Provide a public API to validate certificates

ge0rg / MemorizingTrustManager

A "plugin" for Android Java to allow asking the user about SSL certificates

MIT License

182 stars 92 forks source link

Provide a public API to validate certificates #51

Open klassm opened 8 years ago

klassm commented 8 years ago

Something like:

public boolean checkCertificate(X509Certificate certificate, String hostname) {
    try {
        if (certificate.equals(appKeyStore.getCertificate(hostname.toLowerCase(Locale.US)))) {
            return true;
        }
        return interactHostname(certificate, hostname);
    } catch (KeyStoreException e) {
        LOGGER.error("error while checking certificate", e);
        return false;
    }
}

ge0rg commented 8 years ago

This is an interesting approach. I have outlined a possible API for exchanging the MTM user interface in #29, but this looks like it aims at doing the opposite. May I ask you what your envisioned use case is? (This is out of curiosity, not an attempt to prevent this from happening)

klassm commented 8 years ago

Well I had to implement some kind of woraround for finding out whether a webview SSL connection error relates to a valid certificate or not. You get called in a callback (on the ui thread ...) and on some way a certificate - what I do is ask mtm tp validate my certificate - without having a hostname verifier. I've pushed my changes to mtm for that API change on my GitHub fork of mtm.