[FIX] App crashes when entering server after applying certificate (Android) (#3579)

This commit is contained in:
Alex Junior 2022-01-13 10:22:58 -03:00 committed by GitHub
parent f29f360163
commit 9d9553b075
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 21 deletions

View File

@ -11,9 +11,12 @@ import com.facebook.react.bridge.ReactMethod;
import com.facebook.react.bridge.Promise; import com.facebook.react.bridge.Promise;
import java.net.Socket; import java.net.Socket;
import java.security.KeyStore;
import java.security.Principal; import java.security.Principal;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509ExtendedKeyManager;
import java.security.PrivateKey; import java.security.PrivateKey;
import javax.net.ssl.SSLContext; import javax.net.ssl.SSLContext;
@ -21,11 +24,12 @@ import javax.net.ssl.X509TrustManager;
import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManager;
import okhttp3.OkHttpClient; import okhttp3.OkHttpClient;
import java.lang.InterruptedException;
import android.app.Activity; import android.app.Activity;
import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManager;
import android.security.KeyChain; import android.security.KeyChain;
import android.security.KeyChainAliasCallback; import android.security.KeyChainAliasCallback;
import java.util.Arrays;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import com.RNFetchBlob.RNFetchBlob; import com.RNFetchBlob.RNFetchBlob;
@ -52,8 +56,9 @@ public class SSLPinningModule extends ReactContextBaseJavaModule implements KeyC
public void apply(OkHttpClient.Builder builder) { public void apply(OkHttpClient.Builder builder) {
if (alias != null) { if (alias != null) {
SSLSocketFactory sslSocketFactory = getSSLFactory(alias); SSLSocketFactory sslSocketFactory = getSSLFactory(alias);
X509TrustManager trustManager = getTrustManagerFactory();
if (sslSocketFactory != null) { if (sslSocketFactory != null) {
builder.sslSocketFactory(sslSocketFactory); builder.sslSocketFactory(sslSocketFactory, trustManager);
} }
} }
} }
@ -68,8 +73,9 @@ public class SSLPinningModule extends ReactContextBaseJavaModule implements KeyC
if (alias != null) { if (alias != null) {
SSLSocketFactory sslSocketFactory = getSSLFactory(alias); SSLSocketFactory sslSocketFactory = getSSLFactory(alias);
X509TrustManager trustManager = getTrustManagerFactory();
if (sslSocketFactory != null) { if (sslSocketFactory != null) {
builder.sslSocketFactory(sslSocketFactory); builder.sslSocketFactory(sslSocketFactory, trustManager);
} }
} }
@ -162,25 +168,9 @@ public class SSLPinningModule extends ReactContextBaseJavaModule implements KeyC
} }
}; };
final TrustManager[] trustAllCerts = new TrustManager[] { final X509TrustManager trustManager = getTrustManagerFactory();
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return certChain;
}
}
};
final SSLContext sslContext = SSLContext.getInstance("TLS"); final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(new KeyManager[]{keyManager}, trustAllCerts, new java.security.SecureRandom()); sslContext.init(new KeyManager[]{keyManager}, new TrustManager[]{trustManager}, new java.security.SecureRandom());
SSLContext.setDefault(sslContext); SSLContext.setDefault(sslContext);
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
@ -190,4 +180,19 @@ public class SSLPinningModule extends ReactContextBaseJavaModule implements KeyC
return null; return null;
} }
} }
public static X509TrustManager getTrustManagerFactory() {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
final X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
return trustManager;
} catch (Exception e) {
return null;
}
}
} }