You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
292 lines
6.6 KiB
292 lines
6.6 KiB
.class public final Lokhttp3/internal/tls/CertificateChainCleaner; |
|
.super Ljava/lang/Object; |
|
.source "CertificateChainCleaner.java" |
|
|
|
|
|
# static fields |
|
.field private static final MAX_SIGNERS:I = 0x9 |
|
|
|
|
|
# instance fields |
|
.field private final trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
|
|
# direct methods |
|
.method public constructor <init>(Lokhttp3/internal/tls/TrustRootIndex;)V |
|
.locals 0 |
|
|
|
.prologue |
|
.line 48 |
|
invoke-direct {p0}, Ljava/lang/Object;-><init>()V |
|
|
|
.line 49 |
|
iput-object p1, p0, Lokhttp3/internal/tls/CertificateChainCleaner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
.line 50 |
|
return-void |
|
.end method |
|
|
|
.method private verifySignature(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Z |
|
.locals 3 |
|
|
|
.prologue |
|
const/4 v0, 0x0 |
|
|
|
.line 109 |
|
invoke-virtual {p1}, Ljava/security/cert/X509Certificate;->getIssuerDN()Ljava/security/Principal; |
|
|
|
move-result-object v1 |
|
|
|
invoke-virtual {p2}, Ljava/security/cert/X509Certificate;->getSubjectDN()Ljava/security/Principal; |
|
|
|
move-result-object v2 |
|
|
|
invoke-interface {v1, v2}, Ljava/security/Principal;->equals(Ljava/lang/Object;)Z |
|
|
|
move-result v1 |
|
|
|
if-nez v1, :cond_0 |
|
|
|
.line 114 |
|
:goto_0 |
|
return v0 |
|
|
|
.line 111 |
|
:cond_0 |
|
:try_start_0 |
|
invoke-virtual {p2}, Ljava/security/cert/X509Certificate;->getPublicKey()Ljava/security/PublicKey; |
|
|
|
move-result-object v1 |
|
|
|
invoke-virtual {p1, v1}, Ljava/security/cert/X509Certificate;->verify(Ljava/security/PublicKey;)V |
|
:try_end_0 |
|
.catch Ljava/security/GeneralSecurityException; {:try_start_0 .. :try_end_0} :catch_0 |
|
|
|
.line 112 |
|
const/4 v0, 0x1 |
|
|
|
goto :goto_0 |
|
|
|
.line 113 |
|
:catch_0 |
|
move-exception v1 |
|
|
|
goto :goto_0 |
|
.end method |
|
|
|
|
|
# virtual methods |
|
.method public clean(Ljava/util/List;)Ljava/util/List; |
|
.locals 9 |
|
.annotation system Ldalvik/annotation/Signature; |
|
value = { |
|
"(", |
|
"Ljava/util/List", |
|
"<", |
|
"Ljava/security/cert/Certificate;", |
|
">;)", |
|
"Ljava/util/List", |
|
"<", |
|
"Ljava/security/cert/Certificate;", |
|
">;" |
|
} |
|
.end annotation |
|
|
|
.prologue |
|
const/4 v2, 0x1 |
|
|
|
const/4 v0, 0x0 |
|
|
|
.line 60 |
|
new-instance v6, Ljava/util/ArrayDeque; |
|
|
|
invoke-direct {v6, p1}, Ljava/util/ArrayDeque;-><init>(Ljava/util/Collection;)V |
|
|
|
.line 61 |
|
new-instance v4, Ljava/util/ArrayList; |
|
|
|
invoke-direct {v4}, Ljava/util/ArrayList;-><init>()V |
|
|
|
.line 62 |
|
invoke-interface {v6}, Ljava/util/Deque;->removeFirst()Ljava/lang/Object; |
|
|
|
move-result-object v1 |
|
|
|
invoke-interface {v4, v1}, Ljava/util/List;->add(Ljava/lang/Object;)Z |
|
|
|
move v5, v0 |
|
|
|
move v3, v0 |
|
|
|
.line 66 |
|
:goto_0 |
|
const/16 v0, 0x9 |
|
|
|
if-ge v5, v0, :cond_7 |
|
|
|
.line 67 |
|
invoke-interface {v4}, Ljava/util/List;->size()I |
|
|
|
move-result v0 |
|
|
|
add-int/lit8 v0, v0, -0x1 |
|
|
|
invoke-interface {v4, v0}, Ljava/util/List;->get(I)Ljava/lang/Object; |
|
|
|
move-result-object v0 |
|
|
|
check-cast v0, Ljava/security/cert/X509Certificate; |
|
|
|
.line 72 |
|
iget-object v1, p0, Lokhttp3/internal/tls/CertificateChainCleaner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
