github/cordova-plugin-file-transfer
4
0
Fork 0
mirror of https://github.com/apache/cordova-plugin-file-transfer.git synced 2026-04-28 00:02:49 +08:00
Code Issues Projects Releases Wiki Activity

CB-12809: Google Play Blocker: Unsafe SSL TrustManager Defined

Browse Source 
Closes #187
This commit is contained in:
Simon MacDonald
2017-08-21 11:42:25 -04:00
parent 68e97542d5
commit 82100791e3
2 changed files with 2 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/android/FileTransfer.java
-99
View File
@@ -33,22 +33,11 @@ import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.net.HttpURLConnection;
import java.net.URLConnection;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.zip.GZIPInputStream;
import java.util.zip.Inflater;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.cordova.Config;
import org.apache.cordova.CallbackContext;
import org.apache.cordova.CordovaPlugin;
import org.apache.cordova.CordovaResourceApi;
@@ -284,7 +273,6 @@ public class FileTransfer extends CordovaPlugin {
final String fileName = getArgument(args, 3, "image.jpg");
final String mimeType = getArgument(args, 4, "image/jpeg");
final JSONObject params = args.optJSONObject(5) == null ? new JSONObject() : args.optJSONObject(5);
final boolean trustEveryone = args.optBoolean(6);
// Always use chunked mode unless set to false as per API
final boolean chunkedMode = args.optBoolean(7) || args.isNull(7);
// Look for headers on the params map for backwards compatibility with older Cordova versions.
@@ -298,7 +286,6 @@ public class FileTransfer extends CordovaPlugin {
LOG.d(LOG_TAG, "fileName: " + fileName);
LOG.d(LOG_TAG, "mimeType: " + mimeType);
LOG.d(LOG_TAG, "params: " + params);
LOG.d(LOG_TAG, "trustEveryone: " + trustEveryone);
LOG.d(LOG_TAG, "chunkedMode: " + chunkedMode);
LOG.d(LOG_TAG, "headers: " + headers);
LOG.d(LOG_TAG, "objectId: " + objectId);
@@ -334,8 +321,6 @@ public class FileTransfer extends CordovaPlugin {
tmpSrc.getScheme() != null ? tmpSrc : Uri.fromFile(new File(source)));
HttpURLConnection conn = null;
HostnameVerifier oldHostnameVerifier = null;
SSLSocketFactory oldSocketFactory = null;
int totalBytes = 0;
int fixedLength = -1;
try {
@@ -346,15 +331,6 @@ public class FileTransfer extends CordovaPlugin {
//------------------ CLIENT REQUEST
// Open a HTTP connection to the URL based on protocol
conn = resourceApi.createHttpConnection(targetUri);
if (useHttps && trustEveryone) {
// Setup the HTTPS connection class to trust everyone
HttpsURLConnection https = (HttpsURLConnection)conn;
oldSocketFactory = trustAllHosts(https);
// Save the current hostnameVerifier
oldHostnameVerifier = https.getHostnameVerifier();
// Setup the connection not to verify hostnames
https.setHostnameVerifier(DO_NOT_VERIFY);
}
// Allow Inputs
conn.setDoInput(true);
@@ -566,15 +542,6 @@ public class FileTransfer extends CordovaPlugin {
synchronized (activeRequests) {
activeRequests.remove(objectId);
}
if (conn != null) {
// Revert back to the proper verifier and socket factories
if (trustEveryone && useHttps) {
HttpsURLConnection https = (HttpsURLConnection) conn;
https.setHostnameVerifier(oldHostnameVerifier);
https.setSSLSocketFactory(oldSocketFactory);
}
}
}
}
});
@@ -597,50 +564,6 @@ public class FileTransfer extends CordovaPlugin {
return new SimpleTrackingInputStream(conn.getInputStream());
}
// always verify the host - don't check for certificate
private static final HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Create a trust manager that does not validate certificate chains
private static final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[] {};
}
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
} };
/**
* This function will install a trust manager that will blindly trust all SSL
* certificates. The reason this code is being added is to enable developers
* to do development using self signed SSL certificates on their web server.
*
* The standard HttpsURLConnection class will throw an exception on self
* signed certificates if this code is not run.
*/
private static SSLSocketFactory trustAllHosts(HttpsURLConnection connection) {
// Install the all-trusting trust manager
SSLSocketFactory oldFactory = connection.getSSLSocketFactory();
try {
// Install our all trusting manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory newFactory = sc.getSocketFactory();
connection.setSSLSocketFactory(newFactory);
} catch (Exception e) {
LOG.e(LOG_TAG, e.getMessage(), e);
}
return oldFactory;
}
private static JSONObject createFileTransferError(int errorCode, String source, String target, URLConnection connection, Throwable throwable) {
int httpStatus = 0;
@@ -739,7 +662,6 @@ public class FileTransfer extends CordovaPlugin {
final CordovaResourceApi resourceApi = webView.getResourceApi();
final boolean trustEveryone = args.optBoolean(2);
final String objectId = args.getString(3);
final JSONObject headers = args.optJSONObject(4);
@@ -809,8 +731,6 @@ public class FileTransfer extends CordovaPlugin {
Uri targetUri = resourceApi.remapUri(
tmpTarget.getScheme() != null ? tmpTarget : Uri.fromFile(new File(target)));
HttpURLConnection connection = null;
HostnameVerifier oldHostnameVerifier = null;
SSLSocketFactory oldSocketFactory = null;
File file = null;
PluginResult result = null;
TrackingInputStream inputStream = null;
@@ -838,16 +758,6 @@ public class FileTransfer extends CordovaPlugin {
// connect to server
// Open a HTTP connection to the URL based on protocol
connection = resourceApi.createHttpConnection(sourceUri);
if (useHttps && trustEveryone) {
// Setup the HTTPS connection class to trust everyone
HttpsURLConnection https = (HttpsURLConnection)connection;
oldSocketFactory = trustAllHosts(https);
// Save the current hostnameVerifier
oldHostnameVerifier = https.getHostnameVerifier();
// Setup the connection not to verify hostnames
https.setHostnameVerifier(DO_NOT_VERIFY);
}
connection.setRequestMethod("GET");
// TODO: Make OkHttp use this CookieManager by default.
@@ -973,15 +883,6 @@ public class FileTransfer extends CordovaPlugin {
activeRequests.remove(objectId);
}
if (connection != null) {
// Revert back to the proper verifier and socket factories
if (trustEveryone && useHttps) {
HttpsURLConnection https = (HttpsURLConnection) connection;
https.setHostnameVerifier(oldHostnameVerifier);
https.setSSLSocketFactory(oldSocketFactory);
}
}
if (result == null) {
result = new PluginResult(PluginResult.Status.ERROR, createFileTransferError(CONNECTION_ERR, source, target, connection, null));
}