CertificatePinner.java
4.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
package com.squareup.okhttp;
import com.squareup.okhttp.internal.Util;
import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLPeerUnverifiedException;
import okio.ByteString;
public final class CertificatePinner
{
public static final CertificatePinner DEFAULT = new Builder().build();
private final Map<String, Set<ByteString>> hostnameToPins;
private CertificatePinner(Builder paramBuilder)
{
this.hostnameToPins = Util.immutableMap(paramBuilder.hostnameToPins);
}
public static String pin(Certificate paramCertificate)
{
if (!(paramCertificate instanceof X509Certificate)) {
throw new IllegalArgumentException("Certificate pinning requires X509 certificates");
}
return "sha1/" + sha1((X509Certificate)paramCertificate).base64();
}
private static ByteString sha1(X509Certificate paramX509Certificate)
{
return Util.sha1(ByteString.of(paramX509Certificate.getPublicKey().getEncoded()));
}
public final void check(String paramString, List<Certificate> paramList)
throws SSLPeerUnverifiedException
{
int j = 0;
Set localSet = findMatchingPins(paramString);
if (localSet == null) {
return;
}
int k = paramList.size();
int i = 0;
for (;;)
{
if (i >= k) {
break label62;
}
if (localSet.contains(sha1((X509Certificate)paramList.get(i)))) {
break;
}
i += 1;
}
label62:
StringBuilder localStringBuilder = new StringBuilder("Certificate pinning failure!\n Peer certificate chain:");
k = paramList.size();
i = j;
while (i < k)
{
X509Certificate localX509Certificate = (X509Certificate)paramList.get(i);
localStringBuilder.append("\n ").append(pin(localX509Certificate)).append(": ").append(localX509Certificate.getSubjectDN().getName());
i += 1;
}
localStringBuilder.append("\n Pinned certificates for ").append(paramString).append(":");
paramString = localSet.iterator();
while (paramString.hasNext())
{
paramList = (ByteString)paramString.next();
localStringBuilder.append("\n sha1/").append(paramList.base64());
}
throw new SSLPeerUnverifiedException(localStringBuilder.toString());
}
public final void check(String paramString, Certificate... paramVarArgs)
throws SSLPeerUnverifiedException
{
check(paramString, Arrays.asList(paramVarArgs));
}
final Set<ByteString> findMatchingPins(String paramString)
{
Set localSet = (Set)this.hostnameToPins.get(paramString);
int i = paramString.indexOf('.');
if (i != paramString.lastIndexOf('.')) {}
for (paramString = (Set)this.hostnameToPins.get("*." + paramString.substring(i + 1));; paramString = null)
{
Object localObject;
if ((localSet == null) && (paramString == null)) {
localObject = null;
}
do
{
return (Set<ByteString>)localObject;
if ((localSet != null) && (paramString != null))
{
localObject = new LinkedHashSet();
((Set)localObject).addAll(localSet);
((Set)localObject).addAll(paramString);
return (Set<ByteString>)localObject;
}
localObject = localSet;
} while (localSet != null);
return paramString;
}
}
public static final class Builder
{
private final Map<String, Set<ByteString>> hostnameToPins = new LinkedHashMap();
public final Builder add(String paramString, String... paramVarArgs)
{
if (paramString == null) {
throw new IllegalArgumentException("hostname == null");
}
LinkedHashSet localLinkedHashSet = new LinkedHashSet();
paramString = (Set)this.hostnameToPins.put(paramString, Collections.unmodifiableSet(localLinkedHashSet));
if (paramString != null) {
localLinkedHashSet.addAll(paramString);
}
int j = paramVarArgs.length;
int i = 0;
while (i < j)
{
paramString = paramVarArgs[i];
if (!paramString.startsWith("sha1/")) {
throw new IllegalArgumentException("pins must start with 'sha1/': " + paramString);
}
ByteString localByteString = ByteString.decodeBase64(paramString.substring(5));
if (localByteString == null) {
throw new IllegalArgumentException("pins must be base64: " + paramString);
}
localLinkedHashSet.add(localByteString);
i += 1;
}
return this;
}
public final CertificatePinner build()
{
return new CertificatePinner(this, null);
}
}
}
/* Location: /home/merong/decompile/hackery-dex2jar.jar!/com/squareup/okhttp/CertificatePinner.class
* Java compiler version: 6 (50.0)
* JD-Core Version: 0.7.1
*/