X-Git-Url: https://gitweb.stoutner.com/?p=PrivacyBrowserAndroid.git;a=blobdiff_plain;f=app%2Fsrc%2Fmain%2Fjava%2Fcom%2Fstoutner%2Fprivacybrowser%2Fhelpers%2FCheckPinnedMismatchHelper.java;fp=app%2Fsrc%2Fmain%2Fjava%2Fcom%2Fstoutner%2Fprivacybrowser%2Fhelpers%2FCheckPinnedMismatchHelper.java;h=25d84144b836306294ce5c8e3404d601ce4d66f9;hp=0000000000000000000000000000000000000000;hb=9d5e4c56326502b6b74e8f3e463275f5c1e176cc;hpb=3d167d1ec7d0cef1ef032f20859bb0de8ddb01cf

diff --git a/app/src/main/java/com/stoutner/privacybrowser/helpers/CheckPinnedMismatchHelper.java b/app/src/main/java/com/stoutner/privacybrowser/helpers/CheckPinnedMismatchHelper.java
new file mode 100644
index 00000000..25d84144
--- /dev/null
+++ b/app/src/main/java/com/stoutner/privacybrowser/helpers/CheckPinnedMismatchHelper.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright Â© 2018-2019 Soren Stoutner <soren@stoutner.com>.
+ *
+ * This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+ *
+ * Privacy Browser is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Privacy Browser is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Privacy Browser.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package com.stoutner.privacybrowser.helpers;
+
+import android.net.http.SslCertificate;
+
+import androidx.fragment.app.DialogFragment;
+import androidx.fragment.app.FragmentManager;
+
+import com.stoutner.privacybrowser.dialogs.PinnedMismatchDialog;
+import com.stoutner.privacybrowser.views.NestedScrollWebView;
+
+import java.util.ArrayList;
+import java.util.Date;
+
+public class CheckPinnedMismatchHelper {
+    public static void checkPinnedMismatch(FragmentManager fragmentManager, NestedScrollWebView nestedScrollWebView) {
+        // Initialize the current SSL certificate variables.
+        String currentWebsiteIssuedToCName = "";
+        String currentWebsiteIssuedToOName = "";
+        String currentWebsiteIssuedToUName = "";
+        String currentWebsiteIssuedByCName = "";
+        String currentWebsiteIssuedByOName = "";
+        String currentWebsiteIssuedByUName = "";
+        Date currentWebsiteSslStartDate = null;
+        Date currentWebsiteSslEndDate = null;
+
+        // Initialize the pinned SSL certificate variables.
+        String pinnedSslIssuedToCName = "";
+        String pinnedSslIssuedToOName = "";
+        String pinnedSslIssuedToUName = "";
+        String pinnedSslIssuedByCName = "";
+        String pinnedSslIssuedByOName = "";
+        String pinnedSslIssuedByUName = "";
+        Date pinnedSslStartDate = null;
+        Date pinnedSslEndDate = null;
+
+        // Get the current website SSL certificate.
+        SslCertificate currentWebsiteSslCertificate = nestedScrollWebView.getCertificate();
+
+        // Extract the individual pieces of information from the current website SSL certificate if it is not null.
+        if (currentWebsiteSslCertificate != null) {
+            currentWebsiteIssuedToCName = currentWebsiteSslCertificate.getIssuedTo().getCName();
+            currentWebsiteIssuedToOName = currentWebsiteSslCertificate.getIssuedTo().getOName();
+            currentWebsiteIssuedToUName = currentWebsiteSslCertificate.getIssuedTo().getUName();
+            currentWebsiteIssuedByCName = currentWebsiteSslCertificate.getIssuedBy().getCName();
+            currentWebsiteIssuedByOName = currentWebsiteSslCertificate.getIssuedBy().getOName();
+            currentWebsiteIssuedByUName = currentWebsiteSslCertificate.getIssuedBy().getUName();
+            currentWebsiteSslStartDate = currentWebsiteSslCertificate.getValidNotBeforeDate();
+            currentWebsiteSslEndDate = currentWebsiteSslCertificate.getValidNotAfterDate();
+        }
+
+        // Get the pinned SSL certificate information if it exists.