invoke-interface {v1, v0}, Lokhttp3/internal/tls/TrustRootIndex;->findByIssuerAndSignature(Ljava/security/cert/X509Certificate;)Ljava/security/cert/X509Certificate; |
|
|
|
move-result-object v1 |
|
|
|
.line 73 |
|
if-eqz v1, :cond_3 |
|
|
|
.line 74 |
|
invoke-interface {v4}, Ljava/util/List;->size()I |
|
|
|
move-result v3 |
|
|
|
if-gt v3, v2, :cond_0 |
|
|
|
invoke-virtual {v0, v1}, Ljava/security/cert/X509Certificate;->equals(Ljava/lang/Object;)Z |
|
|
|
move-result v0 |
|
|
|
if-nez v0, :cond_1 |
|
|
|
.line 75 |
|
:cond_0 |
|
invoke-interface {v4, v1}, Ljava/util/List;->add(Ljava/lang/Object;)Z |
|
|
|
.line 77 |
|
:cond_1 |
|
invoke-direct {p0, v1, v1}, Lokhttp3/internal/tls/CertificateChainCleaner;->verifySignature(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Z |
|
|
|
move-result v0 |
|
|
|
if-eqz v0, :cond_2 |
|
|
|
move-object v0, v4 |
|
|
|
.line 97 |
|
:goto_1 |
|
return-object v0 |
|
|
|
:cond_2 |
|
move v0, v2 |
|
|
|
.line 66 |
|
:goto_2 |
|
add-int/lit8 v1, v5, 0x1 |
|
|
|
move v5, v1 |
|
|
|
move v3, v0 |
|
|
|
goto :goto_0 |
|
|
|
.line 86 |
|
:cond_3 |
|
invoke-interface {v6}, Ljava/util/Deque;->iterator()Ljava/util/Iterator; |
|
|
|
move-result-object v7 |
|
|
|
:cond_4 |
|
invoke-interface {v7}, Ljava/util/Iterator;->hasNext()Z |
|
|
|
move-result v1 |
|
|
|
if-eqz v1, :cond_5 |
|
|
|
.line 87 |
|
invoke-interface {v7}, Ljava/util/Iterator;->next()Ljava/lang/Object; |
|
|
|
move-result-object v1 |
|
|
|
check-cast v1, Ljava/security/cert/X509Certificate; |
|
|
|
.line 88 |
|
invoke-direct {p0, v0, v1}, Lokhttp3/internal/tls/CertificateChainCleaner;->verifySignature(Ljava/security/cert/X509Certificate;Ljava/security/cert/X509Certificate;)Z |
|
|
|
move-result v8 |
|
|
|
if-eqz v8, :cond_4 |
|
|
|
.line 89 |
|
invoke-interface {v7}, Ljava/util/Iterator;->remove()V |
|
|
|
.line 90 |
|
invoke-interface {v4, v1}, Ljava/util/List;->add(Ljava/lang/Object;)Z |
|
|
|
move v0, v3 |
|
|
|
.line 91 |
|
goto :goto_2 |
|
|
|
.line 96 |
|
:cond_5 |
|
if-eqz v3, :cond_6 |
|
|
|
move-object v0, v4 |
|
|
|
.line 97 |
|
goto :goto_1 |
|
|
|
.line 101 |
|
:cond_6 |
|
new-instance v1, Ljavax/net/ssl/SSLPeerUnverifiedException; |
|
|
|
new-instance v2, Ljava/lang/StringBuilder; |
|
|
|
invoke-direct {v2}, Ljava/lang/StringBuilder;-><init>()V |
|
|
|
const-string v3, "Failed to find a trusted cert that signed " |
|
|
|
invoke-virtual {v2, v3}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v2 |
|
|
|
invoke-virtual {v2, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v0 |
|
|
|
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; |
|
|
|
move-result-object v0 |
|
|
|
invoke-direct {v1, v0}, Ljavax/net/ssl/SSLPeerUnverifiedException;-><init>(Ljava/lang/String;)V |
|
|
|
throw v1 |
|
|
|
.line 104 |
|
:cond_7 |
|
new-instance v0, Ljavax/net/ssl/SSLPeerUnverifiedException; |
|
|
|
new-instance v1, Ljava/lang/StringBuilder; |
|
|
|
invoke-direct {v1}, Ljava/lang/StringBuilder;-><init>()V |
|
|
|
const-string v2, "Certificate chain too long: " |
|
|
|
invoke-virtual {v1, v2}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v1 |
|
|
|
invoke-virtual {v1, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v1 |
|
|
|
invoke-virtual {v1}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; |
|
|
|
move-result-object v1 |
|
|
|
invoke-direct {v0, v1}, Ljavax/net/ssl/SSLPeerUnverifiedException;-><init>(Ljava/lang/String;)V |
|
|
|
throw v0 |
|
.end method
|
|
|