mirror of
https://github.com/silkimen/cordova-plugin-advanced-http.git
synced 2026-02-22 00:00:04 +08:00
Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
dadbf97d0c | ||
|
|
f06788d199 | ||
|
|
a195de409d | ||
|
|
49f219723d | ||
|
|
f1bb4f36d0 | ||
|
|
e2a869bbd2 |
77
.travis.yml
77
.travis.yml
@@ -1,12 +1,6 @@
|
||||
sudo: false
|
||||
|
||||
language: objective-c
|
||||
os: osx
|
||||
osx_image: xcode9.3
|
||||
|
||||
env:
|
||||
- TARGET_PLATFORM=ios
|
||||
- TARGET_PLATFORM=android ANDROID_API_LEVEL=27 ANDROID_BUILD_TOOLS_VERSION=28.0.3
|
||||
notifications:
|
||||
slack:
|
||||
secure: lXE+2AgsxZU5G5dI91LkMAIgo8MAWfdM7DB5UOtn5LpuNln+2FmJo1gOI7tkdmLOqpXTGYnpI2VyQN3H4nOF21YhuouzD1Sh8n2wtQg1iTm353kuQpqiVhSBX8ZJ7Be1e1G8OsnxoYOxbs4Zo9qI40EruwkvqLCBHWM5MRGyd4M7EFWwb9Z29VZN0y1Nt5g/c3bT76kdKmF+JCLur2OeEKxAity7sIKgZekSqeIMwEVLSxXnda6Dbjc/cg0MJ0iDArkD7iu6fz/Fcrrxgm/pUxjcgvqze7Gy5i31mjEfspnrglWV1cshMd48BTDKCJ2AMmxH8O3GPSWE2txjIvGRWUve7iViNylvmQCVz3Eyf99+4EuuVGa+5PSodQ/CqODx/65EwtcN3PE1tNz2puKOK8nrOJcFkcbG8KTHKUlQtHCkjitbykUnj/hvhLK5/oWlQYVOLWWrHwdGUh8FI8aFPVGjRjWbHbhdayjEIqxwr1ns+6mYrP1EFNXbaeZxnLNC59XpJl1ifuezqYAk7YEiU5j4rtC7YKgyQ3ueb7anOHTJoTMyDn8mpZXgwuyhoBaeEYytQVgRyMtL6Y5cP98Jn2kv0+vdne3rkk9/JEBTo32HOjvoij6rsqEvXC0LhUDJSNadOVdHht0jjoN6zBH37HIE5/3zysLlPcAcHAS83ow=
|
||||
|
||||
cache:
|
||||
directories:
|
||||
@@ -15,30 +9,51 @@ cache:
|
||||
addons:
|
||||
sauce_connect: true
|
||||
|
||||
before_install:
|
||||
- export LANG=en_US.UTF-8
|
||||
matrix:
|
||||
include:
|
||||
- name: "iOS Build & Test"
|
||||
language: objective-c
|
||||
sudo: false
|
||||
os: osx
|
||||
osx_image: xcode10.1
|
||||
|
||||
install:
|
||||
- npm install
|
||||
- if [ $TARGET_PLATFORM = "android" ]; then
|
||||
brew update &&
|
||||
brew install gradle &&
|
||||
scripts/setup-android-sdk.sh -a $ANDROID_API_LEVEL -b $ANDROID_BUILD_TOOLS_VERSION &&
|
||||
export ANDROID_HOME=$(pwd)/android-sdk-macosx &&
|
||||
export PATH=${PATH}:$ANDROID_HOME/tools:$ANDROID_HOME/platform-tools:$ANDROID_HOME/build-tools/$ANDROID_BUILD_TOOLS_VERSION;
|
||||
fi
|
||||
before_install:
|
||||
- export LANG=en_US.UTF-8
|
||||
|
||||
script:
|
||||
- npm run testjs
|
||||
- npm run updatecert
|
||||
- travis_wait scripts/build-test-app.sh --$TARGET_PLATFORM --emulator &&
|
||||
scripts/upload-artifact.sh --$TARGET_PLATFORM &&
|
||||
scripts/test-app.sh --$TARGET_PLATFORM --emulator;
|
||||
install:
