRecord record) {
final boolean debugLog = sDebugLogSettings == null ? true : sDebugLogSettings
.isDebugLogEnabled();
if (record.getLevel().intValue() <= FINE_INT) {
return debugLog;
}
return true;
}
/** JUL method that forwards log records to Android's LogCat. */
@Override
public void publish(LogRecord record) {
if (!isLoggable(record)) return;
final int priority = getAndroidPriority(record.getLevel());
final String tag = substringAfterLastDot(record.getSourceClassName());
final String msg = getFormatter().format(record);
Log.println(priority, tag, msg);
}
/** Helper to convert JUL verbosity levels to Android's Log. */
private static int getAndroidPriority(Level level) {
int value = level.intValue();
if (value >= SEVE_INT) {
return Log.ERROR;
} else if (value >= WARN_INT) {
return Log.WARN;
} else if (value >= INFO_INT) {
return Log.INFO;
} else {
return Log.DEBUG;
}
}
/** Helper to extract short class names. */
private static String substringAfterLastDot(String s) {
return s.substring(s.lastIndexOf('.') + 1).trim();
}
}

View file

@ -1,143 +0,0 @@
package de.duenndns.mtmexample;
import android.app.Activity;
import android.app.AlertDialog;
import android.content.DialogInterface;
import android.os.Bundle;
import android.os.Handler;
import android.view.View;
import android.view.View.OnClickListener;
import android.view.Window;
import android.widget.ArrayAdapter;
import android.widget.EditText;
import android.widget.TextView;
import java.net.URL;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.Collections;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.X509TrustManager;
import de.duenndns.ssl.MemorizingTrustManager;
/**
* Example to demonstrate the use of MemorizingTrustManager on HTTPS
* sockets.
*/
public class MTMExample extends Activity implements OnClickListener
{
MemorizingTrustManager mtm;
TextView content;
HostnameVerifier defaultverifier;
EditText urlinput;
String text;
Handler hdlr;
/** Creates the Activity and registers a MemorizingTrustManager. */
@Override
public void onCreate(Bundle savedInstanceState)
{
super.onCreate(savedInstanceState);
JULHandler.initialize();
requestWindowFeature(Window.FEATURE_INDETERMINATE_PROGRESS);
setContentView(R.layout.mtmexample);
// set up gui elements
findViewById(R.id.connect).setOnClickListener(this);
content = (TextView)findViewById(R.id.content);
urlinput = (EditText)findViewById(R.id.url);
// register handler for background thread
hdlr = new Handler();
// Here, the MemorizingTrustManager is activated for HTTPS
try {
// set location of the keystore
MemorizingTrustManager.setKeyStoreFile("private", "sslkeys.bks");
// register MemorizingTrustManager for HTTPS
SSLContext sc = SSLContext.getInstance("TLS");
mtm = new MemorizingTrustManager(this);
sc.init(null, new X509TrustManager[] { mtm },
new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(
mtm.wrapHostnameVerifier(HttpsURLConnection.getDefaultHostnameVerifier()));
// disable redirects to reduce possible confusion
HttpsURLConnection.setFollowRedirects(false);
} catch (Exception e) {
e.printStackTrace();
}
}
/** Updates the screen content from a background thread. */
void setText(final String s, final boolean progress) {
text = s;
hdlr.post(new Runnable() {
public void run() {
content.setText(s);
setProgressBarIndeterminateVisibility(progress);
}
});
}
/** Spawns a new thread connecting to the specified URL.
* The result of the request is displayed on the screen.
* @param urlString a HTTPS URL to connect to.
*/
void connect(final String urlString) {
new Thread() {
public void run() {
try {
URL u = new URL(urlString);
HttpsURLConnection c = (HttpsURLConnection)u.openConnection();
c.connect();
setText("" + c.getResponseCode() + " "
+ c.getResponseMessage(), false);
c.disconnect();
} catch (Exception e) {
setText(e.toString(), false);
e.printStackTrace();
}
}
}.start();
}
/** Reacts on the connect Button press. */
@Override
public void onClick(View view) {
String url = urlinput.getText().toString();
setText("Loading " + url, true);
setProgressBarIndeterminateVisibility(true);
connect(url);
}
/** React on the "Manage Certificates" button press. */
public void onManage(View view) {
final ArrayList<String> aliases = Collections.list(mtm.getCertificates());
ArrayAdapter<String> adapter = new ArrayAdapter<String>(this, android.R.layout.select_dialog_item, aliases);
new AlertDialog.Builder(this).setTitle("Tap Certificate to Delete")
.setNegativeButton(android.R.string.cancel, null)
.setAdapter(adapter, new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
try {
String alias = aliases.get(which);
mtm.deleteCertificate(alias);
setText("Deleted " + alias, false);
} catch (KeyStoreException e) {
e.printStackTrace();
setText("Error: " + e.getLocalizedMessage(), false);
}
}
})
.create().show();
}
}

