From 508b1b4f83bc7e916d99b83eb125c4df5c9a830f Mon Sep 17 00:00:00 2001 From: Sefa Ilkimen Date: Fri, 22 Mar 2019 05:03:24 +0100 Subject: [PATCH] re-implement disabling verification of hostname --- plugin.xml | 1 + .../silkimen/cordovahttp/CordovaHttpBase.java | 15 ++++++++-- .../cordovahttp/CordovaHttpDownload.java | 7 +++-- .../cordovahttp/CordovaHttpOperation.java | 13 ++++++--- .../cordovahttp/CordovaHttpPlugin.java | 28 +++++++++++-------- .../cordovahttp/CordovaHttpUpload.java | 7 +++-- .../http/HostnameVerifierFactory.java | 9 +++--- 7 files changed, 54 insertions(+), 26 deletions(-) diff --git a/plugin.xml b/plugin.xml index 96d0379..a675db0 100644 --- a/plugin.xml +++ b/plugin.xml @@ -62,6 +62,7 @@ + diff --git a/src/android/com/silkimen/cordovahttp/CordovaHttpBase.java b/src/android/com/silkimen/cordovahttp/CordovaHttpBase.java index 87d08d0..adebad7 100644 --- a/src/android/com/silkimen/cordovahttp/CordovaHttpBase.java +++ b/src/android/com/silkimen/cordovahttp/CordovaHttpBase.java @@ -7,6 +7,7 @@ import java.net.UnknownHostException; import java.nio.ByteBuffer; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSocketFactory; @@ -34,9 +35,11 @@ abstract class CordovaHttpBase implements Runnable { protected int timeout; protected boolean followRedirects; protected SSLSocketFactory customSSLSocketFactory; + protected HostnameVerifier customHostnameVerifier; protected CallbackContext callbackContext; - public CordovaHttpBase(String method, String url, String serializer, Object data, JSONObject headers, int timeout, boolean followRedirects, SSLSocketFactory customSSLSocketFactory, + public CordovaHttpBase(String method, String url, String serializer, Object data, JSONObject headers, int timeout, + boolean followRedirects, SSLSocketFactory customSSLSocketFactory, HostnameVerifier customHostnameVerifier, CallbackContext callbackContext) { this.method = method; @@ -47,11 +50,12 @@ abstract class CordovaHttpBase implements Runnable { this.timeout = timeout; this.followRedirects = followRedirects; this.customSSLSocketFactory = customSSLSocketFactory; + this.customHostnameVerifier = customHostnameVerifier; this.callbackContext = callbackContext; } - - public CordovaHttpBase(String method, String url, JSONObject params, JSONObject headers, int timeout, boolean followRedirects, SSLSocketFactory customSSLSocketFactory, + public CordovaHttpBase(String method, String url, JSONObject params, JSONObject headers, int timeout, + boolean followRedirects, SSLSocketFactory customSSLSocketFactory, HostnameVerifier customHostnameVerifier, CallbackContext callbackContext) { this.method = method; @@ -61,6 +65,7 @@ abstract class CordovaHttpBase implements Runnable { this.timeout = timeout; this.followRedirects = followRedirects; this.customSSLSocketFactory = customSSLSocketFactory; + this.customHostnameVerifier = customHostnameVerifier; this.callbackContext = callbackContext; } @@ -121,6 +126,10 @@ abstract class CordovaHttpBase implements Runnable { request.acceptCharset("UTF-8"); request.uncompress(true); + if (this.customHostnameVerifier != null) { + request.setHostnameVerifier(this.customHostnameVerifier); + } + if (this.customSSLSocketFactory != null) { request.setSSLSocketFactory(this.customSSLSocketFactory); } diff --git a/src/android/com/silkimen/cordovahttp/CordovaHttpDownload.java b/src/android/com/silkimen/cordovahttp/CordovaHttpDownload.java index 60c830e..478a1e0 100644 --- a/src/android/com/silkimen/cordovahttp/CordovaHttpDownload.java +++ b/src/android/com/silkimen/cordovahttp/CordovaHttpDownload.java @@ -3,6 +3,7 @@ package com.silkimen.cordovahttp; import java.io.File; import java.net.URI; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; import com.silkimen.http.HttpRequest; @@ -15,9 +16,11 @@ class CordovaHttpDownload extends CordovaHttpBase { private String filePath; public CordovaHttpDownload(String url, JSONObject params, JSONObject headers, String filePath, int timeout, - boolean followRedirects, SSLSocketFactory customSSLSocketFactory, CallbackContext callbackContext) { + boolean followRedirects, SSLSocketFactory customSSLSocketFactory, HostnameVerifier customHostnameVerifier, + CallbackContext callbackContext) { - super("GET", url, params, headers, timeout, followRedirects, customSSLSocketFactory, callbackContext); + super("GET", url, params, headers, timeout, followRedirects, customSSLSocketFactory, customHostnameVerifier, + callbackContext); this.filePath = filePath; } diff --git a/src/android/com/silkimen/cordovahttp/CordovaHttpOperation.java b/src/android/com/silkimen/cordovahttp/CordovaHttpOperation.java index a40edf1..fe13578 100644 --- a/src/android/com/silkimen/cordovahttp/CordovaHttpOperation.java +++ b/src/android/com/silkimen/cordovahttp/CordovaHttpOperation.java @@ -1,5 +1,6 @@ package com.silkimen.cordovahttp; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; import org.apache.cordova.CallbackContext; @@ -7,14 +8,18 @@ import org.json.JSONObject; class CordovaHttpOperation extends CordovaHttpBase { public CordovaHttpOperation(String method, String url, String serializer, Object data, JSONObject headers, - int timeout, boolean followRedirects, SSLSocketFactory customSSLSocketFactory, CallbackContext callbackContext) { + int timeout, boolean followRedirects, SSLSocketFactory customSSLSocketFactory, + HostnameVerifier customHostnameVerifier, CallbackContext callbackContext) { - super(method, url, serializer, data, headers, timeout, followRedirects, customSSLSocketFactory, callbackContext); + super(method, url, serializer, data, headers, timeout, followRedirects, customSSLSocketFactory, + customHostnameVerifier, callbackContext); } public CordovaHttpOperation(String method, String url, JSONObject params, JSONObject headers, int timeout, - boolean followRedirects, SSLSocketFactory customSSLSocketFactory, CallbackContext callbackContext) { + boolean followRedirects, SSLSocketFactory customSSLSocketFactory, HostnameVerifier customHostnameVerifier, + CallbackContext callbackContext) { - super(method, url, params, headers, timeout, followRedirects, customSSLSocketFactory, callbackContext); + super(method, url, params, headers, timeout, followRedirects, customSSLSocketFactory, customHostnameVerifier, + callbackContext); } } diff --git a/src/android/com/silkimen/cordovahttp/CordovaHttpPlugin.java b/src/android/com/silkimen/cordovahttp/CordovaHttpPlugin.java index 8706181..2dccf81 100644 --- a/src/android/com/silkimen/cordovahttp/CordovaHttpPlugin.java +++ b/src/android/com/silkimen/cordovahttp/CordovaHttpPlugin.java @@ -14,10 +14,12 @@ import java.security.cert.Certificate; import java.util.ArrayList; import java.util.Enumeration; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; +import com.silkimen.http.HostnameVerifierFactory; import com.silkimen.http.TLSSocketFactory; import com.silkimen.http.TrustManagersFactory; @@ -35,16 +37,17 @@ import android.util.Log; public class CordovaHttpPlugin extends CordovaPlugin { private static final String TAG = "Cordova-Plugin-HTTP"; + private final TrustManagersFactory trustManagersFactory = new TrustManagersFactory(); + private final HostnameVerifierFactory hostnameVerifierFactory = new HostnameVerifierFactory(); + private boolean followRedirects = true; - private TrustManagersFactory trustManagersFactory; private SSLSocketFactory customSSLSocketFactory; + private HostnameVerifier customHostnameVerifier; @Override public void initialize(CordovaInterface cordova, CordovaWebView webView) { super.initialize(cordova, webView); - this.trustManagersFactory = new TrustManagersFactory(); - try { this.customSSLSocketFactory = this.createSocketFactory( this.trustManagersFactory.getPinnedTrustManagers(this.getCertsFromKeyStore("AndroidCAStore"))); @@ -96,7 +99,7 @@ public class CordovaHttpPlugin extends CordovaPlugin { int timeout = args.getInt(3) * 1000; CordovaHttpOperation request = new CordovaHttpOperation(method.toUpperCase(), url, params, headers, timeout, - this.followRedirects, this.customSSLSocketFactory, callbackContext); + this.followRedirects, this.customSSLSocketFactory, this.customHostnameVerifier, callbackContext); cordova.getThreadPool().execute(request); @@ -113,7 +116,7 @@ public class CordovaHttpPlugin extends CordovaPlugin { int timeout = args.getInt(4) * 1000; CordovaHttpOperation request = new CordovaHttpOperation(method.toUpperCase(), url, serializer, data, headers, - timeout, this.followRedirects, this.customSSLSocketFactory, callbackContext); + timeout, this.followRedirects, this.customSSLSocketFactory, this.customHostnameVerifier, callbackContext); cordova.getThreadPool().execute(request); @@ -129,7 +132,7 @@ public