Removed Android unsafe trust manager, fix #593
This commit is contained in:
parent
0579de9f9c
commit
9557612905
|
@ -1,3 +1,7 @@
|
|||
## 5.4.4+3
|
||||
|
||||
- Removed Android unsafe trust manager
|
||||
|
||||
## 5.4.4+2
|
||||
|
||||
- Fixed LICENSE
|
||||
|
|
|
@ -177,50 +177,12 @@ public class Util {
|
|||
}
|
||||
}
|
||||
|
||||
public static OkHttpClient getUnsafeOkHttpClient() {
|
||||
try {
|
||||
// Create a trust manager that does not validate certificate chains
|
||||
final TrustManager[] trustAllCerts = new TrustManager[] {
|
||||
new X509TrustManager() {
|
||||
@Override
|
||||
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
|
||||
}
|
||||
|
||||
@Override
|
||||
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||
return new java.security.cert.X509Certificate[]{};
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
// Install the all-trusting trust manager
|
||||
final SSLContext sslContext = SSLContext.getInstance("SSL");
|
||||
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
|
||||
// Create an ssl socket factory with our all-trusting manager
|
||||
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
|
||||
|
||||
OkHttpClient.Builder builder = new OkHttpClient.Builder();
|
||||
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]);
|
||||
builder.hostnameVerifier(new HostnameVerifier() {
|
||||
@Override
|
||||
public boolean verify(String hostname, SSLSession session) {
|
||||
return true;
|
||||
}
|
||||
});
|
||||
|
||||
OkHttpClient okHttpClient = builder
|
||||
public static OkHttpClient getBasicOkHttpClient() {
|
||||
return new OkHttpClient.Builder()
|
||||
.connectTimeout(15, TimeUnit.SECONDS)
|
||||
.writeTimeout(15, TimeUnit.SECONDS)
|
||||
.readTimeout(15, TimeUnit.SECONDS)
|
||||
.build();
|
||||
return okHttpClient;
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -2,7 +2,6 @@ package com.pichillilorenzo.flutter_inappwebview.content_blocker;
|
|||
|
||||
import android.os.Build;
|
||||
import android.os.Handler;
|
||||
import android.os.Looper;
|
||||
import android.util.Log;
|
||||
import android.webkit.WebResourceResponse;
|
||||
|
||||
|
@ -21,6 +20,8 @@ import java.util.concurrent.CopyOnWriteArrayList;
|
|||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.regex.Matcher;
|
||||
|
||||
import javax.net.ssl.SSLHandshakeException;
|
||||
|
||||
import okhttp3.Request;
|
||||
import okhttp3.Response;
|
||||
|
||||
|
@ -181,7 +182,7 @@ public class ContentBlockerHandler {
|
|||
Response response = null;
|
||||
|
||||
try {
|
||||
response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute();
|
||||
response = Util.getBasicOkHttpClient().newCall(mRequest).execute();
|
||||
byte[] dataBytes = response.body().bytes();
|
||||
InputStream dataStream = new ByteArrayInputStream(dataBytes);
|
||||
|
||||
|
@ -198,14 +199,16 @@ public class ContentBlockerHandler {
|
|||
return new WebResourceResponse(contentType, encoding, dataStream);
|
||||
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
if (response != null) {
|
||||
response.body().close();
|
||||
response.close();
|
||||
}
|
||||
if (!(e instanceof SSLHandshakeException)) {
|
||||
e.printStackTrace();
|
||||
Log.e(LOG_TAG, e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -231,7 +234,7 @@ public class ContentBlockerHandler {
|
|||
Request mRequest = new Request.Builder().url(url).head().build();
|
||||
Response response = null;
|
||||
try {
|
||||
response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute();
|
||||
response = Util.getBasicOkHttpClient().newCall(mRequest).execute();
|
||||
|
||||
if (response.header("content-type") != null) {
|
||||
String[] contentTypeSplitted = response.header("content-type").split(";");
|
||||
|
@ -251,10 +254,12 @@ public class ContentBlockerHandler {
|
|||
response.body().close();
|
||||
response.close();
|
||||
}
|
||||
if (!(e instanceof SSLHandshakeException)) {
|
||||
e.printStackTrace();
|
||||
Log.e(LOG_TAG, e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
return responseResourceType;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
name: flutter_inappwebview
|
||||
description: A Flutter plugin that allows you to add an inline webview, to use an headless webview, and to open an in-app browser window.
|
||||
version: 5.4.4+2
|
||||
version: 5.4.4+3
|
||||
homepage: https://github.com/pichillilorenzo/flutter_inappwebview
|
||||
|
||||
environment:
|
||||
|
|
Loading…
Reference in New Issue