diff --git a/CHANGELOG.md b/CHANGELOG.md index 1917a417..3557849f 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,10 @@ - On Android, the `InAppWebView` widget uses hybrid composition by default (`useHybridComposition: true`). - All properties of `GeolocationPermissionShowPromptResponse` cannot be `null`; +## 5.4.4+3 + +- Removed Android unsafe trust manager + ## 5.4.4+2 - Fixed LICENSE diff --git a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java index 4058a49d..e102a72a 100755 --- a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java +++ b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/Util.java @@ -148,50 +148,12 @@ public class Util { } } - public static OkHttpClient getUnsafeOkHttpClient() { - try { - // Create a trust manager that does not validate certificate chains - final TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - @Override - public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { - } - - @Override - public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { - } - - @Override - public java.security.cert.X509Certificate[] getAcceptedIssuers() { - return new java.security.cert.X509Certificate[]{}; - } - } - }; - - // Install the all-trusting trust manager - final SSLContext sslContext = SSLContext.getInstance("SSL"); - sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); - // Create an ssl socket factory with our all-trusting manager - final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); - - OkHttpClient.Builder builder = new OkHttpClient.Builder(); - builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]); - builder.hostnameVerifier(new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - }); - - OkHttpClient okHttpClient = builder - .connectTimeout(15, TimeUnit.SECONDS) - .writeTimeout(15, TimeUnit.SECONDS) - .readTimeout(15, TimeUnit.SECONDS) - .build(); - return okHttpClient; - } catch (Exception e) { - throw new RuntimeException(e); - } + public static OkHttpClient getBasicOkHttpClient() { + return new OkHttpClient.Builder() + .connectTimeout(15, TimeUnit.SECONDS) + .writeTimeout(15, TimeUnit.SECONDS) + .readTimeout(15, TimeUnit.SECONDS) + .build(); } /** diff --git a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java index 07ed019c..40ed27a7 100755 --- a/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java +++ b/android/src/main/java/com/pichillilorenzo/flutter_inappwebview/content_blocker/ContentBlockerHandler.java @@ -22,6 +22,8 @@ import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.CountDownLatch; import java.util.regex.Matcher; +import javax.net.ssl.SSLHandshakeException; + import okhttp3.Request; import okhttp3.Response; @@ -183,7 +185,7 @@ public class ContentBlockerHandler { Response response = null; try { - response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute(); + response = Util.getBasicOkHttpClient().newCall(mRequest).execute(); byte[] dataBytes = response.body().bytes(); InputStream dataStream = new ByteArrayInputStream(dataBytes); @@ -200,12 +202,14 @@ public class ContentBlockerHandler { return new WebResourceResponse(contentType, encoding, dataStream); } catch (Exception e) { - e.printStackTrace(); if (response != null) { response.body().close(); response.close(); } - Log.e(LOG_TAG, e.getMessage()); + if (!(e instanceof SSLHandshakeException)) { + e.printStackTrace(); + Log.e(LOG_TAG, e.getMessage()); + } } } break; @@ -235,7 +239,7 @@ public class ContentBlockerHandler { Request mRequest = new Request.Builder().url(url).head().build(); Response response = null; try { - response = Util.getUnsafeOkHttpClient().newCall(mRequest).execute(); + response = Util.getBasicOkHttpClient().newCall(mRequest).execute(); if (response.header("content-type") != null) { String[] contentTypeSplitted = response.header("content-type").split(";"); @@ -255,8 +259,10 @@ public class ContentBlockerHandler { response.body().close(); response.close(); } - e.printStackTrace(); - Log.e(LOG_TAG, e.getMessage()); + if (!(e instanceof SSLHandshakeException)) { + e.printStackTrace(); + Log.e(LOG_TAG, e.getMessage()); + } } } return responseResourceType;