From a0f376233c469c333f322e8af0aaa8738ec1904d Mon Sep 17 00:00:00 2001
From: Sefa Ilkimen <sefa.ilkimen@mobisys.de>
Date: Fri, 1 Mar 2019 18:12:06 +0100
Subject: [PATCH] Fix #187: setSSLCertMode with "default" throws an error on
 Android

---
 CHANGELOG.md                                  |  4 +++
 package.json                                  |  2 +-
 .../github/kevinsawicki/http/HttpRequest.java |  7 +++++
 .../cordovahttp/CordovaHttpPlugin.java        | 30 +++++++++++++++----
 test/app-mocha-specs/helpers/caps.js          |  1 +
 5 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f1e209d..27c8391 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 2.0.6
+
+- Fixed #187: setSSLCertMode with "default" throws an error on Android
+
 ## 2.0.5
 
 - Fixed #185: need more detailed SSL error message
diff --git a/package.json b/package.json
index 0dae875..3a2dfc2 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cordova-plugin-advanced-http",
-  "version": "2.0.5",
+  "version": "2.0.6",
   "description": "Cordova / Phonegap plugin for communicating with HTTP servers using SSL pinning",
   "scripts": {
     "updatecert": "node ./scripts/update-test-cert.js",
diff --git a/src/android/com/github/kevinsawicki/http/HttpRequest.java b/src/android/com/github/kevinsawicki/http/HttpRequest.java
index 1fe0e4a..237f236 100644
--- a/src/android/com/github/kevinsawicki/http/HttpRequest.java
+++ b/src/android/com/github/kevinsawicki/http/HttpRequest.java
@@ -523,6 +523,13 @@ public class HttpRequest {
       }
   }
 
+  /**
+   * Clear certs which were added to test against when using ssl pinning.
+   */
+  public static void clearCerts() {
+    PINNED_CERTS = null;
+  }
+
   /**
    * Callback interface for reporting upload progress for a request.
    */
diff --git a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
index bcf9b65..280b5dc 100644
--- a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
+++ b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
@@ -9,6 +9,7 @@ import java.io.InputStream;
 
 import java.security.GeneralSecurityException;
 import java.security.KeyStore;
+import java.security.KeyStore.TrustedCertificateEntry;
 import java.security.cert.Certificate;
 
 import java.util.ArrayList;
@@ -33,6 +34,14 @@ public class CordovaHttpPlugin extends CordovaPlugin {
     @Override
     public void initialize(CordovaInterface cordova, CordovaWebView webView) {
         super.initialize(cordova, webView);
+
+        try {
+          HttpRequest.clearCerts();
+          this.pinSSLCertsFromCAStore();
+        } catch (Exception e) {
+          e.printStackTrace();
+          System.err.println("There was an error loading system's CA certificates");
+        }
     }
 
     @Override
@@ -92,6 +101,8 @@ public class CordovaHttpPlugin extends CordovaPlugin {
         } else if (action.equals("setSSLCertMode")) {
             String mode = args.getString(0);
 
+            HttpRequest.clearCerts();
+
             if (mode.equals("legacy")) {
                 HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
                 callbackContext.success();
@@ -100,7 +111,7 @@ public class CordovaHttpPlugin extends CordovaPlugin {
                 callbackContext.success();
             } else if (mode.equals("pinned")) {
                 try {
-                    this.loadSSLCerts();
+                    this.loadSSLCertsFromBundle();
                     HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
                     callbackContext.success();
                 } catch (Exception e) {
@@ -109,8 +120,7 @@ public class CordovaHttpPlugin extends CordovaPlugin {
                 }
             } else if (mode.equals("default")) {
                 try {
-                    this.loadUserStoreSSLCerts();
-                    HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
+                    this.pinSSLCertsFromCAStore();
                     callbackContext.success();
                 } catch (Exception e) {
                     e.printStackTrace();
@@ -146,17 +156,25 @@ public class CordovaHttpPlugin extends CordovaPlugin {
         return true;
     }
 
-    private void loadUserStoreSSLCerts() throws Exception {
-      KeyStore ks = KeyStore.getInstance("AndroidCAStore");
+    private void pinSSLCertsFromCAStore() throws GeneralSecurityException, IOException {
+      this.loadSSLCertsFromKeyStore("AndroidCAStore");
+      HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
+    }
+
+    private void loadSSLCertsFromKeyStore(String storeType) throws GeneralSecurityException, IOException {
+      KeyStore ks = KeyStore.getInstance(storeType);
       ks.load(null);
       Enumeration<String> aliases = ks.aliases();
 
       while (aliases.hasMoreElements()) {
         String alias = aliases.nextElement();
+        TrustedCertificateEntry certEntry = (TrustedCertificateEntry) ks.getEntry(alias, null);
+        Certificate cert = certEntry.getTrustedCertificate();
+        HttpRequest.addCert(cert);
       }
     }
 
-    private void loadSSLCerts() throws GeneralSecurityException, IOException {
+    private void loadSSLCertsFromBundle() throws GeneralSecurityException, IOException {
         AssetManager assetManager = cordova.getActivity().getAssets();
         String[] files = assetManager.list("www/certificates");
         ArrayList<String> cerFiles = new ArrayList<String>();
diff --git a/test/app-mocha-specs/helpers/caps.js b/test/app-mocha-specs/helpers/caps.js
index c003698..93f9657 100644
--- a/test/app-mocha-specs/helpers/caps.js
+++ b/test/app-mocha-specs/helpers/caps.js
@@ -18,6 +18,7 @@ const local = {
     platformVersion: '5.1',
     deviceName: 'Android Emulator',
     autoWebview: true,
+    fullReset: true,
     app: undefined // will be set later
   }
 };