|
||||
- npm install
|
||||
|
||||
after_success:
|
||||
script:
|
||||
- npm run testjs &&
|
||||
npm run updatecert &&
|
||||
scripts/build-test-app.sh --ios --emulator &&
|
||||
scripts/upload-artifact.sh --ios &&
|
||||
scripts/test-app.sh --ios --emulator;
|
||||
|
||||
deploy:
|
||||
- name: "Android Build & Test"
|
||||
language: android
|
||||
sudo : required
|
||||
|
||||
notifications:
|
||||
slack:
|
||||
secure: lXE+2AgsxZU5G5dI91LkMAIgo8MAWfdM7DB5UOtn5LpuNln+2FmJo1gOI7tkdmLOqpXTGYnpI2VyQN3H4nOF21YhuouzD1Sh8n2wtQg1iTm353kuQpqiVhSBX8ZJ7Be1e1G8OsnxoYOxbs4Zo9qI40EruwkvqLCBHWM5MRGyd4M7EFWwb9Z29VZN0y1Nt5g/c3bT76kdKmF+JCLur2OeEKxAity7sIKgZekSqeIMwEVLSxXnda6Dbjc/cg0MJ0iDArkD7iu6fz/Fcrrxgm/pUxjcgvqze7Gy5i31mjEfspnrglWV1cshMd48BTDKCJ2AMmxH8O3GPSWE2txjIvGRWUve7iViNylvmQCVz3Eyf99+4EuuVGa+5PSodQ/CqODx/65EwtcN3PE1tNz2puKOK8nrOJcFkcbG8KTHKUlQtHCkjitbykUnj/hvhLK5/oWlQYVOLWWrHwdGUh8FI8aFPVGjRjWbHbhdayjEIqxwr1ns+6mYrP1EFNXbaeZxnLNC59XpJl1ifuezqYAk7YEiU5j4rtC7YKgyQ3ueb7anOHTJoTMyDn8mpZXgwuyhoBaeEYytQVgRyMtL6Y5cP98Jn2kv0+vdne3rkk9/JEBTo32HOjvoij6rsqEvXC0LhUDJSNadOVdHht0jjoN6zBH37HIE5/3zysLlPcAcHAS83ow=
|
||||
android:
|
||||
components:
|
||||
- platform-tools
|
||||
- build-tools-28.0.3
|
||||
- android-27
|
||||
- extra-android-support
|
||||
- extra-android-m2repository
|
||||
- extra-google-m2repository
|
||||
|
||||
before_install:
|
||||
- export LANG=en_US.UTF-8 &&
|
||||
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - &&
|
||||
sudo apt-get install -y nodejs
|
||||
|
||||
install:
|
||||
- npm install
|
||||
|
||||
script:
|
||||
- npm run testjs &&
|
||||
npm run updatecert &&
|
||||
scripts/build-test-app.sh --android --emulator &&
|
||||
scripts/upload-artifact.sh --android &&
|
||||
scripts/test-app.sh --android --emulator;
|
||||
|
||||
@@ -1,5 +1,13 @@
|
||||
# Changelog
|
||||
|
||||
## 2.0.3
|
||||
|
||||
- Fixed #172: plugin does not respect user installed CA certs on Android
|
||||
|
||||
#### Important information
|
||||
We've changed a default behavior on Android. User installed CA certs are respected now.
|
||||
If you don't want this for your needs, you can switch back to old behavior by setting SSL cert mode to `legacy`.
|
||||
|
||||
## 2.0.2
|
||||
|
||||
- Fixed #142: Plugin affected by REDoS Issue of tough-cookie
|
||||
|
||||
@@ -132,12 +132,13 @@ These functions all take success and error callbacks as their last 2 arguments.