Binary file not shown.

Before

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 83 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 82 KiB

View file

@ -1,20 +0,0 @@
# To enable ProGuard in your project, edit project.properties
# to define the proguard.config property as described in that file.
#
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in ${sdk.dir}/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the ProGuard
# include property in project.properties.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}

View file

@ -1,12 +0,0 @@
# This file is automatically generated by Android Tools.
# Do not modify this file -- YOUR CHANGES WILL BE ERASED!
#
# This file must be checked in Version Control Systems.
#
# To customize properties used by the Ant build system use,
# "ant.properties", and override values to adapt the script to your
# project structure.
android.library=true
# Project target.
target=android-19

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">Unbekanntes Zertifikat akzeptieren?</string>
<string name="mtm_trust_anchor">Das Serverzertifikat stammt nicht von einer bekannten Ausstellungsstelle (CA).</string>
<string name="mtm_cert_expired">The server certificate is expired.</string>
<string name="mtm_accept_servername">Abweichenden Servernamen akzeptieren?</string>
<string name="mtm_hostname_mismatch">Der Server konnte sich nicht als \"%s\" ausweisen. Das Zertifikat gilt nur für:</string>
<string name="mtm_connect_anyway">Verbindung trotzdem aufbauen?</string>
<string name="mtm_cert_details">Zertifikat-Details:</string>
<string name="mtm_decision_always">Immer</string>
<string name="mtm_decision_once">Einmal</string>
<string name="mtm_decision_abort">Abbrechen</string>
<string name="mtm_notification">Zertifikatsprüfung</string>
</resources>

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">¿Aceptar certicado desconocido?</string>
<string name="mtm_trust_anchor">El certificado del servidor no está firmado por una Autoridad Conocida (CA).</string>
<string name="mtm_cert_expired">The server certificate is expired.</string>
<string name="mtm_accept_servername">¿Aceptar discordancia en nombre del servidor?</string>
<string name="mtm_hostname_mismatch">El servidor no ha podido autenticarte como \"%s\". El certificado es solo válido para:</string>
<string name="mtm_connect_anyway">¿Quieres conectar de todas formas?</string>
<string name="mtm_cert_details">Detalle del certificado:</string>
<string name="mtm_decision_always">Siempre</string>
<string name="mtm_decision_once">Una vez</string>
<string name="mtm_decision_abort">Abortar</string>
<string name="mtm_notification">Verificación de Certificado</string>
</resources>

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">Ziurtagiri ezezaguna onartu?</string>
<string name="mtm_trust_anchor">Zerbitzariaren ziurtagiria ez dago Ziurtagiri-emaile Autoritate ezagun batez sinatuta.</string>
<string name="mtm_cert_expired">Zerbitzariaren ziurtagiria iraungi da.</string>
<string name="mtm_accept_servername">Zerbitzariaren izeneko desadostasuna onartu?</string>
<string name="mtm_hostname_mismatch">Zerbitzaria ezin izan da \&quot;%s\&quot; bezala autentifikatu. Ziurtagiria soilik honetarako baliagarria da:</string>
<string name="mtm_connect_anyway">Konektatu hala ere?</string>
<string name="mtm_cert_details">Ziurtagiriaren xehetasunak:</string>
<string name="mtm_decision_always">Beti</string>
<string name="mtm_decision_once">Behin</string>
<string name="mtm_decision_abort">Utzi</string>
<string name="mtm_notification">Ziurtagiriaren egiaztapena</string>
</resources>

