You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
628 lines
14 KiB
628 lines
14 KiB
.class public final Lokhttp3/CertificatePinner; |
|
.super Ljava/lang/Object; |
|
.source "CertificatePinner.java" |
|
|
|
|
|
# annotations |
|
.annotation system Ldalvik/annotation/MemberClasses; |
|
value = { |
|
Lokhttp3/CertificatePinner$Builder;, |
|
Lokhttp3/CertificatePinner$Pin; |
|
} |
|
.end annotation |
|
|
|
|
|
# static fields |
|
.field public static final DEFAULT:Lokhttp3/CertificatePinner; |
|
|
|
|
|
# instance fields |
|
.field private final pins:Ljava/util/List; |
|
.annotation system Ldalvik/annotation/Signature; |
|
value = { |
|
"Ljava/util/List", |
|
"<", |
|
"Lokhttp3/CertificatePinner$Pin;", |
|
">;" |
|
} |
|
.end annotation |
|
.end field |
|
|
|
.field private final trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
|
|
# direct methods |
|
.method static constructor <clinit>()V |
|
.locals 1 |
|
|
|
.prologue |
|
.line 125 |
|
new-instance v0, Lokhttp3/CertificatePinner$Builder; |
|
|
|
invoke-direct {v0}, Lokhttp3/CertificatePinner$Builder;-><init>()V |
|
|
|
invoke-virtual {v0}, Lokhttp3/CertificatePinner$Builder;->build()Lokhttp3/CertificatePinner; |
|
|
|
move-result-object v0 |
|
|
|
sput-object v0, Lokhttp3/CertificatePinner;->DEFAULT:Lokhttp3/CertificatePinner; |
|
|
|
return-void |
|
.end method |
|
|
|
.method private constructor <init>(Lokhttp3/CertificatePinner$Builder;)V |
|
.locals 1 |
|
|
|
.prologue |
|
.line 130 |
|
invoke-direct {p0}, Ljava/lang/Object;-><init>()V |
|
|
|
.line 131 |
|
invoke-static {p1}, Lokhttp3/CertificatePinner$Builder;->access$000(Lokhttp3/CertificatePinner$Builder;)Ljava/util/List; |
|
|
|
move-result-object v0 |
|
|
|
invoke-static {v0}, Lokhttp3/internal/Util;->immutableList(Ljava/util/List;)Ljava/util/List; |
|
|
|
move-result-object v0 |
|
|
|
iput-object v0, p0, Lokhttp3/CertificatePinner;->pins:Ljava/util/List; |
|
|
|
.line 132 |
|
invoke-static {p1}, Lokhttp3/CertificatePinner$Builder;->access$100(Lokhttp3/CertificatePinner$Builder;)Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
move-result-object v0 |
|
|
|
iput-object v0, p0, Lokhttp3/CertificatePinner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
.line 133 |
|
return-void |
|
.end method |
|
|
|
.method synthetic constructor <init>(Lokhttp3/CertificatePinner$Builder;Lokhttp3/CertificatePinner$1;)V |
|
.locals 0 |
|
|
|
.prologue |
|
.line 124 |
|
invoke-direct {p0, p1}, Lokhttp3/CertificatePinner;-><init>(Lokhttp3/CertificatePinner$Builder;)V |
|
|
|
return-void |
|
.end method |
|
|
|
.method static synthetic access$200(Lokhttp3/CertificatePinner;)Ljava/util/List; |
|
.locals 1 |
|
|
|
.prologue |
|
.line 124 |
|
iget-object v0, p0, Lokhttp3/CertificatePinner;->pins:Ljava/util/List; |
|
|
|
return-object v0 |
|
.end method |
|
|
|
.method static synthetic access$300(Lokhttp3/CertificatePinner;)Lokhttp3/internal/tls/TrustRootIndex; |
|
.locals 1 |
|
|
|
.prologue |
|
.line 124 |
|
