270 lines
7.5 KiB
Smali
270 lines
7.5 KiB
Smali
.class public final Lokhttp3/internal/tls/CertificateChainCleaner;
|
|
.super Ljava/lang/Object;
|
|
.source "CertificateChainCleaner.java"
|
|
|
|
|
|
# static fields
|
|
.field private static final MAX_SIGNERS:I = 0x9
|
|
|
|
|
|
# instance fields
|
|
.field private final trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex;
|
|
|
|
|
|
# direct methods
|
|
.method public constructor <init>(Lokhttp3/internal/tls/TrustRootIndex;)V
|
|
.locals 0
|
|
.param p1, "trustRootIndex" # Lokhttp3/internal/tls/TrustRootIndex;
|
|
|
|
.prologue
|
|
invoke-direct {p0}, Ljava/lang/Object;-><init>()V
|
|
|
|
iput-object p1, p0, Lokhttp3/internal/tls/CertificateChainCleaner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex;
|
|
|
|
return-void
|
|
.end method
|
|
|
|
.method private verifySignature(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Z
|
|
.locals 4
|
|
.param p1, "toVerify" # Ljava/security/cert/X509Certificate;
|
|
.param p2, "signingCert" # Ljava/security/cert/X509Certificate;
|
|
|
|
.prologue
|
|
const/4 v1, 0x0
|
|
|
|
invoke-virtual {p1}, Ljava/security/cert/X509Certificate;->getIssuerDN()Ljava/security/Principal;
|
|
|
|
move-result-object v2
|
|
|
|
invoke-virtual {p2}, Ljava/security/cert/X509Certificate;->getSubjectDN()Ljava/security/Principal;
|
|
|
|
move-result-object v3
|
|
|
|
invoke-interface {v2, v3}, Ljava/security/Principal;->equals(Ljava/lang/Object;)Z
|
|
|
|
move-result v2
|
|
|
|
if-nez v2, :cond_0
|
|
|
|
:goto_0
|
|
return v1
|
|
|
|
:cond_0
|
|
:try_start_0
|
|
invoke-virtual {p2}, Ljava/security/cert/X509Certificate;->getPublicKey()Ljava/security/PublicKey;
|
|
|
|
move-result-object v2
|
|
|
|
invoke-virtual {p1, v2}, Ljava/security/cert/X509Certificate;->verify(Ljava/security/PublicKey;)V
|
|
:try_end_0
|
|
.catch Ljava/security/GeneralSecurityException; {:try_start_0 .. :try_end_0} :catch_0
|
|
|
|
const/4 v1, 0x1
|
|
|
|
goto :goto_0
|
|
|
|
:catch_0
|
|
move-exception v0
|
|
|
|
.local v0, "verifyFailed":Ljava/security/GeneralSecurityException;
|
|
goto :goto_0
|
|
.end method
|
|
|
|
|
|
# virtual methods
|
|
.method public clean(Ljava/util/List;)Ljava/util/List;
|
|
.locals 11
|
|
.annotation system Ldalvik/annotation/Signature;
|
|
value = {
|
|
"(",
|
|
"Ljava/util/List",
|
|
"<",
|
|
"Ljava/security/cert/Certificate;",
|
|
">;)",
|
|
"Ljava/util/List",
|
|
"<",
|
|
"Ljava/security/cert/Certificate;",
|
|
">;"
|
|
}
|
|
.end annotation
|
|
|
|
.annotation system Ldalvik/annotation/Throws;
|
|
value = {
|
|
Ljavax/net/ssl/SSLPeerUnverifiedException;
|
|
}
|
|
.end annotation
|
|
|
|
.prologue
|
|
.local p1, "chain":Ljava/util/List;, "Ljava/util/List<Ljava/security/cert/Certificate;>;"
|
|
new-instance v3, Ljava/util/ArrayDeque;
|
|
|
|
invoke-direct {v3, p1}, Ljava/util/ArrayDeque;-><init>(Ljava/util/Collection;)V
|
|
|
|
.local v3, "queue":Ljava/util/Deque;, "Ljava/util/Deque<Ljava/security/cert/Certificate;>;"
|
|
new-instance v4, Ljava/util/ArrayList;
|
|
|
|
invoke-direct {v4}, Ljava/util/ArrayList;-><init>()V
|
|
|
|
.local v4, "result":Ljava/util/List;, "Ljava/util/List<Ljava/security/cert/Certificate;>;"
|
|
invoke-interface {v3}, Ljava/util/Deque;->removeFirst()Ljava/lang/Object;
|
|
|
|
move-result-object v8
|
|
|
|
invoke-interface {v4, v8}, Ljava/util/List;->add(Ljava/lang/Object;)Z
|
|
|
|
const/4 v1, 0x0
|
|
|
|
.local v1, "foundTrustedCertificate":Z
|
|
const/4 v0, 0x0
|
|
|
|
.local v0, "c":I
|
|
:goto_0
|
|
const/16 v8, 0x9
|
|
|
|
if-ge v0, v8, :cond_7
|
|
|
|
invoke-interface {v4}, Ljava/util/List;->size()I
|
|
|
|
move-result v8
|
|
|
|
add-int/lit8 v8, v8, -0x1
|
|
|
|
invoke-interface {v4, v8}, Ljava/util/List;->get(I)Ljava/lang/Object;
|
|
|
|
move-result-object v6
|
|
|
|
check-cast v6, Ljava/security/cert/X509Certificate;
|
|
|
|
.local v6, "toVerify":Ljava/security/cert/X509Certificate;
|
|
