From cf063bf04a5f9eb145124747748129d34a595dc7 Mon Sep 17 00:00:00 2001
From: Wikinaut <mail@wikinaut.de>
Date: Fri, 2 Oct 2015 02:37:24 +0200
Subject: [PATCH] fix #1024 show cert fingerprints when adding new account w/
 untrusted cert

+ show SHA-256, SHA-1 and MD5 certificate fingerprint
  instead of signature hex dump
  when certificate is untrusted
+ show error string if one of the digest algorithms is not available
+ added check and error msg for certificate load problems
---
 res/layout/ssl_untrusted_cert_layout.xml      | 25 ++++---
 res/values/strings.xml                        |  3 +
 .../adapter/X509CertificateViewAdapter.java   | 71 ++++++++++++++++---
 3 files changed, 79 insertions(+), 20 deletions(-)

diff --git a/res/layout/ssl_untrusted_cert_layout.xml b/res/layout/ssl_untrusted_cert_layout.xml
index 8ef7b1391f..2f359f8e96 100644
--- a/res/layout/ssl_untrusted_cert_layout.xml
+++ b/res/layout/ssl_untrusted_cert_layout.xml
@@ -377,7 +377,6 @@
 				    android:text=""
 				    android:textAppearance="?android:attr/textAppearanceSmall"
 				/>
-				
 
 				<TextView
         			android:id="@+id/label_signature"
@@ -404,16 +403,24 @@
         			android:text=""
         			android:textAppearance="?android:attr/textAppearanceSmall"
         		/>
-																								
-								
+
 				<TextView
-        			android:id="@+id/value_signature"
-        			android:layout_width="wrap_content"
-        			android:layout_height="wrap_content"
+					android:id="@+id/label_certificate_fingerprint"
+					android:layout_width="wrap_content"
+					android:layout_height="wrap_content"
 					android:paddingBottom="5dp"
-        			android:text=""
-        			android:textAppearance="?android:attr/textAppearanceSmall"
-        		/>
+					android:text="@string/ssl_validator_label_certificate_fingerprint"
+					android:textAppearance="?android:attr/textAppearanceSmall"
+				/>
+
+				<TextView
+					android:id="@+id/value_certificate_fingerprint"
+					android:layout_width="wrap_content"
+					android:layout_height="wrap_content"
+					android:paddingBottom="5dp"
+					android:text=""
+					android:textAppearance="?android:attr/textAppearanceSmall"
+				/>
 				
 		</LinearLayout>
 		
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 8f1aec2199..a11d6319f1 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -253,6 +253,9 @@
     <string name="ssl_validator_label_validity_to">To:</string>
     <string name="ssl_validator_label_signature">Signature:</string>
     <string name="ssl_validator_label_signature_algorithm">Algorithm:</string>
+    <string name="digest_algorithm_not_available">This digest algorithm is not available on your phone.</string>
+    <string name="ssl_validator_label_certificate_fingerprint">Fingerprint:</string>
+    <string name="certificate_load_problem">There is a problem loading the certificate.</string>
     <string name="ssl_validator_null_cert">The certificate could not be shown.</string>
     <string name="ssl_validator_no_info_about_error">- No information about the error</string>
 
diff --git a/src/com/owncloud/android/ui/adapter/X509CertificateViewAdapter.java b/src/com/owncloud/android/ui/adapter/X509CertificateViewAdapter.java
index 1c8c8c2851..742d6d821a 100644
--- a/src/com/owncloud/android/ui/adapter/X509CertificateViewAdapter.java
+++ b/src/com/owncloud/android/ui/adapter/X509CertificateViewAdapter.java
@@ -20,6 +20,9 @@
  */
 package com.owncloud.android.ui.adapter;
 
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Date;
@@ -31,6 +34,7 @@ import javax.security.auth.x500.X500Principal;
 import com.owncloud.android.R;
 import com.owncloud.android.ui.dialog.SslUntrustedCertDialog;
 
+import android.util.Log;
 import android.view.View;
 import android.widget.TextView;
 
@@ -42,7 +46,9 @@ public class X509CertificateViewAdapter implements SslUntrustedCertDialog.Certif
     //private final static String TAG = X509CertificateViewAdapter.class.getSimpleName();
     
     private X509Certificate mCertificate = null;
-    
+
+    private static final String TAG = X509CertificateViewAdapter.class.getSimpleName();
+
     public X509CertificateViewAdapter(X509Certificate certificate) {
         mCertificate = certificate;
     }
@@ -63,25 +69,68 @@ public class X509CertificateViewAdapter implements SslUntrustedCertDialog.Certif
         }
     }
 
+    private byte[] getDigest(String algorithm, byte[] message) {
+        MessageDigest md = null;
+
+        try {
+            md = MessageDigest.getInstance(algorithm);
+        } catch (NoSuchAlgorithmException e) {
+            return null;
+        }
+        md.reset();
+        return md.digest(message);
+    }
+
     private void showSignature(View dialogView) {
-        TextView sigView = ((TextView)dialogView.findViewById(R.id.value_signature));
-        TextView algorithmView = ((TextView)dialogView.findViewById(R.id.value_signature_algorithm));
-        sigView.setText(getHex(mCertificate.getSignature()));
-        algorithmView.setText(mCertificate.getSigAlgName());
+        byte[] cert = null;
+
+        TextView certFingerprintView = ((TextView) dialogView.findViewById(R.id.value_certificate_fingerprint));
+        TextView algorithmView = ((TextView) dialogView.findViewById(R.id.value_signature_algorithm));
+
+        try {
+            cert = mCertificate.getEncoded();
+            if (cert == null) {
+
+                certFingerprintView.setText(R.string.certificate_load_problem);
+                algorithmView.setText(R.string.certificate_load_problem);
+
+            } else {
+
+                certFingerprintView.setText(
+                        getDigestHexBytesWithColonsAndNewLines(dialogView, "SHA-256", cert)
+                                + getDigestHexBytesWithColonsAndNewLines(dialogView, "SHA-1", cert)
+                                + getDigestHexBytesWithColonsAndNewLines(dialogView, "MD5", cert));
+                algorithmView.setText(mCertificate.getSigAlgName());
+
+            }
+
+        } catch (CertificateEncodingException e) {
+            Log.e(TAG, "Problem while trying to decode the certificate.");
+        }
+
+
     }
     
-    public String getHex(final byte [] raw) {
-        if (raw == null) {
-           return null;
+    private final String getDigestHexBytesWithColonsAndNewLines(View dialogView, final String digestType, final byte [] cert) {
+        final byte[] rawDigest;
+        final String newLine = System.getProperty("line.separator");
+
+        rawDigest = getDigest(digestType, cert);
+
+        if ( rawDigest == null) {
+            return digestType + ":" + newLine + dialogView.getContext().getString(R.string.digest_algorithm_not_available) + newLine + newLine;
         }
-        final StringBuilder hex = new StringBuilder(2 * raw.length);
-        for (final byte b : raw) {
+
+        final StringBuilder hex = new StringBuilder(3 * rawDigest.length);
+
+        for (final byte b : rawDigest) {
            final int hiVal = (b & 0xF0) >> 4;
            final int loVal = b & 0x0F;
            hex.append((char) ('0' + (hiVal + (hiVal / 10 * 7))));
            hex.append((char) ('0' + (loVal + (loVal / 10 * 7))));
+           hex.append(":");
         }
-        return hex.toString();
+        return digestType + ":" + newLine + hex.toString().replaceFirst("\\:$","") + newLine + newLine;
      }    
 
     private void showValidity(Date notBefore, Date notAfter, View dialogView) {