|
||||
Set SSL Cert handling mode, being one of the following values:
|
||||
|
||||
* `default`: default SSL cert handling using system's CA certs
|
||||
* `legacy`: use legacy default behavior (< 2.0.3), excluding user installed CA certs (only for Android)
|
||||
* `nocheck`: disable SSL cert checking, trusting all certs (meant to be used only for testing purposes)
|
||||
* `pinned`: trust only provided certs
|
||||
|
||||
To use SSL pinning you must include at least one `.cer` SSL certificate in your app project. You can pin to your server certificate or to one of the issuing CA certificates. Include your certificate in the `www/certificates` folder. All `.cer` files found there will be loaded automatically.
|
||||
|
||||
:warning: Your certificate must be DER encoded! If you only have a PEM enoceded certificate see this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729). You want to convert it to a DER encoded certificate with a .cer extension.
|
||||
:warning: Your certificate must be DER encoded! If you only have a PEM encoded certificate read this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729). You want to convert it to a DER encoded certificate with a .cer extension.
|
||||
|
||||
```js
|
||||
// enable SSL pinning
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "cordova-plugin-advanced-http",
|
||||
"version": "2.0.2",
|
||||
"version": "2.0.3",
|
||||
"description": "Cordova / Phonegap plugin for communicating with HTTP servers using SSL pinning",
|
||||
"scripts": {
|
||||
"updatecert": "node ./scripts/update-test-cert.js",
|
||||
@@ -59,7 +59,7 @@
|
||||
"chai": "4.1.2",
|
||||
"chai-as-promised": "7.1.1",
|
||||
"colors": "1.1.2",
|
||||
"cordova": "7.1.0",
|
||||
"cordova": "8.1.2",
|
||||
"mocha": "4.0.0",
|
||||
"mock-require": "2.0.2",
|
||||
"mz": "2.7.0",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||
<plugin xmlns="http://www.phonegap.com/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="cordova-plugin-advanced-http" version="2.0.2">
|
||||
<plugin xmlns="http://www.phonegap.com/ns/plugins/1.0" xmlns:android="http://schemas.android.com/apk/res/android" id="cordova-plugin-advanced-http" version="2.0.3">
|
||||
<name>Advanced HTTP plugin</name>
|
||||
<description>
|
||||
Cordova / Phonegap plugin for communicating with HTTP servers using SSL pinning
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
|
||||
WORKINGCOPY=$ROOT/temp/workingcopy
|
||||
CDV=$ROOT/node_modules/.bin/cordova
|
||||
|
||||
@@ -37,9 +37,9 @@ done
|
||||
|
||||
rm -rf $ROOT/temp
|
||||
mkdir $ROOT/temp
|
||||
cp -r $ROOT/test/app-template/ $ROOT/temp/
|
||||
cp -r $ROOT/test/app-template/. $ROOT/temp/
|
||||
cp $ROOT/test/app-test-definitions.js $ROOT/temp/www/
|
||||
rsync -ax --exclude node_modules --exclude scripts --exclude temp --exclude test $ROOT $WORKINGCOPY
|
||||
rsync -ax --exclude node_modules --exclude scripts --exclude temp --exclude test $ROOT/. $WORKINGCOPY
|
||||
cd $ROOT/temp
|
||||
$CDV prepare
|
||||
$CDV plugins add $WORKINGCOPY
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
|
||||
|
||||
pushd $ROOT
|
||||
VERSION=$(node -e "console.log(require('./package.json').version)")
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
|
||||
|
||||
if [ $CI == "true" ] && ([ -z $SAUCE_USERNAME ] || [ -z $SAUCE_ACCESS_KEY ]); then
|
||||
echo "Skipping CI tests, because Saucelabs credentials are not set.";
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#!/usr/bin/env bash
|
||||
set -e
|
||||
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
|
||||
|
||||
cd $ROOT
|
||||
npm i
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
set -e
|
||||
|
||||
PLATFORM=$([[ "${@#--android}" = "$@" ]] && echo "ios" || echo "android")
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"/..
