From b70093ba19414ea13428f34d80fff72de5e91769 Mon Sep 17 00:00:00 2001 From: zoff99 Date: Sun, 5 Jan 2025 21:09:53 +0100 Subject: [PATCH] option to trust all web certs for very old android phones --- .../applications/trifa/MainActivity.java | 1 + .../trifa/MaintenanceActivity.java | 65 ++++++++++++++++++- 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MainActivity.java b/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MainActivity.java index c53315a77..62d7cc702 100644 --- a/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MainActivity.java +++ b/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MainActivity.java @@ -530,6 +530,7 @@ public class MainActivity extends AppCompatActivity static int PREF__ngc_audio_channels = 1; static boolean PREF__gainprocessing_active = true; static boolean PREF__rnnoise_active = false; + static boolean PREF__trust_all_webcerts = false; // HINT: !!be careful with this option!! static String versionName = ""; static int versionCode = -1; diff --git a/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MaintenanceActivity.java b/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MaintenanceActivity.java index 08c5189a5..5496eea57 100644 --- a/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MaintenanceActivity.java +++ b/android-refimpl-app/app/src/main/java/com/zoffcc/applications/trifa/MaintenanceActivity.java @@ -29,6 +29,7 @@ import android.media.MediaPlayer; import android.media.Ringtone; import android.media.RingtoneManager; +import android.net.SSLCertificateSocketFactory; import android.net.Uri; import android.os.AsyncTask; import android.os.Build; @@ -43,15 +44,23 @@ import com.google.gson.Gson; import com.yariksoffice.lingver.Lingver; +import org.apache.http.conn.ssl.AllowAllHostnameVerifier; + import java.io.File; import java.io.IOException; import java.io.PrintWriter; +import java.net.HttpURLConnection; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Locale; import java.util.concurrent.TimeUnit; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + import androidx.annotation.NonNull; import androidx.appcompat.app.AlertDialog; import androidx.appcompat.app.AppCompatActivity; @@ -74,6 +83,7 @@ import static com.zoffcc.applications.trifa.MainActivity.MAIN_VFS_NAME; import static com.zoffcc.applications.trifa.MainActivity.PREF__DB_secrect_key; import static com.zoffcc.applications.trifa.MainActivity.PREF__orbot_enabled; +import static com.zoffcc.applications.trifa.MainActivity.PREF__trust_all_webcerts; import static com.zoffcc.applications.trifa.MainActivity.SD_CARD_ENC_CHATS_EXPORT_DIR; import static com.zoffcc.applications.trifa.MainActivity.SD_CARD_ENC_FILES_EXPORT_DIR; import static com.zoffcc.applications.trifa.MainActivity.SD_CARD_FILES_EXPORT_DIR; @@ -372,8 +382,61 @@ public void onClick(View v) } else { + /* + * + * this will trust all CERTS + * !!DANGER!! !!DANGER!! + */ + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + @Override + public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) { + } + + @Override + public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) { + } + + @Override + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[]{}; + } + } + }; + SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); + /* + * + * this will trust all CERTS + * !!DANGER!! !!DANGER!! + */ + + // this is correct call in all cases ------------- + // this is correct call in all cases ------------- + OkHttpClient.Builder newBuilder = new OkHttpClient.Builder(); + // this is correct call in all cases ------------- + // this is correct call in all cases ------------- + + /* + * + * this will trust all CERTS + * !!DANGER!! !!DANGER!! + * to avoid this: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. + * when your android is just too old + */ + if (PREF__trust_all_webcerts) + { + newBuilder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustAllCerts[0]); + newBuilder.hostnameVerifier((hostname, session) -> true); + } + /* + * + * this will trust all CERTS + * !!DANGER!! !!DANGER!! + */ + Log.i(TAG, "StrongOkHttpClientBuilder:002"); - onConnected(new OkHttpClient.Builder(). + onConnected(newBuilder. addNetworkInterceptor(new Interceptor() { @NonNull