View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">Hyväksytäänkö palvelimen antama tuntematon varmenne?</string>
<string name="mtm_trust_anchor">Palvelimen varmenne ei ole tunnetun varmentajan (CA) allekirjoittama.</string>
<string name="mtm_accept_servername">Sallitaanko palvelimen nimi, joka ei vastaa varmeenteessa olevaa nimeä?</string>
<string name="mtm_hostname_mismatch">Palvelimella ei ole varmennetta nimelle \"%s\". Varmenteen sisältämät nimet:</string>
<string name="mtm_connect_anyway">Haluatko jatkaa yhteyden muodostamista?</string>
<string name="mtm_cert_details">Sertifikaatin tiedot:</string>
<string name="mtm_decision_always">Aina</string>
<string name="mtm_decision_once">Kerran</string>
<string name="mtm_decision_abort">Keskeytä</string>
<string name="mtm_notification">Varmenteen tarkistus</string>
</resources>

View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">Accept Unknown Certificate?</string>
<string name="mtm_trust_anchor">Le certificat du serveur nest pas signé par une Autorité de Certification reconnue.</string>
<string name="mtm_accept_servername">Accept Mismatching Server Name?</string>
<string name="mtm_hostname_mismatch">Server could not authenticate as \"%s\". The certificate is only valid for:</string>
<string name="mtm_connect_anyway">Do you want to connect anyway?</string>
<string name="mtm_cert_details">Détails du certificat:</string>
<string name="mtm_decision_always">Toujours</string>
<string name="mtm_decision_once">Une seule fois</string>
<string name="mtm_decision_abort">Annuler</string>
<string name="mtm_notification">Certificate Verification</string>
</resources>

View file

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">Godta ukjent sertifikat?</string>
<string name="mtm_trust_anchor">Sertifikatet er ikke utstilt av en kjent utstiller (CA).</string>
<string name="mtm_accept_servername">Godta feil servernavn?</string>
<string name="mtm_hostname_mismatch">Serveren heter ikke \"%s\". Sertifikatet gjelder bare for: </string>
<string name="mtm_connect_anyway">Vil du bruke serveren likevel?</string>
<string name="mtm_cert_details">Sertifikatdetaljer:</string>
<string name="mtm_decision_always">Alltid</string>
<string name="mtm_decision_once">En gang</string>
<string name="mtm_decision_abort">Avbryt</string>
<string name="mtm_notification">Sertifikat-sjekk</string>
</resources>

View file

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<style name="ConversationsTheme" parent="@android:style/Theme.Material.Light.DarkActionBar" />
<style name="ConversationsTheme.Dark" parent="android:Theme.Material" />
</resources>

View file

@ -1,4 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="theme">light</string>
</resources>

View file

@ -1,17 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="mtm_accept_cert">Accept Unknown Certificate?</string>
<string name="mtm_trust_anchor">The server certificate is not signed by a known Certificate Authority.</string>
<string name="mtm_cert_expired">The server certificate is expired.</string>
<string name="mtm_accept_servername">Accept Mismatching Server Name?</string>
<string name="mtm_hostname_mismatch">Server could not authenticate as \&quot;%s\&quot;. The certificate is only valid for:</string>
<string name="mtm_connect_anyway">Do you want to connect anyway?</string>
<string name="mtm_cert_details">Certificate details:</string>
<string name="mtm_decision_always">Always</string>
<string name="mtm_decision_once">Once</string>
<string name="mtm_decision_abort">Abort</string>
<string name="mtm_notification">Certificate Verification</string>
</resources>

View file

@ -1,7 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<style name="ConversationsTheme" parent="@android:style/Theme.Holo.Light.DarkActionBar" />
<style name="ConversationsTheme.Dark" parent="@android:style/Theme.Holo" />
</resources>

View file

@ -1 +0,0 @@
include ':example'

View file

@ -1,3 +1,3 @@
include ':libs:MemorizingTrustManager', ':libs:EnhancedListView'
include ':libs:EnhancedListView'
rootProject.name = 'Conversations'