iget-object v0, p0, Lokhttp3/CertificatePinner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
return-object v0 |
|
.end method |
|
|
|
.method public static pin(Ljava/security/cert/Certificate;)Ljava/lang/String; |
|
.locals 2 |
|
|
|
.prologue |
|
.line 222 |
|
instance-of v0, p0, Ljava/security/cert/X509Certificate; |
|
|
|
if-nez v0, :cond_0 |
|
|
|
.line 223 |
|
new-instance v0, Ljava/lang/IllegalArgumentException; |
|
|
|
const-string v1, "Certificate pinning requires X509 certificates" |
|
|
|
invoke-direct {v0, v1}, Ljava/lang/IllegalArgumentException;-><init>(Ljava/lang/String;)V |
|
|
|
throw v0 |
|
|
|
.line 225 |
|
:cond_0 |
|
new-instance v0, Ljava/lang/StringBuilder; |
|
|
|
invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V |
|
|
|
const-string v1, "sha256/" |
|
|
|
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v0 |
|
|
|
check-cast p0, Ljava/security/cert/X509Certificate; |
|
|
|
invoke-static {p0}, Lokhttp3/CertificatePinner;->sha256(Ljava/security/cert/X509Certificate;)Lokio/ByteString; |
|
|
|
move-result-object v1 |
|
|
|
invoke-virtual {v1}, Lokio/ByteString;->base64()Ljava/lang/String; |
|
|
|
move-result-object v1 |
|
|
|
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v0 |
|
|
|
invoke-virtual {v0}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; |
|
|
|
move-result-object v0 |
|
|
|
return-object v0 |
|
.end method |
|
|
|
.method static sha1(Ljava/security/cert/X509Certificate;)Lokio/ByteString; |
|
.locals 1 |
|
|
|
.prologue |
|
.line 229 |
|
invoke-virtual {p0}, Ljava/security/cert/X509Certificate;->getPublicKey()Ljava/security/PublicKey; |
|
|
|
move-result-object v0 |
|
|
|
invoke-interface {v0}, Ljava/security/PublicKey;->getEncoded()[B |
|
|
|
move-result-object v0 |
|
|
|
invoke-static {v0}, Lokio/ByteString;->of([B)Lokio/ByteString; |
|
|
|
move-result-object v0 |
|
|
|
invoke-static {v0}, Lokhttp3/internal/Util;->sha1(Lokio/ByteString;)Lokio/ByteString; |
|
|
|
move-result-object v0 |
|
|
|
return-object v0 |
|
.end method |
|
|
|
.method static sha256(Ljava/security/cert/X509Certificate;)Lokio/ByteString; |
|
.locals 1 |
|
|
|
.prologue |
|
.line 233 |
|
invoke-virtual {p0}, Ljava/security/cert/X509Certificate;->getPublicKey()Ljava/security/PublicKey; |
|
|
|
move-result-object v0 |
|
|
|
invoke-interface {v0}, Ljava/security/PublicKey;->getEncoded()[B |
|
|
|
move-result-object v0 |
|
|
|
invoke-static {v0}, Lokio/ByteString;->of([B)Lokio/ByteString; |
|
|
|
move-result-object v0 |
|
|
|
invoke-static {v0}, Lokhttp3/internal/Util;->sha256(Lokio/ByteString;)Lokio/ByteString; |
|
|
|
move-result-object v0 |
|
|
|
return-object v0 |
|
.end method |
|
|
|
|
|
# virtual methods |
|
.method public check(Ljava/lang/String;Ljava/util/List;)V |
|
.locals 13 |
|
.annotation system Ldalvik/annotation/Signature; |
|
value = { |
|
"(", |
|
"Ljava/lang/String;", |
|
"Ljava/util/List", |
|
"<", |
|
"Ljava/security/cert/Certificate;", |
|
">;)V" |
|
} |
|
.end annotation |
|
|
|
.prologue |
|
const/4 v6, 0x0 |
|
|
|
const/4 v4, 0x0 |
|
|
|
.line 145 |
|
invoke-virtual {p0, p1}, Lokhttp3/CertificatePinner;->findMatchingPins(Ljava/lang/String;)Ljava/util/List; |
|
|
|
move-result-object v8 |
|
|
|
.line 146 |
|
invoke-interface {v8}, Ljava/util/List;->isEmpty()Z |
|
|
|
move-result v0 |
|
|
|
if-eqz v0, :cond_1 |
|
|
|
.line 166 |
|
:cond_0 |
|
:goto_0 |
|
return-void |
|
|
|
.line 148 |
|
:cond_1 |
|
iget-object v0, p0, Lokhttp3/CertificatePinner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
if-eqz v0, :cond_2 |
|
|
|
.line 149 |
|
new-instance v0, Lokhttp3/internal/tls/CertificateChainCleaner; |
|
|
|
iget-object v1, p0, Lokhttp3/CertificatePinner;->trustRootIndex:Lokhttp3/internal/tls/TrustRootIndex; |
|
|
|
invoke-direct {v0, v1}, Lokhttp3/internal/tls/CertificateChainCleaner;-><init>(Lokhttp3/internal/tls/TrustRootIndex;)V |
|
|
|
invoke-virtual {v0, p2}, Lokhttp3/internal/tls/CertificateChainCleaner;->clean(Ljava/util/List;)Ljava/util/List; |
|
|
|
move-result-object p2 |
|
|
|
.line 152 |
|
:cond_2 |
|
invoke-interface {p2}, Ljava/util/List;->size()I |
|
|
|
move-result v9 |
|
|
|
move v7, v4 |
|
|
|
:goto_1 |
|
if-ge v7, v9, :cond_9 |
|
|
|
.line 153 |
|
invoke-interface {p2, v7}, Ljava/util/List;->get(I)Ljava/lang/Object; |
|
|
|
move-result-object v0 |
|
|
|
check-cast v0, Ljava/security/cert/X509Certificate; |
|
|
|
.line 159 |
|
invoke-interface {v8}, Ljava/util/List;->size()I |
|
|
|
move-result v10 |
|
|
|
move v5, v4 |
|
|
|
move-object v2, v6 |
|
|
|
move-object v3, v6 |
|
|
|
:goto_2 |
|
if-ge v5, v10, :cond_8 |
|
|
|
.line 160 |
|
invoke-interface {v8, v5}, Ljava/util/List;->get(I)Ljava/lang/Object; |
|
|
|
move-result-object v1 |
|
|
|
check-cast v1, Lokhttp3/CertificatePinner$Pin; |
|
|
|
.line 161 |
|
iget-object v11, v1, Lokhttp3/CertificatePinner$Pin;->hashAlgorithm:Ljava/lang/String; |
|
|
|
const-string v12, "sha256/" |
|
|
|
invoke-virtual {v11, v12}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z |
|
|
|
move-result v11 |
|
|
|
if-eqz v11, :cond_5 |
|
|
|
.line 162 |
|
if-nez v2, :cond_3 |
|
|
|
invoke-static {v0}, Lokhttp3/CertificatePinner;->sha256(Ljava/security/cert/X509Certificate;)Lokio/ByteString; |
|
|
|
move-result-object v2 |
|
|
|
.line 163 |
|
:cond_3 |
|
iget-object v1, v1, Lokhttp3/CertificatePinner$Pin;->hash:Lokio/ByteString; |
|
|
|
invoke-virtual {v1, v2}, Lokio/ByteString;->equals(Ljava/lang/Object;)Z |
|
|
|
move-result v1 |
|
|
|
if-nez v1, :cond_0 |
|
|
|
:cond_4 |
|
move-object v1, v2 |
|
|
|
move-object v2, v3 |
|
|
|
.line 159 |
|
add-int/lit8 v3, v5, 0x1 |
|
|
|
move v5, v3 |
|
|
|
move-object v3, v2 |
|
|
|
move-object v2, v1 |
|
|
|
goto :goto_2 |
|
|
|
.line 164 |
|
:cond_5 |
|
iget-object v11, v1, Lokhttp3/CertificatePinner$Pin;->hashAlgorithm:Ljava/lang/String; |
|
|
|
const-string v12, "sha1/" |
|
|
|
invoke-virtual {v11, v12}, Ljava/lang/String;->equals(Ljava/lang/Object;)Z |
|
|
|
move-result v11 |
|
|
|
if-eqz v11, :cond_7 |
|
|
|