+        if (nestedScrollWebView.hasPinnedSslCertificate()) {
+            // Get the pinned SSL certificate.
+            ArrayList<Object> pinnedSslCertificateArrayList = nestedScrollWebView.getPinnedSslCertificate();
+
+            // Extract the arrays from the array list.
+            String[] pinnedSslCertificateStringArray = (String[]) pinnedSslCertificateArrayList.get(0);
+            Date[] pinnedSslCertificateDateArray = (Date[]) pinnedSslCertificateArrayList.get(1);
+
+            // Populate the pinned SSL certificate string variables.
+            pinnedSslIssuedToCName = pinnedSslCertificateStringArray[0];
+            pinnedSslIssuedToOName = pinnedSslCertificateStringArray[1];
+            pinnedSslIssuedToUName = pinnedSslCertificateStringArray[2];
+            pinnedSslIssuedByCName = pinnedSslCertificateStringArray[3];
+            pinnedSslIssuedByOName = pinnedSslCertificateStringArray[4];
+            pinnedSslIssuedByUName = pinnedSslCertificateStringArray[5];
+
+            // Populate the pinned SSL certificate date variables.
+            pinnedSslStartDate = pinnedSslCertificateDateArray[0];
+            pinnedSslEndDate = pinnedSslCertificateDateArray[1];
+        }
+
+        // Initialize string variables to store the SSL certificate dates.  Strings are needed to compare the values below, which doesn't work with dates if the first one is null.
+        String currentWebsiteSslStartDateString = "";
+        String currentWebsiteSslEndDateString = "";
+        String pinnedSslStartDateString = "";
+        String pinnedSslEndDateString = "";
+
+        // Convert the dates to strings if they are not null.
+        if (currentWebsiteSslStartDate != null) {
+            currentWebsiteSslStartDateString = currentWebsiteSslStartDate.toString();
+        }
+
+        if (currentWebsiteSslEndDate != null) {
+            currentWebsiteSslEndDateString = currentWebsiteSslEndDate.toString();
+        }
+
+        if (pinnedSslStartDate != null) {
+            pinnedSslStartDateString = pinnedSslStartDate.toString();
+        }
+
+        if (pinnedSslEndDate != null) {
+            pinnedSslEndDateString = pinnedSslEndDate.toString();
+        }
+
+        // Check to see if the pinned information matches the current information.
+        if ((nestedScrollWebView.hasPinnedIpAddresses() && !nestedScrollWebView.getCurrentIpAddresses().equals(nestedScrollWebView.getPinnedIpAddresses())) ||
+                (nestedScrollWebView.hasPinnedSslCertificate() && (!currentWebsiteIssuedToCName.equals(pinnedSslIssuedToCName) ||
+                !currentWebsiteIssuedToOName.equals(pinnedSslIssuedToOName) || !currentWebsiteIssuedToUName.equals(pinnedSslIssuedToUName) ||
+                !currentWebsiteIssuedByCName.equals(pinnedSslIssuedByCName) || !currentWebsiteIssuedByOName.equals(pinnedSslIssuedByOName) ||
+                !currentWebsiteIssuedByUName.equals(pinnedSslIssuedByUName) || !currentWebsiteSslStartDateString.equals(pinnedSslStartDateString) ||
+                !currentWebsiteSslEndDateString.equals(pinnedSslEndDateString)))) {
+
+            // Get a handle for the pinned mismatch alert dialog.
+            DialogFragment pinnedMismatchDialogFragment = PinnedMismatchDialog.displayDialog(nestedScrollWebView.getWebViewFragmentId());
+
+            // Show the pinned mismatch alert dialog.
+            pinnedMismatchDialogFragment.show(fragmentManager, "Pinned Mismatch");
+        }
+    }
+}
\ No newline at end of file