* SU3File: Disable the X.509 CN checking of local certs on Android,

as the javax.naming classes are not available. Any issues with local certs will be discovered in non-Android testing.
2014-07-13 13:29:55 +00:00
parent 2c185ea76c
commit 9dabc75866
2 changed files with 26 additions and 7 deletions
--- a/core/java/src/net/i2p/crypto/CertUtil.java
+++ b/core/java/src/net/i2p/crypto/CertUtil.java
@ -18,6 +18,7 @@ import net.i2p.I2PAppContext;
 import net.i2p.data.Base64;
 import net.i2p.util.Log;
 import net.i2p.util.SecureFileOutputStream;
+import net.i2p.util.SystemVersion;

 /**
 *  Java X.509 certificate utilities, consolidated from various places.
@ -65,11 +66,18 @@ public class CertUtil {
    }

    /**
-     *  Get a value out of the subject distinguished name
+     *  Get a value out of the subject distinguished name.
+     *
+     *  Warning - unsupported in Android (no javax.naming), returns null.
+     *
     *  @param type e.g. "CN"
     *  @return value or null if not found
     */
    public static String getSubjectValue(X509Certificate cert, String type) {
+        if (SystemVersion.isAndroid()) {
+            error("Don't call this in Android", new UnsupportedOperationException("I did it"));
+            return null;
+        }
        type = type.toUpperCase(Locale.US);
        X500Principal p = cert.getSubjectX500Principal();
        String subj = p.getName();
--- a/core/java/src/net/i2p/crypto/DirKeyRing.java
+++ b/core/java/src/net/i2p/crypto/DirKeyRing.java
@ -14,9 +14,11 @@ import java.security.PublicKey;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;

+import net.i2p.util.SystemVersion;
+
 /**
- *  Dumb storage in a directory for testing.
- *  No sanitization of filenames, unsafe.
+ *  Simple storage of each cert in a separate file in a directory.
+ *  Limited sanitization of filenames.
 *
 *  @since 0.9.9
 */
@ -30,7 +32,9 @@ class DirKeyRing implements KeyRing {

    /**
     *  Cert must be in the file (escaped keyName).crt,
-     *  and have a CN == keyName
+     *  and have a CN == keyName.
+     *
+     *  CN check unsupported on Android.
     */
    public PublicKey getKey(String keyName, String scope, SigType type)
                            throws GeneralSecurityException, IOException {
@ -49,14 +53,21 @@ class DirKeyRing implements KeyRing {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
            cert.checkValidity();
-            String cn = CertUtil.getSubjectValue(cert, "CN");
-            if (!keyName.equals(cn))
-                throw new GeneralSecurityException("CN mismatch: " + cn);
+            if (!SystemVersion.isAndroid()) {
+                // getSubjectValue() unsupported on Android.
+                // Any cert problems will be caught in non-Android testing.
+                String cn = CertUtil.getSubjectValue(cert, "CN");
+                if (!keyName.equals(cn))
+                    throw new GeneralSecurityException("CN mismatch: " + cn);
+            }
            return cert.getPublicKey();
        } finally {
            try { if (fis != null) fis.close(); } catch (IOException foo) {}
        }
    }

+    /**
+     *  Unimplemented, unused.
+     */
    public void setKey(String keyName, String scope, PublicKey key) {}
 }