forked from github/cordova-android
Apply trustEveryone to the current connection and not globally.
Fixes https://issues.apache.org/jira/browse/CB-1565
This commit is contained in:
Andrew Grieve
parent
ca9539b5b6
commit
9c6c782146
@ -74,9 +74,6 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
private static HashMap<String, RequestContext> activeRequests = new HashMap<String, RequestContext>();
|
private static HashMap<String, RequestContext> activeRequests = new HashMap<String, RequestContext>();
|
||||||
private static final int MAX_BUFFER_SIZE = 16 * 1024;
|
private static final int MAX_BUFFER_SIZE = 16 * 1024;
|
||||||
|
|
||||||
|
|
||||||
private static SSLSocketFactory defaultSSLSocketFactory = null;
|
|
||||||
|
|
||||||
private static final class RequestContext {
|
private static final class RequestContext {
|
||||||
String source;
|
String source;
|
||||||
String target;
|
String target;
|
||||||
@ -216,8 +213,8 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
HttpURLConnection conn = null;
|
HttpURLConnection conn = null;
|
||||||
HostnameVerifier defaultHostnameVerifier = null;
|
HostnameVerifier oldHostnameVerifier = null;
|
||||||
|
SSLSocketFactory oldSocketFactory = null;
|
||||||
try {
|
try {
|
||||||
// Create return object
|
// Create return object
|
||||||
FileUploadResult result = new FileUploadResult();
|
FileUploadResult result = new FileUploadResult();
|
||||||
@ -234,10 +231,10 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
// This should only be used in debug environments
|
// This should only be used in debug environments
|
||||||
else {
|
else {
|
||||||
// Setup the HTTPS connection class to trust everyone
|
// Setup the HTTPS connection class to trust everyone
|
||||||
trustAllHosts();
|
|
||||||
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
|
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
|
||||||
|
oldSocketFactory = trustAllHosts(https);
|
||||||
// Save the current hostnameVerifier
|
// Save the current hostnameVerifier
|
||||||
defaultHostnameVerifier = https.getHostnameVerifier();
|
oldHostnameVerifier = https.getHostnameVerifier();
|
||||||
// Setup the connection not to verify hostnames
|
// Setup the connection not to verify hostnames
|
||||||
https.setHostnameVerifier(DO_NOT_VERIFY);
|
https.setHostnameVerifier(DO_NOT_VERIFY);
|
||||||
conn = https;
|
conn = https;
|
||||||
@ -454,10 +451,12 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (conn != null) {
|
if (conn != null) {
|
||||||
|
// Revert back to the proper verifier and socket factories
|
||||||
// Revert back to the proper verifier and socket factories
|
// Revert back to the proper verifier and socket factories
|
||||||
if (trustEveryone && useHttps) {
|
if (trustEveryone && useHttps) {
|
||||||
((HttpsURLConnection) conn).setHostnameVerifier(defaultHostnameVerifier);
|
HttpsURLConnection https = (HttpsURLConnection) conn;
|
||||||
HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
|
https.setHostnameVerifier(oldHostnameVerifier);
|
||||||
|
https.setSSLSocketFactory(oldSocketFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
conn.disconnect();
|
conn.disconnect();
|
||||||
@ -484,23 +483,13 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// always verify the host - don't check for certificate
|
// always verify the host - don't check for certificate
|
||||||
private final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
|
private static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
|
||||||
public boolean verify(String hostname, SSLSession session) {
|
public boolean verify(String hostname, SSLSession session) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
/**
|
|
||||||
* This function will install a trust manager that will blindly trust all SSL
|
|
||||||
* certificates. The reason this code is being added is to enable developers
|
|
||||||
* to do development using self signed SSL certificates on their web server.
|
|
||||||
*
|
|
||||||
* The standard HttpsURLConnection class will throw an exception on self
|
|
||||||
* signed certificates if this code is not run.
|
|
||||||
*/
|
|
||||||
private void trustAllHosts() {
|
|
||||||
// Create a trust manager that does not validate certificate chains
|
// Create a trust manager that does not validate certificate chains
|
||||||
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
|
private static final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
|
||||||
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||||
return new java.security.cert.X509Certificate[] {};
|
return new java.security.cert.X509Certificate[] {};
|
||||||
}
|
}
|
||||||
@ -514,19 +503,27 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
}
|
}
|
||||||
} };
|
} };
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This function will install a trust manager that will blindly trust all SSL
|
||||||
|
* certificates. The reason this code is being added is to enable developers
|
||||||
|
* to do development using self signed SSL certificates on their web server.
