fixed TrustManager processing; cleanup

src/org/geometerplus/android/fbreader/network/NetworkBaseActivity.java

@@ -99,7 +99,6 @@ abstract class NetworkBaseActivity extends ListActivity implements NetworkView.E
 				} catch (InterruptedException e) {
 				}
 			}
-			System.err.println("auth thread: " + Thread.currentThread());
 			PasswordAuthentication result = null;
 			if (myUsername != null && myPassword != null) {
 				option.setValue(myUsername);
@@ -119,7 +118,6 @@ abstract class NetworkBaseActivity extends ListActivity implements NetworkView.E
 		getListView().setOnCreateContextMenuListener(this);
 		onModelChanged(); // do the same update actions as upon onModelChanged
 
-		System.err.println("UI thread: " + Thread.currentThread());
 		Authenticator.setDefault(myAuthenticator);
 	}
 

src/org/geometerplus/zlibrary/core/network/ZLNetworkManager.java

@@ -24,8 +24,8 @@ import java.util.zip.GZIPInputStream;
 import java.io.*;
 import java.net.*;
 import javax.net.ssl.*;
-import java.security.*;
 import java.security.cert.*;
+import java.security.GeneralSecurityException;
 
 import org.geometerplus.zlibrary.core.util.ZLNetworkUtil;
 import org.geometerplus.zlibrary.core.filesystem.ZLResourceFile;
@@ -40,31 +40,18 @@ public class ZLNetworkManager {
 		return ourManager;
 	}
 
-	private static void collectStandardTrustManagers(List<TrustManager> collection) {
-		try {
-			final TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");
-			factory.init((KeyStore)null);
-			final TrustManager[] managers = factory.getTrustManagers();
-			if (managers != null) {
-				for (TrustManager tm: managers) {
-					collection.add(tm);
-				}
+	private static TrustManager[] getTrustManagers(String certificate) throws ZLNetworkException {
+		InputStream stream = null;
+		if (certificate != null) {
+			try {
+				final ZLResourceFile file = ZLResourceFile.createResourceFile(certificate);
+				stream = file.getInputStream();
+			} catch (IOException ex) {
+				throw new ZLNetworkException(ZLNetworkException.ERROR_SSL_BAD_FILE, certificate, ex);
 			}
-		} catch (NoSuchAlgorithmException e) {
-		} catch (KeyStoreException e) {
-		}
-	}
-
-	private static TrustManager createZLTrustManager(String certificate) throws ZLNetworkException {
-		final InputStream stream;
-		try {
-			final ZLResourceFile file = ZLResourceFile.createResourceFile(certificate);
-			stream = file.getInputStream();
-		} catch (IOException ex) {
-			throw new ZLNetworkException(ZLNetworkException.ERROR_SSL_BAD_FILE, certificate, ex);
 		}
 		try {
-			return new ZLX509TrustManager(stream);
+			return new TrustManager[] { new ZLX509TrustManager(stream) };
 		} catch (CertificateExpiredException ex) {
 			throw new ZLNetworkException(ZLNetworkException.ERROR_SSL_EXPIRED, certificate, ex);
 		} catch (CertificateNotYetValidException ex) {
@@ -72,9 +59,11 @@ public class ZLNetworkManager {
 		} catch (CertificateException ex) {
 			throw new ZLNetworkException(ZLNetworkException.ERROR_SSL_BAD_FILE, certificate, ex);
 		} finally {
-			try {
-				stream.close();
-			} catch (IOException ex) {
+			if (stream != null) {
+				try {
+					stream.close();
+				} catch (IOException ex) {
+				}
 			}
 		}
 	}
@@ -88,17 +77,10 @@ public class ZLNetworkManager {
 		httpConnection.setRequestProperty("Accept-Language", Locale.getDefault().getLanguage());
 		httpConnection.setAllowUserInteraction(true);
 		if (httpConnection instanceof HttpsURLConnection) {
-			HttpsURLConnection httpsConnection = (HttpsURLConnection)httpConnection;
-
-			final ArrayList<TrustManager> managers = new ArrayList<TrustManager>();
-			if (request.SSLCertificate != null) {
-				managers.add(createZLTrustManager(request.SSLCertificate));
-			}
-			collectStandardTrustManagers(managers);
-
+			final HttpsURLConnection httpsConnection = (HttpsURLConnection)httpConnection;
 			try {
 				SSLContext context = SSLContext.getInstance("TLS");
-				context.init(null, managers.toArray(new TrustManager[]{}), null);
+				context.init(null, getTrustManagers(request.SSLCertificate), null);
 				httpsConnection.setSSLSocketFactory(context.getSocketFactory());
 			} catch (GeneralSecurityException ex) {
 				throw new ZLNetworkException(ZLNetworkException.ERROR_SSL_SUBSYSTEM, ex);
@@ -112,7 +94,7 @@ public class ZLNetworkManager {
 			request.doBefore();
 			HttpURLConnection httpConnection = null;
 			int response = -1;
-			final int retryLimit = 3;
+			final int retryLimit = 6;
 			for (int retryCounter = 0; retryCounter < retryLimit && (response == -1 || response == 302); ++retryCounter) {
 				final URLConnection connection = new URL(request.URL).openConnection();
 				if (!(connection instanceof HttpURLConnection)) {
@@ -148,7 +130,9 @@ public class ZLNetworkManager {
 				if (response == 302) {
 					request.URL = httpConnection.getHeaderField("Location");
 				}
+				System.err.println("RESPONSE: " + response);
 			}
+			System.err.println("RRRESPONSE: " + response);
 
