option to trust all web certs for very old android phones

zoff99 · Jan 5, 2025 · b70093b · b70093b
1 parent 5c925e9
commit b70093b
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 1 deletion.
diff --git a/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MainActivity.java b/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MainActivity.java
@@ -530,6 +530,7 @@ public class MainActivity extends AppCompatActivity
     static int PREF__ngc_audio_channels = 1;
     static boolean PREF__gainprocessing_active = true;
     static boolean PREF__rnnoise_active = false;
+    static boolean PREF__trust_all_webcerts = false; // HINT: !!be careful with this option!!
 
     static String versionName = "";
     static int versionCode = -1;

diff --git a/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MaintenanceActivity.java b/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MaintenanceActivity.java
@@ -29,6 +29,7 @@
 import android.media.MediaPlayer;
 import android.media.Ringtone;
 import android.media.RingtoneManager;
+import android.net.SSLCertificateSocketFactory;
 import android.net.Uri;
 import android.os.AsyncTask;
 import android.os.Build;
@@ -43,15 +44,23 @@
 import com.google.gson.Gson;
 import com.yariksoffice.lingver.Lingver;
 
+import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.net.HttpURLConnection;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 import androidx.annotation.NonNull;
 import androidx.appcompat.app.AlertDialog;
 import androidx.appcompat.app.AppCompatActivity;
@@ -74,6 +83,7 @@
 import static com.zoffcc.applications.trifa.MainActivity.MAIN_VFS_NAME;
 import static com.zoffcc.applications.trifa.MainActivity.PREF__DB_secrect_key;
 import static com.zoffcc.applications.trifa.MainActivity.PREF__orbot_enabled;
+import static com.zoffcc.applications.trifa.MainActivity.PREF__trust_all_webcerts;
 import static com.zoffcc.applications.trifa.MainActivity.SD_CARD_ENC_CHATS_EXPORT_DIR;
 import static com.zoffcc.applications.trifa.MainActivity.SD_CARD_ENC_FILES_EXPORT_DIR;
 import static com.zoffcc.applications.trifa.MainActivity.SD_CARD_FILES_EXPORT_DIR;
@@ -372,8 +382,61 @@ public void onClick(View v)
                     }
                     else
                     {
+                        /*
+                         *
+                         * this will trust all CERTS
+                         * !!DANGER!! !!DANGER!!
+                         */
+                        TrustManager[] trustAllCerts = new TrustManager[]{
+                                new X509TrustManager() {
+                                    @Override
+                                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
+                                    }
+
+                                    @Override
+                                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
+                                    }
+
+                                    @Override
+                                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                                        return new java.security.cert.X509Certificate[]{};
+                                    }
+                                }
+                        };
+                        SSLContext sslContext = SSLContext.getInstance("SSL");
+                        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
+                        /*
+                         *
+                         * this will trust all CERTS
+                         * !!DANGER!! !!DANGER!!
+                         */
+
+                        // this is correct call in all cases -------------
+                        // this is correct call in all cases -------------
+                        OkHttpClient.Builder newBuilder = new OkHttpClient.Builder();
+                        // this is correct call in all cases -------------
+                        // this is correct call in all cases -------------
+
+                        /*
+                         *
+                         * this will trust all CERTS
+                         * !!DANGER!! !!DANGER!!
+                         * to avoid this: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
+                         * when your android is just too old
+                         */
+                        if (PREF__trust_all_webcerts)
+                        {
+                            newBuilder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0]);
+                            newBuilder.hostnameVerifier((hostname, session) -> true);
+                        }
+                        /*
+                         *
+                         * this will trust all CERTS
+                         * !!DANGER!! !!DANGER!!
+                         */
+
                         Log.i(TAG, "StrongOkHttpClientBuilder:002");
-                        onConnected(new OkHttpClient.Builder().
+                        onConnected(newBuilder.
                                 addNetworkInterceptor(new Interceptor()
                                 {
                                     @NonNull