class CordovaHttpPlugin extends CordovaPlugin { int timeout = args.getInt(5) * 1000; CordovaHttpUpload upload = new CordovaHttpUpload(url, params, headers, filePath, uploadName, timeout, - this.followRedirects, this.customSSLSocketFactory, callbackContext); + this.followRedirects, this.customSSLSocketFactory, this.customHostnameVerifier, callbackContext); cordova.getThreadPool().execute(upload); @@ -144,7 +147,7 @@ public class CordovaHttpPlugin extends CordovaPlugin { int timeout = args.getInt(4) * 1000; CordovaHttpDownload download = new CordovaHttpDownload(url, params, headers, filePath, timeout, - this.followRedirects, this.customSSLSocketFactory, callbackContext); + this.followRedirects, this.customSSLSocketFactory, this.customHostnameVerifier, callbackContext); cordova.getThreadPool().execute(download); @@ -155,19 +158,22 @@ public class CordovaHttpPlugin extends CordovaPlugin { try { switch (args.getString(0)) { case "legacy": + this.customHostnameVerifier = null; this.customSSLSocketFactory = null; break; case "nocheck": - /* @TODO host name verification */ + this.customHostnameVerifier = this.hostnameVerifierFactory.getNoOpVerifier(); this.customSSLSocketFactory = this.createSocketFactory(this.trustManagersFactory.getNoopTrustManagers()); break; case "pinned": + this.customHostnameVerifier = null; this.customSSLSocketFactory = this.createSocketFactory( - this.trustManagersFactory.getPinnedTrustManagers(this.getCertsFromBundle("www/certificates/"))); + this.trustManagersFactory.getPinnedTrustManagers(this.getCertsFromBundle("www/certificates"))); break; default: + this.customHostnameVerifier = null; this.customSSLSocketFactory = this.createSocketFactory( - this.trustManagersFactory.getPinnedTrustManagers(this.getCertsFromKeyStore("AndroidCAStore"))); + this.trustManagersFactory.getPinnedTrustManagers(this.getCertsFromKeyStore("AndroidCAStore"))); break; } @@ -218,7 +224,7 @@ public class CordovaHttpPlugin extends CordovaPlugin { continue; } - certList.add(cf.generateCertificate(assetManager.open(path + files[i]))); + certList.add(cf.generateCertificate(assetManager.open(path + "/" + files[i]))); } return certList; diff --git a/src/android/com/silkimen/cordovahttp/CordovaHttpUpload.java b/src/android/com/silkimen/cordovahttp/CordovaHttpUpload.java index fff3390..a28e646 100644 --- a/src/android/com/silkimen/cordovahttp/CordovaHttpUpload.java +++ b/src/android/com/silkimen/cordovahttp/CordovaHttpUpload.java @@ -7,6 +7,7 @@ import com.silkimen.http.HttpRequest; import java.io.File; import java.net.URI; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; import org.apache.cordova.CallbackContext; @@ -17,9 +18,11 @@ class CordovaHttpUpload extends CordovaHttpBase { private String uploadName; public CordovaHttpUpload(String url, JSONObject params, JSONObject headers, String filePath, String uploadName, - int timeout, boolean followRedirects, SSLSocketFactory customSSLSocketFactory, CallbackContext callbackContext) { + int timeout, boolean followRedirects, SSLSocketFactory customSSLSocketFactory, + HostnameVerifier customHostnameVerifier, CallbackContext callbackContext) { - super("POST", url, params, headers, timeout, followRedirects, customSSLSocketFactory, callbackContext); + super("POST", url, params, headers, timeout, followRedirects, customSSLSocketFactory, customHostnameVerifier, + callbackContext); this.filePath = filePath; this.uploadName = uploadName; } diff --git a/src/android/com/silkimen/http/HostnameVerifierFactory.java b/src/android/com/silkimen/http/HostnameVerifierFactory.java index 8bc4fdc..f0cf16c 100644 --- a/src/android/com/silkimen/http/HostnameVerifierFactory.java +++ b/src/android/com/silkimen/http/HostnameVerifierFactory.java @@ -1,12 +1,13 @@ package com.silkimen.http; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSession; -public class HostnameVerfifierFactory { - private final HostnameVerifier noOpVerififer; +public class HostnameVerifierFactory { + private final HostnameVerifier noOpVerifier; public HostnameVerifierFactory() { - this.noOpVerififer = new HostnameVerifier() { + this.noOpVerifier = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } @@ -14,6 +15,6 @@ public class HostnameVerfifierFactory { } public HostnameVerifier getNoOpVerifier() { - return this.noOpVerififer; + return this.noOpVerifier; } }