.line 165 |
|
if-nez v3, :cond_6 |
|
|
|
invoke-static {v0}, Lokhttp3/CertificatePinner;->sha1(Ljava/security/cert/X509Certificate;)Lokio/ByteString; |
|
|
|
move-result-object v3 |
|
|
|
.line 166 |
|
:cond_6 |
|
iget-object v1, v1, Lokhttp3/CertificatePinner$Pin;->hash:Lokio/ByteString; |
|
|
|
invoke-virtual {v1, v3}, Lokio/ByteString;->equals(Ljava/lang/Object;)Z |
|
|
|
move-result v1 |
|
|
|
if-eqz v1, :cond_4 |
|
|
|
goto :goto_0 |
|
|
|
.line 168 |
|
:cond_7 |
|
new-instance v0, Ljava/lang/AssertionError; |
|
|
|
invoke-direct {v0}, Ljava/lang/AssertionError;-><init>()V |
|
|
|
throw v0 |
|
|
|
.line 152 |
|
:cond_8 |
|
add-int/lit8 v0, v7, 0x1 |
|
|
|
move v7, v0 |
|
|
|
goto :goto_1 |
|
|
|
.line 174 |
|
:cond_9 |
|
new-instance v0, Ljava/lang/StringBuilder; |
|
|
|
invoke-direct {v0}, Ljava/lang/StringBuilder;-><init>()V |
|
|
|
const-string v1, "Certificate pinning failure!" |
|
|
|
.line 175 |
|
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v0 |
|
|
|
const-string v1, "\n Peer certificate chain:" |
|
|
|
.line 176 |
|
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v2 |
|
|
|
.line 177 |
|
invoke-interface {p2}, Ljava/util/List;->size()I |
|
|
|
move-result v3 |
|
|
|
move v1, v4 |
|
|
|
:goto_3 |
|
if-ge v1, v3, :cond_a |
|
|
|
.line 178 |
|
invoke-interface {p2, v1}, Ljava/util/List;->get(I)Ljava/lang/Object; |
|
|
|
move-result-object v0 |
|
|
|
check-cast v0, Ljava/security/cert/X509Certificate; |
|
|
|
.line 179 |
|
const-string v5, "\n " |
|
|
|
invoke-virtual {v2, v5}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v5 |
|
|
|
invoke-static {v0}, Lokhttp3/CertificatePinner;->pin(Ljava/security/cert/Certificate;)Ljava/lang/String; |
|
|
|
move-result-object v6 |
|
|
|
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v5 |
|
|
|
const-string v6, ": " |
|
|
|
.line 180 |
|
invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v5 |
|
|
|
invoke-virtual {v0}, Ljava/security/cert/X509Certificate;->getSubjectDN()Ljava/security/Principal; |
|
|
|
move-result-object v0 |
|
|
|
invoke-interface {v0}, Ljava/security/Principal;->getName()Ljava/lang/String; |
|
|
|
move-result-object v0 |
|
|
|
invoke-virtual {v5, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
.line 177 |
|
add-int/lit8 v0, v1, 0x1 |
|
|
|
move v1, v0 |
|
|
|
goto :goto_3 |
|
|
|
.line 182 |
|
:cond_a |
|
const-string v0, "\n Pinned certificates for " |
|
|
|
invoke-virtual {v2, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v0 |
|
|
|
invoke-virtual {v0, p1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v0 |
|
|
|
const-string v1, ":" |
|
|
|
invoke-virtual {v0, v1}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
.line 183 |
|
invoke-interface {v8}, Ljava/util/List;->size()I |
|
|
|
move-result v3 |
|
|
|
move v1, v4 |
|
|
|
:goto_4 |
|
if-ge v1, v3, :cond_b |
|
|
|
.line 184 |
|
invoke-interface {v8, v1}, Ljava/util/List;->get(I)Ljava/lang/Object; |
|
|
|
move-result-object v0 |
|
|
|
check-cast v0, Lokhttp3/CertificatePinner$Pin; |
