Merge branch 'develop' into feature/exchangeable-annotations

2022-10-05 17:45:23 +02:00 · 2022-10-05 17:45:23 +02:00 · 8a9bb5cabc
parent 4b99881348 fdd0023f21
commit 8a9bb5cabc
3 changed files with 22 additions and 50 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -21,6 +21,10 @@
 - Removed `URLProtectionSpace.iosIsProxy` property
 - `historyUrl` and `baseUrl` of `InAppWebViewInitialData` can be `null`

+## 5.4.4+3
+
+- Removed Android unsafe trust manager
+
 ## 5.4.4+2

 - Fixed LICENSE
--- a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java
+++ b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java
@ -148,50 +148,12 @@ public class Util {
    }
  }

-  public static OkHttpClient getUnsafeOkHttpClient() {
-    try {
-      // Create a trust manager that does not validate certificate chains
-      final TrustManager[] trustAllCerts = new TrustManager[] {
-              new X509TrustManager() {
-                @Override
-                public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
-                }
-
-                @Override
-                public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
-                }
-
-                @Override
-                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                  return new java.security.cert.X509Certificate[]{};
-                }
-              }
-      };
-
-      // Install the all-trusting trust manager
-      final SSLContext sslContext = SSLContext.getInstance("SSL");
-      sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
-      // Create an ssl socket factory with our all-trusting manager
-      final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
-
-      OkHttpClient.Builder builder = new OkHttpClient.Builder();
-      builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]);
-      builder.hostnameVerifier(new HostnameVerifier() {
-        @Override
-        public boolean verify(String hostname, SSLSession session) {
-          return true;
-        }
-      });
-
-      OkHttpClient okHttpClient = builder
-              .connectTimeout(15, TimeUnit.SECONDS)
-              .writeTimeout(15, TimeUnit.SECONDS)
-              .readTimeout(15, TimeUnit.SECONDS)
-              .build();
-      return okHttpClient;
-    } catch (Exception e) {
-      throw new RuntimeException(e);
-    }
+  public static OkHttpClient getBasicOkHttpClient() {
+    return new OkHttpClient.Builder()
+            .connectTimeout(15, TimeUnit.SECONDS)
+            .writeTimeout(15, TimeUnit.SECONDS)
+            .readTimeout(15, TimeUnit.SECONDS)
+            .build();
  }

  /**
--- a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java
+++ b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java
@ -22,6 +22,8 @@ import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.concurrent.CountDownLatch;
 import java.util.regex.Matcher;

+import javax.net.ssl.SSLHandshakeException;
+
 import okhttp3.Request;
 import okhttp3.Response;

@ -183,7 +185,7 @@ public class ContentBlockerHandler {
                            Response response = null;

                            try {
-                                response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute();
+                                response = Util.getBasicOkHttpClient().newCall(mRequest).execute();
                                byte[] dataBytes = response.body().bytes();
                                InputStream dataStream = new ByteArrayInputStream(dataBytes);

@ -200,12 +202,14 @@ public class ContentBlockerHandler {
                                return new WebResourceResponse(contentType, encoding, dataStream);

                            } catch (Exception e) {
-                                e.printStackTrace();
                                if (response != null) {
                                    response.body().close();
                                    response.close();
                                }
-                                Log.e(LOG_TAG, e.getMessage());
+                                if (!(e instanceof SSLHandshakeException)) {
+                                    e.printStackTrace();
+                                    Log.e(LOG_TAG, e.getMessage());
+                                }
                            }
                        }
                        break;
@ -235,7 +239,7 @@ public class ContentBlockerHandler {
            Request mRequest = new Request.Builder().url(url).head().build();
            Response response = null;
            try {
-                response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute();
+                response = Util.getBasicOkHttpClient().newCall(mRequest).execute();

                if (response.header("content-type") != null) {
                    String[] contentTypeSplitted = response.header("content-type").split(";");
@ -255,8 +259,10 @@ public class ContentBlockerHandler {
                    response.body().close();
                    response.close();
                }
-                e.printStackTrace();
-                Log.e(LOG_TAG, e.getMessage());
+                if (!(e instanceof SSLHandshakeException)) {
+                    e.printStackTrace();
+                    Log.e(LOG_TAG, e.getMessage());
+                }
            }
        }
        return responseResourceType;