Fix #172: plugin does not respect user installed CA certs on Android

2026-05-12 00:03:02 +08:00 · 2018-12-23 19:00:51 +01:00
parent 49f219723d
commit a195de409d
6 changed files with 37 additions and 6 deletions
@@ -8,8 +8,11 @@ import java.io.IOException;
 import java.io.InputStream;

 import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;

 import java.util.ArrayList;
+import java.util.Enumeration;

 import org.apache.cordova.CallbackContext;
 import org.apache.cordova.CordovaInterface;
@@ -89,7 +92,7 @@ public class CordovaHttpPlugin extends CordovaPlugin {
        } else if (action.equals("setSSLCertMode")) {
            String mode = args.getString(0);

-            if (mode.equals("default")) {
+            if (mode.equals("legacy")) {
                HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
                callbackContext.success();
            } else if (mode.equals("nocheck")) {
@@ -100,10 +103,19 @@ public class CordovaHttpPlugin extends CordovaPlugin {
                    this.loadSSLCerts();
                    HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
                    callbackContext.success();
-                } catch(Exception e) {
+                } catch (Exception e) {
                    e.printStackTrace();
                    callbackContext.error("There was an error setting up ssl pinning");
                }
+            } else if (mode.equals("default")) {
+                try {
+                    this.loadUserStoreSSLCerts();
+                    HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
+                    callbackContext.success();
+                } catch (Exception e) {
+                    e.printStackTrace();
+                    callbackContext.error("There was an error loading system's CA certificates");
+                }
            }
        } else if (action.equals("uploadFile")) {
            String urlString = args.getString(0);
@@ -134,6 +146,16 @@ public class CordovaHttpPlugin extends CordovaPlugin {
        return true;
    }

+    private void loadUserStoreSSLCerts() throws Exception {
+      KeyStore ks = KeyStore.getInstance("AndroidCAStore");
+      ks.load(null);
+      Enumeration<String> aliases = ks.aliases();
+
+      while (aliases.hasMoreElements()) {
+        String alias = aliases.nextElement();
+      }
+    }
+
    private void loadSSLCerts() throws GeneralSecurityException, IOException {
        AssetManager assetManager = cordova.getActivity().getAssets();
        String[] files = assetManager.list("www/certificates");
@@ -124,7 +124,7 @@
 - (void)setSSLCertMode:(CDVInvokedUrlCommand*)command {
    NSString *certMode = [command.arguments objectAtIndex:0];

-    if ([certMode isEqualToString: @"default"]) {
+    if ([certMode isEqualToString: @"default"] || [certMode isEqualToString: @"legacy"]) {
        securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
        securityPolicy.allowInvalidCertificates = NO;
        securityPolicy.validatesDomainName = YES;