1 files changed, 119 insertions, 0 deletions

diff --git a/WordPress/src/main/java/org/wordpress/android/networking/WPTrustManager.java b/WordPress/src/main/java/org/wordpress/android/networking/WPTrustManager.java
new file mode 100644
index 000000000..8f7bb9104
--- /dev/null
+++ b/WordPress/src/main/java/org/wordpress/android/networking/WPTrustManager.java
@@ -0,0 +1,119 @@
+package org.wordpress.android.networking;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+import org.wordpress.android.util.AppLog;
+import org.wordpress.android.util.AppLog.T;
+
+public class WPTrustManager implements X509TrustManager {
+    private X509TrustManager defaultTrustManager;
+    private X509TrustManager localTrustManager;
+    private X509Certificate[] acceptedIssuers;
+
+    public WPTrustManager(KeyStore localKeyStore) {
+        try {
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init((KeyStore) null);
+
+            defaultTrustManager = findX509TrustManager(tmf);
+            if (defaultTrustManager == null) {
+                throw new IllegalStateException("Couldn't find X509TrustManager");
+            }
+
+            localTrustManager = new LocalStoreX509TrustManager(localKeyStore);
+
+            List<X509Certificate> allIssuers = new ArrayList<X509Certificate>();
+            Collections.addAll(allIssuers, defaultTrustManager.getAcceptedIssuers());
+            Collections.addAll(allIssuers, localTrustManager.getAcceptedIssuers());
+            acceptedIssuers = allIssuers.toArray(new X509Certificate[allIssuers.size()]);
+        } catch (GeneralSecurityException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+
+    private static X509TrustManager findX509TrustManager(TrustManagerFactory tmf) {
+        TrustManager tms[] = tmf.getTrustManagers();
+        for (int i = 0; i < tms.length; i++) {
+            if (tms[i] instanceof X509TrustManager) {
+                return (X509TrustManager) tms[i];
+            }
+        }
+        return null;
+    }
+
+
+    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+        try {
+            defaultTrustManager.checkClientTrusted(chain, authType);
+        } catch (CertificateException ce) {
+            localTrustManager.checkClientTrusted(chain, authType);
+        }
+    }
+
+    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+        try {
+            defaultTrustManager.checkServerTrusted(chain, authType);
+        } catch (CertificateException ce) {
+            localTrustManager.checkServerTrusted(chain, authType);
+        }
+    }
+
+    public X509Certificate[] getAcceptedIssuers() {
+        return acceptedIssuers;
+    }
+
+    static class LocalStoreX509TrustManager implements X509TrustManager {
+        private X509TrustManager trustManager;
+
+        LocalStoreX509TrustManager(KeyStore localKeyStore) {
+            try {
+                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                tmf.init(localKeyStore);
+
+                trustManager = findX509TrustManager(tmf);
+                if (trustManager == null) {
+                    throw new IllegalStateException("Couldn't find X509TrustManager");
+                }
+            } catch (GeneralSecurityException e) {
+                throw new RuntimeException(e);
+            }
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            trustManager.checkClientTrusted(chain, authType);
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            try {
+                trustManager.checkServerTrusted(chain, authType);
+            } catch (CertificateException e) {
+                AppLog.e(T.API, "Cannot trust the certificate with the local trust manager...", e);
+                try {
+                    SelfSignedSSLCertsManager.getInstance(null).setLastFailureChain(chain);
+                } catch (GeneralSecurityException e1) {
+                } catch (IOException e1) {
+                }
+                throw e;
+            }
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return trustManager.getAcceptedIssuers();
+        }
+    }
+}
\ No newline at end of file