TrustManagers.java

 1package eu.siacs.conversations.crypto;
 2
 3import android.content.Context;
 4import androidx.annotation.Nullable;
 5import com.google.common.collect.Iterables;
 6import eu.siacs.conversations.R;
 7import java.io.IOException;
 8import java.io.InputStream;
 9import java.security.KeyStore;
10import java.security.KeyStoreException;
11import java.security.NoSuchAlgorithmException;
12import java.security.cert.CertificateException;
13import java.util.Arrays;
14import javax.net.ssl.TrustManagerFactory;
15import javax.net.ssl.X509TrustManager;
16
17public final class TrustManagers {
18
19    private static final char[] BUNDLED_KEYSTORE_PASSWORD = "letsencrypt".toCharArray();
20
21    private TrustManagers() {
22        throw new IllegalStateException("Do not instantiate me");
23    }
24
25    public static X509TrustManager createTrustManager(@Nullable final KeyStore keyStore)
26            throws NoSuchAlgorithmException, KeyStoreException {
27        final TrustManagerFactory trustManagerFactory =
28                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
29        trustManagerFactory.init(keyStore);
30        return Iterables.getOnlyElement(
31                Iterables.filter(
32                        Arrays.asList(trustManagerFactory.getTrustManagers()),
33                        X509TrustManager.class));
34    }
35
36    public static X509TrustManager createDefaultTrustManager()
37            throws NoSuchAlgorithmException, KeyStoreException {
38        return createTrustManager(null);
39    }
40
41    public static X509TrustManager createDefaultWithBundledLetsEncrypt(final Context context)
42            throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
43        final var bundleTrustManager =
44                createWithKeyStore(context.getResources().openRawResource(R.raw.letsencrypt));
45        return CombiningTrustManager.combineWithDefault(bundleTrustManager);
46    }
47
48    private static X509TrustManager createWithKeyStore(final InputStream inputStream)
49            throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException {
50        final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
51        keyStore.load(inputStream, BUNDLED_KEYSTORE_PASSWORD);
52        return TrustManagers.createTrustManager(keyStore);
53    }
54}