 			InputStream stream = null;
 			if (response == HttpURLConnection.HTTP_OK) {

src/org/geometerplus/zlibrary/core/network/ZLX509TrustManager.java

@@ -24,20 +24,38 @@ import javax.net.ssl.*;
 import java.security.GeneralSecurityException;
 import java.security.PublicKey;
 import java.security.cert.*;
-
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 
 class ZLX509TrustManager implements X509TrustManager {
-
 	private final X509Certificate myCertificate;
+	private X509TrustManager myBase;
 
 	public ZLX509TrustManager(InputStream stream) throws CertificateException {
-		final CertificateFactory factory = CertificateFactory.getInstance("X509");
-		Certificate cert = factory.generateCertificate(stream);
-		if (!(cert instanceof X509Certificate)) {
-			throw new CertificateException("That's impossible!!! Certificate with invalid type has been returned by X.509 certificate factory.");
+		if (stream != null) {
+			final CertificateFactory factory = CertificateFactory.getInstance("X509");
+			Certificate cert = factory.generateCertificate(stream);
+			if (!(cert instanceof X509Certificate)) {
+				throw new CertificateException("That's impossible!!! Certificate with invalid type has been returned by X.509 certificate factory.");
+			}
+			myCertificate = (X509Certificate)cert;
+			myCertificate.checkValidity();
+		} else {
+			myCertificate = null;
+		}
+
+		myBase = null;
+		try {
+			final TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");
+			factory.init((KeyStore)null);
+			final TrustManager[] managers = factory.getTrustManagers();
+			if (managers != null && managers.length > 0) {
+				myBase = (X509TrustManager)managers[0];
+			}
+		} catch (NoSuchAlgorithmException e) {
+		} catch (KeyStoreException e) {
 		}
-		myCertificate = (X509Certificate) cert;
-		myCertificate.checkValidity();
 	}
 
 	public X509Certificate[] getAcceptedIssuers() {
@@ -48,11 +66,23 @@ class ZLX509TrustManager implements X509TrustManager {
 	}
 
 	public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
-		final int lastCertificate = certs.length - 1;
-		for (int i = 0; i < lastCertificate; ++i) {
-			checkCertificate(certs[i], certs[i + 1].getPublicKey());
+		try {
+			if (myCertificate != null) {
+				final int lastCertificate = certs.length - 1;
+				for (int i = 0; i < lastCertificate; ++i) {
+					checkCertificate(certs[i], certs[i + 1].getPublicKey());
+				}
+				checkCertificate(certs[lastCertificate], myCertificate.getPublicKey());
+			} else {
+				throw new CertificateException("No certificate found");
+			}
+		} catch (CertificateException e) {
+			if (myBase != null) {
+				myBase.checkServerTrusted(certs, authType);
+			} else {
+				throw e;
+			}
 		}
-		checkCertificate(certs[lastCertificate], myCertificate.getPublicKey());
 	}
 
 	private void checkCertificate(X509Certificate certificate, PublicKey publicKey) throws CertificateException {