From 95576129053d88d93faa52d32e697412e7da1e86 Mon Sep 17 00:00:00 2001 From: Lorenzo Pichilli Date: Wed, 5 Oct 2022 17:00:56 +0200 Subject: [PATCH] Removed Android unsafe trust manager, fix #593 --- CHANGELOG.md | 4 ++ .../flutter_inappwebview/Util.java | 50 +++---------------- .../ContentBlockerHandler.java | 19 ++++--- pubspec.yaml | 2 +- 4 files changed, 23 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bef3f7bb..24fb1b96 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.4.4+3 + +- Removed Android unsafe trust manager + ## 5.4.4+2 - Fixed LICENSE diff --git a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java index c7ce0534..88e50483 100755 --- a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java +++ b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java @@ -177,50 +177,12 @@ public class Util { } } - public static OkHttpClient getUnsafeOkHttpClient() { - try { - // Create a trust manager that does not validate certificate chains - final TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - @Override - public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { - } - - @Override - public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { - } - - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return new java.security.cert.X509Certificate[]{}; - } - } - }; - - // Install the all-trusting trust manager - final SSLContext sslContext = SSLContext.getInstance("SSL"); - sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); - // Create an ssl socket factory with our all-trusting manager - final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); - - OkHttpClient.Builder builder = new OkHttpClient.Builder(); - builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]); - builder.hostnameVerifier(new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - }); - - OkHttpClient okHttpClient = builder - .connectTimeout(15, TimeUnit.SECONDS) - .writeTimeout(15, TimeUnit.SECONDS) - .readTimeout(15, TimeUnit.SECONDS) - .build(); - return okHttpClient; - } catch (Exception e) { - throw new RuntimeException(e); - } + public static OkHttpClient getBasicOkHttpClient() { + return new OkHttpClient.Builder() + .connectTimeout(15, TimeUnit.SECONDS) + .writeTimeout(15, TimeUnit.SECONDS) + .readTimeout(15, TimeUnit.SECONDS) + .build(); } /** diff --git a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java index 3b9e279b..78cdfcbb 100755 --- a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java +++ b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java @@ -2,7 +2,6 @@ package com.pichillilorenzo.flutter_inappwebview.content_blocker; import android.os.Build; import android.os.Handler; -import android.os.Looper; import android.util.Log; import android.webkit.WebResourceResponse; @@ -21,6 +20,8 @@ import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.CountDownLatch; import java.util.regex.Matcher; +import javax.net.ssl.SSLHandshakeException; + import okhttp3.Request; import okhttp3.Response; @@ -181,7 +182,7 @@ public class ContentBlockerHandler { Response response = null; try { - response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute(); + response = Util.getBasicOkHttpClient().newCall(mRequest).execute(); byte[] dataBytes = response.body().bytes(); InputStream dataStream = new ByteArrayInputStream(dataBytes); @@ -198,12 +199,14 @@ public class ContentBlockerHandler { return new WebResourceResponse(contentType, encoding, dataStream); } catch (Exception e) { - e.printStackTrace(); if (response != null) { response.body().close(); response.close(); } - Log.e(LOG_TAG, e.getMessage()); + if (!(e instanceof SSLHandshakeException)) { + e.printStackTrace(); + Log.e(LOG_TAG, e.getMessage()); + } } } break; @@ -231,7 +234,7 @@ public class ContentBlockerHandler { Request mRequest = new Request.Builder().url(url).head().build(); Response response = null; try { - response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute(); + response = Util.getBasicOkHttpClient().newCall(mRequest).execute(); if (response.header("content-type") != null) { String[] contentTypeSplitted = response.header("content-type").split(";"); @@ -251,8 +254,10 @@ public class ContentBlockerHandler { response.body().close(); response.close(); } - e.printStackTrace(); - Log.e(LOG_TAG, e.getMessage()); + if (!(e instanceof SSLHandshakeException)) { + e.printStackTrace(); + Log.e(LOG_TAG, e.getMessage()); + } } } return responseResourceType; diff --git a/pubspec.yaml b/pubspec.yaml index 900c26e6..0c267d5f 100755 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -1,6 +1,6 @@ name: flutter_inappwebview description: A Flutter plugin that allows you to add an inline webview, to use an headless webview, and to open an in-app browser window. -version: 5.4.4+2 +version: 5.4.4+3 homepage: https://github.com/pichillilorenzo/flutter_inappwebview environment: