MemorizingTrustManager icon indicating copy to clipboard operation
MemorizingTrustManager copied to clipboard

Published 20 hours ago verified publisher icon ge0rg

Provide a public API to validate certificates

Open klassm opened this issue 9 years ago • 2 comments

Something like:

public boolean checkCertificate(X509Certificate certificate, String hostname) {
    try {
        if (certificate.equals(appKeyStore.getCertificate(hostname.toLowerCase(Locale.US)))) {
            return true;
        }
        return interactHostname(certificate, hostname);
    } catch (KeyStoreException e) {
        LOGGER.error("error while checking certificate", e);
        return false;
    }
}

klassm avatar Mar 06 '16 13:03 klassm

This is an interesting approach. I have outlined a possible API for exchanging the MTM user interface in #29, but this looks like it aims at doing the opposite. May I ask you what your envisioned use case is? (This is out of curiosity, not an attempt to prevent this from happening)

ge0rg avatar Mar 07 '16 11:03 ge0rg

Well I had to implement some kind of woraround for finding out whether a webview SSL connection error relates to a valid certificate or not. You get called in a callback (on the ui thread ...) and on some way a certificate - what I do is ask mtm tp validate my certificate - without having a hostname verifier. I've pushed my changes to mtm for that API change on my GitHub fork of mtm.

klassm avatar Mar 07 '16 18:03 klassm