WIP

Author: sunkup

lib/src/androidTest/java/at/bitfire/cert4android/CustomCertManagerTest.kt

@@ -1,12 +1,7 @@
 package at.bitfire.cert4android
 
-import android.net.SSLCertificateSocketFactory
-import org.apache.http.conn.ssl.AllowAllHostnameVerifier
-import java.net.URL
 import java.security.cert.CertificateFactory
 import java.security.cert.X509Certificate
-import javax.net.ssl.HttpsURLConnection
-import javax.net.ssl.X509TrustManager
 
 /**
  * Provides certificates for testing.
@@ -61,39 +56,4 @@ object TestCertificates {
 
     fun testCert() = certFactory.generateCertificate(RAW_TEST_CERT.byteInputStream()) as X509Certificate
 
-
-    /**
-     * Get the certificates of a site (bypassing all trusted checks).
-     *
-     * @param url the URL to get the certificates from
-     * @return the certificates of the site
-     */
-    fun getSiteCertificates(url: URL): List<X509Certificate> {
-        val conn = url.openConnection() as HttpsURLConnection
-        try {
-            conn.hostnameVerifier = AllowAllHostnameVerifier()
-            conn.sslSocketFactory = object : SSLCertificateSocketFactory(1000) {
-                init {
-                    setTrustManagers(arrayOf(object : X509TrustManager {
-                        override fun checkClientTrusted(
-                            chain: Array<out X509Certificate?>?,
-                            authType: String?
-                        ) { /* OK */ }
-                        override fun checkServerTrusted(
-                            chain: Array<out X509Certificate?>?,
-                            authType: String?
-                        ) { /* OK */ }
-                        override fun getAcceptedIssuers(): Array<out X509Certificate?>? = emptyArray()
-                    }))
-                }
-            }
-            conn.inputStream.read()
-            val certs = mutableListOf<X509Certificate>()
-            conn.serverCertificates.forEach { certs += it as X509Certificate }
-            return certs
-        } finally {
-            conn.disconnect()
-        }
-    }
-
 }

lib/src/androidTest/java/at/bitfire/cert4android/TestCertificates.kt

@@ -0,0 +1,34 @@
+package at.bitfire.cert4android
+
+import kotlinx.coroutines.flow.StateFlow
+import java.security.cert.X509Certificate
+
+interface CertStore {
+
+    /**
+     * Removes user (dis-)trust decisions for all certificates.
+     */
+    fun clearUserDecisions()
+
+    /**
+     * Determines whether a certificate chain is trusted.
+     */
+    fun isTrusted(chain: Array<X509Certificate>, authType: String, trustSystemCerts: Boolean, appInForeground: StateFlow<Boolean>?): Boolean
+
+    /**
+     * Determines whether a certificate has been explicitly accepted by the user. In this case,
+     * we can ignore an invalid host name for that certificate.
+     */
+    fun isTrustedByUser(cert: X509Certificate): Boolean
+
+    /**
+     * Sets this certificate as trusted.
+     */
+    fun setTrustedByUser(cert: X509Certificate)
+
+    /**
+     * Sets this certificate as untrusted.
+     */
+    fun setUntrustedByUser(cert: X509Certificate)
+
+}

lib/src/main/java/at/bitfire/cert4android/CertStore.kt

@@ -5,7 +5,6 @@
 package at.bitfire.cert4android
 
 import android.annotation.SuppressLint
-import android.content.Context
 import kotlinx.coroutines.flow.StateFlow
 import java.security.cert.CertificateException
 import java.security.cert.X509Certificate
@@ -25,16 +24,14 @@ import javax.net.ssl.X509TrustManager
  */
 @SuppressLint("CustomX509TrustManager")
 class CustomCertManager @JvmOverloads constructor(
-    context: Context,
+    private val certStore: CertStore,
     val trustSystemCerts: Boolean = true,
     var appInForeground: StateFlow<Boolean>?
 ): X509TrustManager {
 
     private val logger
         get() = Logger.getLogger(javaClass.name)
 
-    val certStore = CustomCertStore.getInstance(context)
-
 
     @Throws(CertificateException::class)
     override fun checkClientTrusted(chain: Array<X509Certificate>?, authType: String?) {

lib/src/main/java/at/bitfire/cert4android/CustomCertManager.kt

@@ -24,7 +24,7 @@ import java.util.logging.Logger
 class CustomCertStore internal constructor(
     private val context: Context,
     private val userTimeout: Long = 60000L
-) {
+): CertStore {
 
     companion object {
 
@@ -67,7 +67,7 @@ class CustomCertStore internal constructor(
     }
 
     @Synchronized
-    fun clearUserDecisions() {
+    override fun clearUserDecisions() {
         logger.info("Clearing user-(dis)trusted certificates")
 
         for (alias in userKeyStore.aliases())
@@ -81,7 +81,7 @@ class CustomCertStore internal constructor(
     /**
      * Determines whether a certificate chain is trusted.
      */
-    fun isTrusted(chain: Array<X509Certificate>, authType: String, trustSystemCerts: Boolean, appInForeground: StateFlow<Boolean>?): Boolean {
+    override fun isTrusted(chain: Array<X509Certificate>, authType: String, trustSystemCerts: Boolean, appInForeground: StateFlow<Boolean>?): Boolean {
         if (chain.isEmpty())
             throw IllegalArgumentException("Certificate chain must not be empty")
         val cert = chain[0]
@@ -131,11 +131,11 @@ class CustomCertStore internal constructor(
      * we can ignore an invalid host name for that certificate.
      */
     @Synchronized
-    fun isTrustedByUser(cert: X509Certificate): Boolean =
+    override fun isTrustedByUser(cert: X509Certificate): Boolean =
         userKeyStore.getCertificateAlias(cert) != null
 
