release v2.0.3

Update cordova to fix peer dependency issues
Fix #172 : plugin does not respect user installed CA certs on Android
2026-02-22 00:00:04 +08:00 · 2019-01-15 17:00:54 +01:00 · 2019-01-15 16:58:00 +01:00 · 2018-12-23 19:00:51 +01:00 · 2018-12-12 19:46:58 +01:00 · 2018-12-12 15:29:27 +01:00
13 changed files with 92 additions and 46 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,12 +1,6 @@
-sudo: false
-
-language: objective-c
-os: osx
-osx_image: xcode9.3
-
-env:
-  - TARGET_PLATFORM=ios
-  - TARGET_PLATFORM=android ANDROID_API_LEVEL=27 ANDROID_BUILD_TOOLS_VERSION=28.0.3
+notifications:
+  slack:
+    secure: lXE+2AgsxZU5G5dI91LkMAIgo8MAWfdM7DB5UOtn5LpuNln+2FmJo1gOI7tkdmLOqpXTGYnpI2VyQN3H4nOF21YhuouzD1Sh8n2wtQg1iTm353kuQpqiVhSBX8ZJ7Be1e1G8OsnxoYOxbs4Zo9qI40EruwkvqLCBHWM5MRGyd4M7EFWwb9Z29VZN0y1Nt5g/c3bT76kdKmF+JCLur2OeEKxAity7sIKgZekSqeIMwEVLSxXnda6Dbjc/cg0MJ0iDArkD7iu6fz/Fcrrxgm/pUxjcgvqze7Gy5i31mjEfspnrglWV1cshMd48BTDKCJ2AMmxH8O3GPSWE2txjIvGRWUve7iViNylvmQCVz3Eyf99+4EuuVGa+5PSodQ/CqODx/65EwtcN3PE1tNz2puKOK8nrOJcFkcbG8KTHKUlQtHCkjitbykUnj/hvhLK5/oWlQYVOLWWrHwdGUh8FI8aFPVGjRjWbHbhdayjEIqxwr1ns+6mYrP1EFNXbaeZxnLNC59XpJl1ifuezqYAk7YEiU5j4rtC7YKgyQ3ueb7anOHTJoTMyDn8mpZXgwuyhoBaeEYytQVgRyMtL6Y5cP98Jn2kv0+vdne3rkk9/JEBTo32HOjvoij6rsqEvXC0LhUDJSNadOVdHht0jjoN6zBH37HIE5/3zysLlPcAcHAS83ow=

 cache:
  directories:
@@ -15,30 +9,51 @@ cache:
 addons:
  sauce_connect: true

-before_install:
- export LANG=en_US.UTF-8
+matrix:
+  include:
+  - name: "iOS Build & Test"
+    language: objective-c
+    sudo: false
+    os: osx
+    osx_image: xcode10.1

-install:
- npm install
- if [ $TARGET_PLATFORM = "android" ]; then
-    brew update &&
-    brew install gradle &&
-    scripts/setup-android-sdk.sh -a $ANDROID_API_LEVEL -b $ANDROID_BUILD_TOOLS_VERSION &&
-    export ANDROID_HOME=$(pwd)/android-sdk-macosx &&
-    export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools:$ANDROID_HOME/build-tools/$ANDROID_BUILD_TOOLS_VERSION;
-  fi
+    before_install:
+    - export LANG=en_US.UTF-8

-script:
- npm run testjs
- npm run updatecert
- travis_wait scripts/build-test-app.sh --$TARGET_PLATFORM --emulator &&
-  scripts/upload-artifact.sh --$TARGET_PLATFORM &&
-  scripts/test-app.sh --$TARGET_PLATFORM --emulator;
+    install:
+    - npm install

-after_success:
+    script:
+    - npm run testjs &&
+      npm run updatecert &&
+      scripts/build-test-app.sh --ios --emulator &&
+      scripts/upload-artifact.sh --ios &&
+      scripts/test-app.sh --ios --emulator;

-deploy:
+  - name: "Android Build & Test"
+    language: android
+    sudo : required

