Explicitly provide crashing expired certificate and minor changes

bitfireAT · Feb 2, 2025 · 0669f93 · 0669f93
1 parent 665967d
commit 0669f93
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 7 deletions.
diff --git a/lib/src/androidTest/java/at/bitfire/cert4android/ConscryptTest.kt b/lib/src/androidTest/java/at/bitfire/cert4android/ConscryptTest.kt
@@ -1,17 +1,63 @@
 package at.bitfire.cert4android
 
+import org.junit.Before
 import org.junit.Test
-import java.net.URL
+import java.security.cert.CertificateFactory
+import java.security.cert.X509Certificate
 
 class ConscryptTest {
 
+    @Before
+    fun setUp() {
+        ConscryptIntegration.initialize()
+    }
+
+
     @Test
     fun test_X509Certificate_toString() {
-        val certs = TestCertificates.getSiteCertificates(URL("https://expired.badssl.com"))
+        val certFactory = CertificateFactory.getInstance("X.509")
+        val testCert = certFactory.generateCertificate(RAW_EXPIRED_CERT.byteInputStream()) as X509Certificate
 
         // Crashes with Conscrypt 2.5.3
-        for (cert in certs)
-            System.err.println(cert.toString())
+        System.err.println(testCert.toString())
+    }
+
+
+    companion object {
+
+        const val RAW_EXPIRED_CERT = "-----BEGIN CERTIFICATE-----\n" +
+                "MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv\n" +
+                "MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk\n" +
+                "ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF\n" +
+                "eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow\n" +
+                "gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO\n" +
+                "BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD\n" +
+                "VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq\n" +
+                "hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw\n" +
+                "AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6\n" +
+                "2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr\n" +
+                "ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt\n" +
+                "4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq\n" +
+                "m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/\n" +
+                "vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT\n" +
+                "8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE\n" +
+                "IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO\n" +
+                "KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO\n" +
+                "GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/\n" +
+                "s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g\n" +
+                "JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD\n" +
+                "AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9\n" +
+                "MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy\n" +
+                "bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6\n" +
+                "Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ\n" +
+                "zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj\n" +
+                "Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY\n" +
+                "Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5\n" +
+                "B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx\n" +
+                "PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR\n" +
+                "pu/xO28QOG8=\n" +
+                "-----END CERTIFICATE-----\n"
+
     }
 
 }
diff --git a/lib/src/main/java/at/bitfire/cert4android/ConscryptIntegration.kt b/lib/src/main/java/at/bitfire/cert4android/ConscryptIntegration.kt
@@ -6,7 +6,7 @@ import javax.net.ssl.SSLContext
 
 object ConscryptIntegration {
 
-    var initialized = false
+    private var initialized = false
 
     @Synchronized
     fun initialize() {

diff --git a/lib/src/main/java/at/bitfire/cert4android/CustomCertStore.kt b/lib/src/main/java/at/bitfire/cert4android/CustomCertStore.kt
@@ -133,8 +133,7 @@ class CustomCertStore internal constructor(
     @Synchronized
     fun setTrustedByUser(cert: X509Certificate) {
         val tag = CertUtils.getTag(cert)
-        Cert4Android.log.info("Trusted by user: ${cert.javaClass.name} ${cert.subjectDN.name} ($tag)")
-        Cert4Android.log.info(cert.toString())
+        Cert4Android.log.info("Trusted by user: ${cert.subjectDN.name} ($tag)")
 
         userKeyStore.setCertificateEntry(tag, cert)
         saveUserKeyStore()