|
|
|
.line 185 |
|
const-string v4, "\n " |
|
|
|
invoke-virtual {v2, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder; |
|
|
|
move-result-object v4 |
|
|
|
invoke-virtual {v4, v0}, Ljava/lang/StringBuilder;->append(Ljava/lang/Object;)Ljava/lang/StringBuilder; |
|
|
|
.line 183 |
|
add-int/lit8 v0, v1, 0x1 |
|
|
|
move v1, v0 |
|
|
|
goto :goto_4 |
|
|
|
.line 187 |
|
:cond_b |
|
new-instance v0, Ljavax/net/ssl/SSLPeerUnverifiedException; |
|
|
|
invoke-virtual {v2}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String; |
|
|
|
move-result-object v1 |
|
|
|
invoke-direct {v0, v1}, Ljavax/net/ssl/SSLPeerUnverifiedException;-><init>(Ljava/lang/String;)V |
|
|
|
throw v0 |
|
.end method |
|
|
|
.method public varargs check(Ljava/lang/String;[Ljava/security/cert/Certificate;)V |
|
.locals 1 |
|
|
|
.prologue |
|
.line 193 |
|
invoke-static {p2}, Ljava/util/Arrays;->asList([Ljava/lang/Object;)Ljava/util/List; |
|
|
|
move-result-object v0 |
|
|
|
invoke-virtual {p0, p1, v0}, Lokhttp3/CertificatePinner;->check(Ljava/lang/String;Ljava/util/List;)V |
|
|
|
.line 194 |
|
return-void |
|
.end method |
|
|
|
.method findMatchingPins(Ljava/lang/String;)Ljava/util/List; |
|
.locals 4 |
|
.annotation system Ldalvik/annotation/Signature; |
|
value = { |
|
"(", |
|
"Ljava/lang/String;", |
|
")", |
|
"Ljava/util/List", |
|
"<", |
|
"Lokhttp3/CertificatePinner$Pin;", |
|
">;" |
|
} |
|
.end annotation |
|
|
|
.prologue |
|
.line 201 |
|
invoke-static {}, Ljava/util/Collections;->emptyList()Ljava/util/List; |
|
|
|
move-result-object v1 |
|
|
|
.line 202 |
|
iget-object v0, p0, Lokhttp3/CertificatePinner;->pins:Ljava/util/List; |
|
|
|
invoke-interface {v0}, Ljava/util/List;->iterator()Ljava/util/Iterator; |
|
|
|
move-result-object v2 |
|
|
|
:cond_0 |
|
:goto_0 |
|
invoke-interface {v2}, Ljava/util/Iterator;->hasNext()Z |
|
|
|
move-result v0 |
|
|
|
if-eqz v0, :cond_2 |
|
|
|
invoke-interface {v2}, Ljava/util/Iterator;->next()Ljava/lang/Object; |
|
|
|
move-result-object v0 |
|
|
|
check-cast v0, Lokhttp3/CertificatePinner$Pin; |
|
|
|
.line 203 |
|
invoke-virtual {v0, p1}, Lokhttp3/CertificatePinner$Pin;->matches(Ljava/lang/String;)Z |
|
|
|
move-result v3 |
|
|
|
if-eqz v3, :cond_0 |
|
|
|
.line 204 |
|
invoke-interface {v1}, Ljava/util/List;->isEmpty()Z |
|
|
|
move-result v3 |
|
|
|
if-eqz v3, :cond_1 |
|
|
|
new-instance v1, Ljava/util/ArrayList; |
|
|
|
invoke-direct {v1}, Ljava/util/ArrayList;-><init>()V |
|
|
|
.line 205 |
|
:cond_1 |
|
invoke-interface {v1, v0}, Ljava/util/List;->add(Ljava/lang/Object;)Z |
|
|
|
goto :goto_0 |
|
|
|
.line 208 |
|
:cond_2 |
|
return-object v1 |
|
.end method |
|
|
|
.method newBuilder()Lokhttp3/CertificatePinner$Builder; |
|
.locals 1 |
|
|
|
.prologue |
|
.line 212 |
|
new-instance v0, Lokhttp3/CertificatePinner$Builder; |
|
|
|
invoke-direct {v0, p0}, Lokhttp3/CertificatePinner$Builder;-><init>(Lokhttp3/CertificatePinner;)V |
|
|
|
return-object v0 |
|
.end method
|
|
|