-notifications:
-  slack:
-    secure: lXE+2AgsxZU5G5dI91LkMAIgo8MAWfdM7DB5UOtn5LpuNln+2FmJo1gOI7tkdmLOqpXTGYnpI2VyQN3H4nOF21YhuouzD1Sh8n2wtQg1iTm353kuQpqiVhSBX8ZJ7Be1e1G8OsnxoYOxbs4Zo9qI40EruwkvqLCBHWM5MRGyd4M7EFWwb9Z29VZN0y1Nt5g/c3bT76kdKmF+JCLur2OeEKxAity7sIKgZekSqeIMwEVLSxXnda6Dbjc/cg0MJ0iDArkD7iu6fz/Fcrrxgm/pUxjcgvqze7Gy5i31mjEfspnrglWV1cshMd48BTDKCJ2AMmxH8O3GPSWE2txjIvGRWUve7iViNylvmQCVz3Eyf99+4EuuVGa+5PSodQ/CqODx/65EwtcN3PE1tNz2puKOK8nrOJcFkcbG8KTHKUlQtHCkjitbykUnj/hvhLK5/oWlQYVOLWWrHwdGUh8FI8aFPVGjRjWbHbhdayjEIqxwr1ns+6mYrP1EFNXbaeZxnLNC59XpJl1ifuezqYAk7YEiU5j4rtC7YKgyQ3ueb7anOHTJoTMyDn8mpZXgwuyhoBaeEYytQVgRyMtL6Y5cP98Jn2kv0+vdne3rkk9/JEBTo32HOjvoij6rsqEvXC0LhUDJSNadOVdHht0jjoN6zBH37HIE5/3zysLlPcAcHAS83ow=
+    android:
+      components:
+        - platform-tools
+        - build-tools-28.0.3
+        - android-27
+        - extra-android-support
+        - extra-android-m2repository
+        - extra-google-m2repository
+
+    before_install:
+    - export LANG=en_US.UTF-8 &&
+      curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - &&
+      sudo apt-get install -y nodejs
+
+    install:
+    - npm install
+
+    script:
+    - npm run testjs &&
+      npm run updatecert &&
+      scripts/build-test-app.sh --android --emulator &&
+      scripts/upload-artifact.sh --android &&
+      scripts/test-app.sh --android --emulator;
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog

+## 2.0.3
+
+- Fixed #172: plugin does not respect user installed CA certs on Android
+
+#### Important information
+We've changed a default behavior on Android. User installed CA certs are respected now.
+If you don't want this for your needs, you can switch back to old behavior by setting SSL cert mode to `legacy`.
+
 ## 2.0.2

 - Fixed #142: Plugin affected by REDoS Issue of tough-cookie
--- a/README.md
+++ b/README.md
@@ -132,12 +132,13 @@ These functions all take success and error callbacks as their last 2 arguments.
 Set SSL Cert handling mode, being one of the following values:

 * `default`: default SSL cert handling using system's CA certs
+* `legacy`: use legacy default behavior (< 2.0.3), excluding user installed CA certs (only for Android)
 * `nocheck`: disable SSL cert checking, trusting all certs (meant to be used only for testing purposes)
 * `pinned`: trust only provided certs

 To use SSL pinning you must include at least one `.cer` SSL certificate in your app project.  You can pin to your server certificate or to one of the issuing CA certificates. Include your certificate in the `www/certificates` folder. All `.cer` files found there will be loaded automatically.