|
||||
ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"; cd ..; pwd )"
|
||||
TEMP=$ROOT/temp
|
||||
|
||||
if [ -z $SAUCE_USERNAME ] || [ -z $SAUCE_ACCESS_KEY ]; then
|
||||
|
||||
@@ -8,8 +8,11 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.KeyStore;
|
||||
import java.security.cert.Certificate;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Enumeration;
|
||||
|
||||
import org.apache.cordova.CallbackContext;
|
||||
import org.apache.cordova.CordovaInterface;
|
||||
@@ -89,7 +92,7 @@ public class CordovaHttpPlugin extends CordovaPlugin {
|
||||
} else if (action.equals("setSSLCertMode")) {
|
||||
String mode = args.getString(0);
|
||||
|
||||
if (mode.equals("default")) {
|
||||
if (mode.equals("legacy")) {
|
||||
HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
|
||||
callbackContext.success();
|
||||
} else if (mode.equals("nocheck")) {
|
||||
@@ -100,10 +103,19 @@ public class CordovaHttpPlugin extends CordovaPlugin {
|
||||
this.loadSSLCerts();
|
||||
HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
|
||||
callbackContext.success();
|
||||
} catch(Exception e) {
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
callbackContext.error("There was an error setting up ssl pinning");
|
||||
}
|
||||
} else if (mode.equals("default")) {
|
||||
try {
|
||||
this.loadUserStoreSSLCerts();
|
||||
HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
|
||||
callbackContext.success();
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
callbackContext.error("There was an error loading system's CA certificates");
|
||||
}
|
||||
}
|
||||
} else if (action.equals("uploadFile")) {
|
||||
String urlString = args.getString(0);
|
||||
@@ -134,6 +146,16 @@ public class CordovaHttpPlugin extends CordovaPlugin {
|
||||
return true;
|
||||
}
|
||||
|
||||
private void loadUserStoreSSLCerts() throws Exception {
|
||||
KeyStore ks = KeyStore.getInstance("AndroidCAStore");
|
||||
ks.load(null);
|
||||
Enumeration<String> aliases = ks.aliases();
|
||||
|
||||
while (aliases.hasMoreElements()) {
|
||||
String alias = aliases.nextElement();
|
||||
}
|
||||
}
|
||||
|
||||
private void loadSSLCerts() throws GeneralSecurityException, IOException {
|
||||
AssetManager assetManager = cordova.getActivity().getAssets();
|
||||
String[] files = assetManager.list("www/certificates");
|
||||
|
||||
@@ -124,7 +124,7 @@
|
||||
- (void)setSSLCertMode:(CDVInvokedUrlCommand*)command {
|
||||
NSString *certMode = [command.arguments objectAtIndex:0];
|
||||
|
||||
if ([certMode isEqualToString: @"default"]) {
|
||||
if ([certMode isEqualToString: @"default"] || [certMode isEqualToString: @"legacy"]) {
|
||||
securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
|
||||
securityPolicy.allowInvalidCertificates = NO;
|
||||
securityPolicy.validatesDomainName = YES;
|
||||
|
||||
@@ -3,7 +3,7 @@ var cookieHandler = require(pluginId + '.cookie-handler');
|
||||
var messages = require(pluginId + '.messages');
|
||||
|
||||
var validSerializers = [ 'urlencoded', 'json', 'utf8' ];
|
||||
var validCertModes = [ 'default', 'nocheck', 'pinned' ];
|
||||
var validCertModes = [ 'default', 'nocheck', 'pinned', 'legacy' ];
|
||||
var validHttpMethods = [ 'get', 'put', 'post', 'patch', 'head', 'delete', 'upload', 'download' ];
|
||||
|
||||
module.exports = {
|
||||
|
||||
Reference in New Issue
Block a user