|
||||||
|
*
|
||||||
|
* The standard HttpsURLConnection class will throw an exception on self
|
||||||
|
* signed certificates if this code is not run.
|
||||||
|
*/
|
||||||
|
private static SSLSocketFactory trustAllHosts(HttpsURLConnection connection) {
|
||||||
// Install the all-trusting trust manager
|
// Install the all-trusting trust manager
|
||||||
|
SSLSocketFactory oldFactory = connection.getSSLSocketFactory();
|
||||||
try {
|
try {
|
||||||
// Backup the current SSL socket factory
|
|
||||||
if (defaultSSLSocketFactory == null) {
|
|
||||||
defaultSSLSocketFactory = HttpsURLConnection.getDefaultSSLSocketFactory();
|
|
||||||
}
|
|
||||||
// Install our all trusting manager
|
// Install our all trusting manager
|
||||||
SSLContext sc = SSLContext.getInstance("TLS");
|
SSLContext sc = SSLContext.getInstance("TLS");
|
||||||
sc.init(null, trustAllCerts, new java.security.SecureRandom());
|
sc.init(null, trustAllCerts, new java.security.SecureRandom());
|
||||||
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
|
SSLSocketFactory newFactory = sc.getSocketFactory();
|
||||||
|
connection.setSSLSocketFactory(newFactory);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Log.e(LOG_TAG, e.getMessage(), e);
|
Log.e(LOG_TAG, e.getMessage(), e);
|
||||||
}
|
}
|
||||||
|
return oldFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static JSONObject createFileTransferError(int errorCode, String source, String target, HttpURLConnection connection) {
|
private static JSONObject createFileTransferError(int errorCode, String source, String target, HttpURLConnection connection) {
|
||||||
@ -625,7 +622,8 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
HttpURLConnection connection = null;
|
HttpURLConnection connection = null;
|
||||||
HostnameVerifier defaultHostnameVerifier = null;
|
HostnameVerifier oldHostnameVerifier = null;
|
||||||
|
SSLSocketFactory oldSocketFactory = null;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
@ -644,10 +642,10 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
// This should only be used in debug environments
|
// This should only be used in debug environments
|
||||||
else {
|
else {
|
||||||
// Setup the HTTPS connection class to trust everyone
|
// Setup the HTTPS connection class to trust everyone
|
||||||
trustAllHosts();
|
|
||||||
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
|
HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
|
||||||
|
oldSocketFactory = trustAllHosts(https);
|
||||||
// Save the current hostnameVerifier
|
// Save the current hostnameVerifier
|
||||||
defaultHostnameVerifier = https.getHostnameVerifier();
|
oldHostnameVerifier = https.getHostnameVerifier();
|
||||||
// Setup the connection not to verify hostnames
|
// Setup the connection not to verify hostnames
|
||||||
https.setHostnameVerifier(DO_NOT_VERIFY);
|
https.setHostnameVerifier(DO_NOT_VERIFY);
|
||||||
connection = https;
|
connection = https;
|
||||||
@ -738,9 +736,10 @@ public class FileTransfer extends CordovaPlugin {
|
|||||||
|
|
||||||
if (connection != null) {
|
if (connection != null) {
|
||||||
// Revert back to the proper verifier and socket factories
|
// Revert back to the proper verifier and socket factories
|
||||||
if (trustEveryone && url.getProtocol().toLowerCase().equals("https")) {
|
if (trustEveryone && useHttps) {
|
||||||
((HttpsURLConnection) connection).setHostnameVerifier(defaultHostnameVerifier);
|
HttpsURLConnection https = (HttpsURLConnection) connection;
|
||||||
HttpsURLConnection.setDefaultSSLSocketFactory(defaultSSLSocketFactory);
|
https.setHostnameVerifier(oldHostnameVerifier);
|
||||||
|
https.setSSLSocketFactory(oldSocketFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
connection.disconnect();
|
connection.disconnect();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user