View file

@ -179,10 +179,6 @@
android:name=".ui.TrustKeysActivity"
android:label="@string/trust_omemo_fingerprints"
android:windowSoftInputMode="stateAlwaysHidden" />
<activity
android:name="de.duenndns.ssl.MemorizingActivity"
android:theme="@style/ConversationsTheme"
tools:replace="android:theme" />
<activity
android:name=".ui.AboutActivity"
android:label="@string/title_activity_about"
@ -192,6 +188,7 @@
android:value="eu.siacs.conversations.ui.SettingsActivity" />
</activity>
<activity android:name="com.soundcloud.android.crop.CropImageActivity" />
<activity android:name=".ui.MemorizingActivity"/>
<service android:name=".services.ExportLogsService" />
<service

View file

@ -1,4 +1,4 @@
package de.duenndns.ssl;
package eu.siacs.conversations.crypto;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;

View file

@ -25,8 +25,6 @@ import java.util.List;
import javax.net.ssl.SSLSession;
import de.duenndns.ssl.DomainHostnameVerifier;
public class XmppDomainVerifier implements DomainHostnameVerifier {
private static final String LOGTAG = "XmppDomainVerifier";

View file

@ -21,13 +21,13 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package de.duenndns.ssl;
package eu.siacs.conversations.entities;
class MTMDecision {
public class MTMDecision {
public final static int DECISION_INVALID = 0;
public final static int DECISION_ABORT = 1;
public final static int DECISION_ONCE = 2;
public final static int DECISION_ALWAYS = 3;
int state = DECISION_INVALID;
public int state = DECISION_INVALID;
}

View file

@ -24,7 +24,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package de.duenndns.ssl;
package eu.siacs.conversations.services;
import android.app.Activity;
import android.app.Application;
@ -74,6 +74,11 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import eu.siacs.conversations.R;
import eu.siacs.conversations.crypto.DomainHostnameVerifier;
import eu.siacs.conversations.entities.MTMDecision;
import eu.siacs.conversations.ui.MemorizingActivity;
/**
* A X509 trust manager implementation which asks the user about invalid
* certificates and memorizes their decision.
@ -94,12 +99,12 @@ public class MemorizingTrustManager {
private static final Pattern PATTERN_IPV6 = Pattern.compile("\\A(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\\z");
final static String DECISION_INTENT = "de.duenndns.ssl.DECISION";
final static String DECISION_INTENT_ID = DECISION_INTENT + ".decisionId";
final static String DECISION_INTENT_CERT = DECISION_INTENT + ".cert";
public final static String DECISION_INTENT_ID = DECISION_INTENT + ".decisionId";
public final static String DECISION_INTENT_CERT = DECISION_INTENT + ".cert";
final static String DECISION_INTENT_CHOICE = DECISION_INTENT + ".decisionChoice";
private final static Logger LOGGER = Logger.getLogger(MemorizingTrustManager.class.getName());
final static String DECISION_TITLE_ID = DECISION_INTENT + ".titleId";
public final static String DECISION_TITLE_ID = DECISION_INTENT + ".titleId";
private final static int NOTIFICATION_ID = 100509;
final static String NO_TRUST_ANCHOR = "Trust anchor for certification path not found.";
@ -758,7 +763,7 @@ public class MemorizingTrustManager {
}
}
protected static void interactResult(int decisionId, int choice) {
public static void interactResult(int decisionId, int choice) {
MTMDecision d;
synchronized(openDecisions) {
d = openDecisions.get(decisionId);

View file

@ -66,7 +66,6 @@ import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicLong;
import de.duenndns.ssl.MemorizingTrustManager;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.R;
import eu.siacs.conversations.crypto.PgpDecryptionService;