     @Synchronized
-    fun setTrustedByUser(cert: X509Certificate) {
+    override fun setTrustedByUser(cert: X509Certificate) {
         val alias = CertUtils.getTag(cert)
         logger.info("Trusted by user: ${cert.subjectDN.name} ($alias)")
 
@@ -146,7 +146,7 @@ class CustomCertStore internal constructor(
     }
 
     @Synchronized
-    fun setUntrustedByUser(cert: X509Certificate) {
+    override fun setUntrustedByUser(cert: X509Certificate) {
         logger.info("Distrusted by user: ${cert.subjectDN.name}")
 
         // find certificate

lib/src/main/java/at/bitfire/cert4android/CustomCertStore.kt

@@ -0,0 +1,131 @@
+/***************************************************************************************************
+ * Copyright © All Contributors. See LICENSE and AUTHORS in the root directory for details.
+ **************************************************************************************************/
+
+package at.bitfire.cert4android
+
+import kotlinx.coroutines.flow.StateFlow
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier
+import org.junit.Assume.assumeNotNull
+import org.junit.Before
+import org.junit.Test
+import java.io.IOException
+import java.net.URL
+import java.security.cert.CertificateException
+import java.security.cert.X509Certificate
+import javax.net.ssl.HttpsURLConnection
+
+class CustomCertManagerTest {
+
+    private val fakeCertStore = TestCertStore()
+    private lateinit var certManager: CustomCertManager
+    private lateinit var paranoidCertManager: CustomCertManager
+
+    private var siteCerts: List<X509Certificate>? =
+        try {
+            getSiteCertificates(URL("https://www.davx5.com"))
+        } catch(_: IOException) {
+            null
+        }
+    init {
+        assumeNotNull("Couldn't load certificate from Web", siteCerts)
+    }
+
+    @Before
+    fun createCertManager() {
+        certManager = CustomCertManager(fakeCertStore, true, null)
+        paranoidCertManager = CustomCertManager(fakeCertStore, false, null)
+    }
+
+
+    @Test(expected = CertificateException::class)
+    fun testCheckClientCertificate() {
+        certManager.checkClientTrusted(null, null)
+    }
+
+    @Test
+    fun testTrustedCertificate() {
+        certManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
+    }
+
+    @Test(expected = CertificateException::class)
+    fun testParanoidCertificate() {
+        paranoidCertManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
+    }
+
+    @Test
+    fun testAddCustomCertificate() {
+        fakeCertStore.setTrustedByUser(siteCerts!!.first())
+        paranoidCertManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
+    }
+
+    @Test(expected = CertificateException::class)
+    fun testRemoveCustomCertificate() {
+        fakeCertStore.setTrustedByUser(siteCerts!!.first())
+
+        // remove certificate again
+        // should now be rejected for the whole session
+        fakeCertStore.setUntrustedByUser(siteCerts!!.first())
+
+        paranoidCertManager.checkServerTrusted(siteCerts!!.toTypedArray(), "RSA")
+    }
+
+
+    // helpers
+
+    /**
+     * Get the certificates of a site (bypassing all trusted checks).
+     *
+     * @param url the URL to get the certificates from
+     * @return the certificates of the site
+     */
+    fun getSiteCertificates(url: URL): List<X509Certificate> {
+        val conn = url.openConnection() as HttpsURLConnection
+        try {
+            conn.hostnameVerifier = AllowAllHostnameVerifier()
+//            conn.sslSocketFactory = SSLSocketFactory.getDefault()
+            conn.inputStream.read()
+            val certs = mutableListOf<X509Certificate>()
+            conn.serverCertificates.forEach { certs += it as X509Certificate }
+            return certs
+        } finally {
+            conn.disconnect()
+        }
+    }
+
+    class TestCertStore: CertStore {
+
+        /**
+         *
+         * true = trusted, false = untrusted
+         */
+        val fakeCertTrustStore = mutableMapOf<X509Certificate, Boolean>()
+
+        override fun clearUserDecisions() {
+            fakeCertTrustStore.clear()
+        }
+
+        override fun isTrusted(
+            chain: Array<X509Certificate>,
+            authType: String,
+            trustSystemCerts: Boolean,
+            appInForeground: StateFlow<Boolean>?
+        ): Boolean {
+            return true
+        }
+
+        override fun isTrustedByUser(cert: X509Certificate): Boolean {
+           return fakeCertTrustStore[cert] == true
+        }
+
+        override fun setTrustedByUser(cert: X509Certificate) {
+            fakeCertTrustStore[cert] = true
+        }
+
+        override fun setUntrustedByUser(cert: X509Certificate) {
+            fakeCertTrustStore[cert] = false
+        }
+
+    }
+
+}

lib/src/test/java/at/bitfire/cert4android/CustomCertManagerTest.kt

@@ -176,7 +176,7 @@ class MainActivity : ComponentActivity() {
 
             // set cert4android TrustManager and HostnameVerifier
             val certManager = CustomCertManager(
-                context,
+                certStore = CustomCertStore.getInstance(context),
                 trustSystemCerts = trustSystemCerts,
                 appInForeground = appInForeground
             )