-:warning: Your certificate must be DER encoded! If you only have a PEM enoceded certificate see this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729). You want to convert it to a DER encoded certificate with a .cer extension.
+:warning: Your certificate must be DER encoded! If you only have a PEM encoded certificate read this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729). You want to convert it to a DER encoded certificate with a .cer extension.

 ```js
 // enable SSL pinning
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "cordova-plugin-advanced-http",
-  "version": "2.0.2",
+  "version": "2.0.3",
  "description": "Cordova / Phonegap plugin for communicating with HTTP servers using SSL pinning",
  "scripts": {
    "updatecert": "node ./scripts/update-test-cert.js",
@@ -59,7 +59,7 @@
    "chai": "4.1.2",
    "chai-as-promised": "7.1.1",
    "colors": "1.1.2",
-    "cordova": "7.1.0",
+    "cordova": "8.1.2",
    "mocha": "4.0.0",
    "mock-require": "2.0.2",
    "mz": "2.7.0",
--- a/plugin.xml
+++ b/plugin.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<plugin xmlns="http://www.phonegap.com/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="cordova-plugin-advanced-http" version="2.0.2">
+<plugin xmlns="http://www.phonegap.com/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="cordova-plugin-advanced-http" version="2.0.3">
  <name>Advanced HTTP plugin</name>
  <description>
        Cordova / Phonegap plugin for communicating with HTTP servers using SSL pinning
--- a/scripts/build-test-app.sh
+++ b/scripts/build-test-app.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e

-ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
+ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
 WORKINGCOPY=$ROOT/temp/workingcopy
 CDV=$ROOT/node_modules/.bin/cordova

@@ -37,9 +37,9 @@ done

 rm -rf $ROOT/temp
 mkdir $ROOT/temp
-cp -r $ROOT/test/app-template/ $ROOT/temp/
+cp -r $ROOT/test/app-template/. $ROOT/temp/
 cp $ROOT/test/app-test-definitions.js $ROOT/temp/www/
-rsync -ax --exclude node_modules --exclude scripts --exclude temp --exclude test $ROOT $WORKINGCOPY
+rsync -ax --exclude node_modules --exclude scripts --exclude temp --exclude test $ROOT/. $WORKINGCOPY
 cd $ROOT/temp
 $CDV prepare
 $CDV plugins add $WORKINGCOPY
--- a/scripts/release.sh
+++ b/scripts/release.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e

-ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
+ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"

 pushd $ROOT
 VERSION=$(node -e "console.log(require('./package.json').version)")
--- a/scripts/test-app.sh
+++ b/scripts/test-app.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e

-ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
+ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"

 if [ $CI == "true" ] && ([ -z $SAUCE_USERNAME ] || [ -z $SAUCE_ACCESS_KEY ]); then
  echo "Skipping CI tests, because Saucelabs credentials are not set.";
--- a/scripts/update-tough-cookie.sh
+++ b/scripts/update-tough-cookie.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e

-ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
+ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"

 cd $ROOT
 npm i
--- a/scripts/upload-artifact.sh
+++ b/scripts/upload-artifact.sh
@@ -2,7 +2,7 @@
 set -e

 PLATFORM=$([[ "${@#--android}" = "$@" ]] && echo "ios" || echo "android")
-ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
+ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
 TEMP=$ROOT/temp

 if [ -z $SAUCE_USERNAME ] || [ -z $SAUCE_ACCESS_KEY ]; then
--- a/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
+++ b/src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java
@@ -8,8 +8,11 @@ import java.io.IOException;
 import java.io.InputStream;

 import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;

 import java.util.ArrayList;
+import java.util.Enumeration;

 import org.apache.cordova.CallbackContext;
 import org.apache.cordova.CordovaInterface;
@@ -89,7 +92,7 @@ public class CordovaHttpPlugin extends CordovaPlugin {
        } else if (action.equals("setSSLCertMode")) {
            String mode = args.getString(0);

-            if (mode.equals("default")) {
+            if (mode.equals("legacy")) {
                HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
                callbackContext.success();
            } else if (mode.equals("nocheck")) {
@@ -100,10 +103,19 @@ public class CordovaHttpPlugin extends CordovaPlugin {
                    this.loadSSLCerts();
                    HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
                    callbackContext.success();
-                } catch(Exception e) {
+                } catch (Exception e) {
                    e.printStackTrace();
                    callbackContext.error("There was an error setting up ssl pinning");
                }
+            } else if (mode.equals("default")) {
+                try {
+                    this.loadUserStoreSSLCerts();
+                    HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
+                    callbackContext.success();
+                } catch (Exception e) {
+                    e.printStackTrace();
+                    callbackContext.error("There was an error loading system's CA certificates");
+                }
            }
        } else if (action.equals("uploadFile")) {
            String urlString = args.getString(0);
@@ -134,6 +146,16 @@ public class CordovaHttpPlugin extends CordovaPlugin {
        return true;
    }

+    private void loadUserStoreSSLCerts() throws Exception {
+      KeyStore ks = KeyStore.getInstance("AndroidCAStore");
+      ks.load(null);
+      Enumeration<String> aliases = ks.aliases();
+
+      while (aliases.hasMoreElements()) {
+        String alias = aliases.nextElement();
+      }
+    }
+
    private void loadSSLCerts() throws GeneralSecurityException, IOException {
        AssetManager assetManager = cordova.getActivity().getAssets();
        String[] files = assetManager.list("www/certificates");
--- a/src/ios/CordovaHttpPlugin.m
+++ b/src/ios/CordovaHttpPlugin.m
@@ -124,7 +124,7 @@
 - (void)setSSLCertMode:(CDVInvokedUrlCommand*)command {
    NSString *certMode = [command.arguments objectAtIndex:0];

-    if ([certMode isEqualToString: @"default"]) {
+    if ([certMode isEqualToString: @"default"] || [certMode isEqualToString: @"legacy"]) {
        securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
        securityPolicy.allowInvalidCertificates = NO;
        securityPolicy.validatesDomainName = YES;
--- a/www/helpers.js
+++ b/www/helpers.js
@@ -3,7 +3,7 @@ var cookieHandler = require(pluginId + '.cookie-handler');
 var messages = require(pluginId + '.messages');

 var validSerializers = [ 'urlencoded', 'json', 'utf8' ];
-var validCertModes = [ 'default', 'nocheck', 'pinned' ];
+var validCertModes = [ 'default', 'nocheck', 'pinned', 'legacy' ];
 var validHttpMethods = [ 'get', 'put', 'post', 'patch', 'head', 'delete', 'upload', 'download' ];

 module.exports = {
Author	SHA1	Message	Date
Sefa Ilkimen	dadbf97d0c	release v2.0.3	2019-01-15 17:00:54 +01:00
Sefa Ilkimen	f06788d199	Update cordova to fix peer dependency issues	2019-01-15 16:58:00 +01:00
Sefa Ilkimen	a195de409d	Fix #172 : plugin does not respect user installed CA certs on Android	2018-12-23 19:00:51 +01:00
Sefa Ilkimen	49f219723d	Fix test scripts for linux bash	2018-12-12 19:46:58 +01:00
Sefa Ilkimen	f1bb4f36d0	Fix android test suite	2018-12-12 15:29:27 +01:00
Sefa Ilkimen	e2a869bbd2	Running android tests based on android image instead of xcode image (travis config)	2018-12-12 15:23:05 +01:00