View file

@ -21,11 +21,9 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package de.duenndns.ssl;
package eu.siacs.conversations.ui;
import android.app.Activity;
import android.app.AlertDialog;
import android.content.DialogInterface;
import android.content.DialogInterface.OnCancelListener;
import android.content.DialogInterface.OnClickListener;
@ -33,15 +31,19 @@ import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Bundle;
import android.preference.PreferenceManager;
import android.support.v7.app.AlertDialog;
import android.support.v7.app.AppCompatActivity;
import java.util.logging.Level;
import java.util.logging.Logger;
public class MemorizingActivity extends Activity
implements OnClickListener,OnCancelListener {
import eu.siacs.conversations.R;
import eu.siacs.conversations.entities.MTMDecision;
import eu.siacs.conversations.services.MemorizingTrustManager;
public class MemorizingActivity extends AppCompatActivity implements OnClickListener,OnCancelListener {
private final static Logger LOGGER = Logger.getLogger(MemorizingActivity.class.getName());
public static final String THEME = "theme";
int decisionId;
@ -64,9 +66,9 @@ public class MemorizingActivity extends Activity
LOGGER.log(Level.FINE, "onResume with " + i.getExtras() + " decId=" + decisionId + " data: " + i.getData());
dialog = new AlertDialog.Builder(this).setTitle(titleId)
.setMessage(cert)
.setPositiveButton(R.string.mtm_decision_always, this)
.setNeutralButton(R.string.mtm_decision_once, this)
.setNegativeButton(R.string.mtm_decision_abort, this)
.setPositiveButton(R.string.always, this)
.setNeutralButton(R.string.once, this)
.setNegativeButton(R.string.cancel, this)
.setOnCancelListener(this)
.create();
dialog.show();
@ -86,7 +88,7 @@ public class MemorizingActivity extends Activity
}
protected int findTheme() {
return getPreferences().getString(THEME, getResources().getString(R.string.theme)).equals("dark") ? R.style.ConversationsTheme_Dark : R.style.ConversationsTheme;
return getPreferences().getString(SettingsActivity.THEME, getResources().getString(R.string.theme)).equals("dark") ? R.style.ConversationsTheme_Dark : R.style.ConversationsTheme;
}
protected SharedPreferences getPreferences() {

View file

@ -28,11 +28,11 @@ import java.util.Collections;
import java.util.List;
import java.util.Locale;
import de.duenndns.ssl.MemorizingTrustManager;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.R;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.services.ExportLogsService;
import eu.siacs.conversations.services.MemorizingTrustManager;
import eu.siacs.conversations.xmpp.XmppConnection;
import eu.siacs.conversations.xmpp.jid.InvalidJidException;
import eu.siacs.conversations.xmpp.jid.Jid;

View file

@ -49,9 +49,8 @@ import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import de.duenndns.ssl.DomainHostnameVerifier;
import de.duenndns.ssl.MemorizingTrustManager;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.crypto.DomainHostnameVerifier;
import eu.siacs.conversations.crypto.XmppDomainVerifier;
import eu.siacs.conversations.crypto.axolotl.AxolotlService;
import eu.siacs.conversations.crypto.sasl.Anonymous;
@ -66,6 +65,7 @@ import eu.siacs.conversations.entities.Message;
import eu.siacs.conversations.entities.ServiceDiscoveryResult;
import eu.siacs.conversations.generator.IqGenerator;
import eu.siacs.conversations.persistance.FileBackend;
import eu.siacs.conversations.services.MemorizingTrustManager;
import eu.siacs.conversations.services.NotificationService;
import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.utils.CryptoHelper;

View file

@ -735,4 +735,13 @@
<string name="private_messages_are_disabled">Private messages are disabled</string>
<string name="huawei_protected_apps">Protected Apps</string>
<string name="huawei_protected_apps_summary">To keep receiving notifications, even when the screen is turned off, you need to add Conversations to the list of protected apps.</string>
<string name="mtm_accept_cert">Accept Unknown Certificate?</string>
<string name="mtm_trust_anchor">The server certificate is not signed by a known Certificate Authority.</string>
<string name="mtm_cert_expired">The server certificate is expired.</string>
<string name="mtm_accept_servername">Accept Mismatching Server Name?</string>
<string name="mtm_hostname_mismatch">Server could not authenticate as \&quot;%s\&quot;. The certificate is only valid for:</string>
<string name="mtm_connect_anyway">Do you want to connect anyway?</string>
<string name="mtm_cert_details">Certificate details:</string>
<string name="mtm_notification">Certificate Verification</string>
<string name="once">Once</string>
</resources>