iget-object v8, p0, Lokhttp3/internal/tls/CertificateChainCleaner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex;
|
|
|
|
invoke-interface {v8, v6}, Lokhttp3/internal/tls/TrustRootIndex;->findByIssuerAndSignature(Ljava/security/cert/X509Certificate;)Ljava/security/cert/X509Certificate;
|
|
|
|
move-result-object v7
|
|
|
|
.local v7, "trustedCert":Ljava/security/cert/X509Certificate;
|
|
if-eqz v7, :cond_4
|
|
|
|
invoke-interface {v4}, Ljava/util/List;->size()I
|
|
|
|
move-result v8
|
|
|
|
const/4 v9, 0x1
|
|
|
|
if-gt v8, v9, :cond_0
|
|
|
|
invoke-virtual {v6, v7}, Ljava/security/cert/X509Certificate;->equals(Ljava/lang/Object;)Z
|
|
|
|
move-result v8
|
|
|
|
if-nez v8, :cond_1
|
|
|
|
:cond_0
|
|
invoke-interface {v4, v7}, Ljava/util/List;->add(Ljava/lang/Object;)Z
|
|
|
|
:cond_1
|
|
invoke-direct {p0, v7, v7}, Lokhttp3/internal/tls/CertificateChainCleaner;->verifySignature(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Z
|
|
|
|
move-result v8
|
|
|
|
if-eqz v8, :cond_3
|
|
|
|
:cond_2
|
|
return-object v4
|
|
|
|
:cond_3
|
|
const/4 v1, 0x1
|
|
|
|
:goto_1
|
|
add-int/lit8 v0, v0, 0x1
|
|
|
|
goto :goto_0
|
|
|
|
:cond_4
|
|
invoke-interface {v3}, Ljava/util/Deque;->iterator()Ljava/util/Iterator;
|
|
|
|
move-result-object v2
|
|
|
|
.local v2, "i":Ljava/util/Iterator;, "Ljava/util/Iterator<Ljava/security/cert/Certificate;>;"
|
|
:cond_5
|
|
invoke-interface {v2}, Ljava/util/Iterator;->hasNext()Z
|
|
|
|
move-result v8
|
|
|
|
if-eqz v8, :cond_6
|
|
|
|
invoke-interface {v2}, Ljava/util/Iterator;->next()Ljava/lang/Object;
|
|
|
|
move-result-object v5
|
|
|
|
check-cast v5, Ljava/security/cert/X509Certificate;
|
|
|
|
.local v5, "signingCert":Ljava/security/cert/X509Certificate;
|
|
invoke-direct {p0, v6, v5}, Lokhttp3/internal/tls/CertificateChainCleaner;->verifySignature(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Z
|
|
|
|
move-result v8
|
|
|
|
if-eqz v8, :cond_5
|
|
|
|
invoke-interface {v2}, Ljava/util/Iterator;->remove()V
|
|
|
|
invoke-interface {v4, v5}, Ljava/util/List;->add(Ljava/lang/Object;)Z
|
|
|
|
goto :goto_1
|
|
|
|
.end local v5 # "signingCert":Ljava/security/cert/X509Certificate;
|
|
:cond_6
|
|
if-nez v1, :cond_2
|
|
|
|
new-instance v8, Ljavax/net/ssl/SSLPeerUnverifiedException;
|
|
|
|
new-instance v9, Ljava/lang/StringBuilder;
|
|
|
|
invoke-direct {v9}, Ljava/lang/StringBuilder;-><init>()V
|
|
|
|
const-string v10, "Failed to find a trusted cert that signed "
|
|
|
|
invoke-virtual {v9, v10}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
|
|
|
|
move-result-object v9
|
|
|
|
invoke-virtual {v9, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
|
|
|
|
move-result-object v9
|
|
|
|
invoke-virtual {v9}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
|
|
|
|
move-result-object v9
|
|
|
|
invoke-direct {v8, v9}, Ljavax/net/ssl/SSLPeerUnverifiedException;-><init>(Ljava/lang/String;)V
|
|
|
|
throw v8
|
|
|
|
.end local v2 # "i":Ljava/util/Iterator;, "Ljava/util/Iterator<Ljava/security/cert/Certificate;>;"
|
|
.end local v6 # "toVerify":Ljava/security/cert/X509Certificate;
|
|
.end local v7 # "trustedCert":Ljava/security/cert/X509Certificate;
|
|
:cond_7
|
|
new-instance v8, Ljavax/net/ssl/SSLPeerUnverifiedException;
|
|
|
|
new-instance v9, Ljava/lang/StringBuilder;
|
|
|
|
invoke-direct {v9}, Ljava/lang/StringBuilder;-><init>()V
|
|
|
|
const-string v10, "Certificate chain too long: "
|
|
|
|
invoke-virtual {v9, v10}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
|
|
|
|
move-result-object v9
|
|
|
|
invoke-virtual {v9, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder;
|
|
|
|
move-result-object v9
|
|
|
|
invoke-virtual {v9}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
|
|
|
|
move-result-object v9
|
|
|
|
invoke-direct {v8, v9}, Ljavax/net/ssl/SSLPeerUnverifiedException;-><init>(Ljava/lang/String;)V
|
|
|
|
throw v8
|
|
.end method
|