add option to trust all SSL certificates

This commit is contained in:
Andrew Dolgov 2011-11-27 10:04:28 +03:00
parent d30bb778c0
commit 0bf4c51052
8 changed files with 187 additions and 6 deletions

View File

@ -21,6 +21,7 @@
<string name="preferences">Preferences</string> <string name="preferences">Preferences</string>
<string name="theme_light">Light</string> <string name="theme_light">Light</string>
<string name="login_api_disabled">Login failed: API disabled.</string> <string name="login_api_disabled">Login failed: API disabled.</string>
<string name="login_no_data">Login failed: no data received.</string>
<string name="login_wrong_password">Login failed: username or password incorrect.</string> <string name="login_wrong_password">Login failed: username or password incorrect.</string>
<string name="login_success">Logged in.</string> <string name="login_success">Logged in.</string>
<string name="no_unread_feeds">No unread feeds.</string> <string name="no_unread_feeds">No unread feeds.</string>
@ -36,4 +37,5 @@
<string name="load_more_articles">Load more...</string> <string name="load_more_articles">Load more...</string>
<string name="show_all_articles">Show all articles</string> <string name="show_all_articles">Show all articles</string>
<string name="show_unread_articles">Show unread articles</string> <string name="show_unread_articles">Show unread articles</string>
<string name="ssl_trust_any">Accept any SSL certificate</string>
</resources> </resources>

View File

@ -8,7 +8,7 @@
<EditTextPreference android:title="@string/login" android:key="login" android:singleLine="true"></EditTextPreference> <EditTextPreference android:title="@string/login" android:key="login" android:singleLine="true"></EditTextPreference>
<EditTextPreference android:title="@string/password" android:key="password" android:singleLine="true" android:password="true"></EditTextPreference> <EditTextPreference android:title="@string/password" android:key="password" android:singleLine="true" android:password="true"></EditTextPreference>
<EditTextPreference android:key="ttrss_url" android:title="@string/ttrss_url" android:singleLine="true" textUri="true" android:hint="@string/default_url"></EditTextPreference> <EditTextPreference android:key="ttrss_url" android:title="@string/ttrss_url" android:singleLine="true" textUri="true" android:hint="@string/default_url"></EditTextPreference>
<!-- <CheckBoxPreference android:defaultValue="true" android:title="@string/auto_login" android:key="auto_login" /> --> <CheckBoxPreference android:defaultValue="false" android:title="@string/ssl_trust_any" android:key="ssl_trust_any" />
</PreferenceCategory> </PreferenceCategory>

View File

@ -7,8 +7,14 @@ import java.util.HashMap;
import org.apache.http.HttpResponse; import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.entity.StringEntity; import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpParams;
import android.os.AsyncTask; import android.os.AsyncTask;
import android.util.Log; import android.util.Log;
@ -26,11 +32,16 @@ public class ApiRequest extends AsyncTask<HashMap<String,String>, Integer, JsonE
protected static final int STATUS_OTHER_ERROR = 3; protected static final int STATUS_OTHER_ERROR = 3;
private String m_api; private String m_api;
private boolean m_trustAny = false;
protected void setApi(String api) { protected void setApi(String api) {
m_api = api; m_api = api;
} }
public void setTrustAny(boolean trust) {
m_trustAny = trust;
}
@Override @Override
protected JsonElement doInBackground(HashMap<String, String>... params) { protected JsonElement doInBackground(HashMap<String, String>... params) {
@ -38,9 +49,22 @@ public class ApiRequest extends AsyncTask<HashMap<String,String>, Integer, JsonE
String requestStr = gson.toJson(new HashMap<String,String>(params[0])); String requestStr = gson.toJson(new HashMap<String,String>(params[0]));
Log.d(TAG, ">>> (" + requestStr + ") " + m_api); //Log.d(TAG, ">>> (" + requestStr + ") " + m_api);
DefaultHttpClient client;
if (m_trustAny) {
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
schemeRegistry.register(new Scheme("https", new EasySSLSocketFactory(), 443));
HttpParams httpParams = new BasicHttpParams();
client = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, schemeRegistry), httpParams);
} else {
client = new DefaultHttpClient();
}
DefaultHttpClient client = new DefaultHttpClient();
HttpPost httpPost = new HttpPost(m_api + "/api/"); HttpPost httpPost = new HttpPost(m_api + "/api/");
try { try {
@ -68,6 +92,7 @@ public class ApiRequest extends AsyncTask<HashMap<String,String>, Integer, JsonE
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
return null; return null;
} }

View File

@ -0,0 +1,120 @@
package org.fox.ttrss;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.ConnectTimeoutException;
import org.apache.http.conn.scheme.LayeredSocketFactory;
import org.apache.http.conn.scheme.SocketFactory;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
public class EasySSLSocketFactory implements SocketFactory, LayeredSocketFactory
{
private SSLContext sslcontext = null;
private static SSLContext createEasySSLContext() throws IOException
{
try
{
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[] { new EasyX509TrustManager() }, null);
return context;
}
catch (Exception e)
{
throw new IOException(e.getMessage());
}
}
private SSLContext getSSLContext() throws IOException
{
if (this.sslcontext == null)
{
this.sslcontext = createEasySSLContext();
}
return this.sslcontext;
}
/**
* @see org.apache.http.conn.scheme.SocketFactory#connectSocket(java.net.Socket, java.lang.String, int,
* java.net.InetAddress, int, org.apache.http.params.HttpParams)
*/
public Socket connectSocket(Socket sock,
String host,
int port,
InetAddress localAddress,
int localPort,
HttpParams params)
throws IOException, UnknownHostException, ConnectTimeoutException
{
int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
int soTimeout = HttpConnectionParams.getSoTimeout(params);
InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
if ((localAddress != null) || (localPort > 0))
{
// we need to bind explicitly
if (localPort < 0)
{
localPort = 0; // indicates "any"
}
InetSocketAddress isa = new InetSocketAddress(localAddress, localPort);
sslsock.bind(isa);
}
sslsock.connect(remoteAddress, connTimeout);
sslsock.setSoTimeout(soTimeout);
return sslsock;
}
/**
* @see org.apache.http.conn.scheme.SocketFactory#createSocket()
*/
public Socket createSocket() throws IOException {
return getSSLContext().getSocketFactory().createSocket();
}
/**
* @see org.apache.http.conn.scheme.SocketFactory#isSecure(java.net.Socket)
*/
public boolean isSecure(Socket socket) throws IllegalArgumentException {
return true;
}
/**
* @see org.apache.http.conn.scheme.LayeredSocketFactory#createSocket(java.net.Socket, java.lang.String, int,
* boolean)
*/
public Socket createSocket(Socket socket,
String host,
int port,
boolean autoClose) throws IOException,
UnknownHostException
{
return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
}
// -------------------------------------------------------------------
// javadoc in org.apache.http.conn.scheme.SocketFactory says :
// Both Object.equals() and Object.hashCode() must be overridden
// for the correct operation of some connection managers
// -------------------------------------------------------------------
public boolean equals(Object obj) {
return ((obj != null) && obj.getClass().equals(EasySSLSocketFactory.class));
}
public int hashCode() {
return EasySSLSocketFactory.class.hashCode();
}
}

View File

@ -0,0 +1,26 @@
package org.fox.ttrss;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
// http://stackoverflow.com/questions/6989116/httpget-not-working-due-to-not-trusted-server-certificate-but-it-works-with-ht
public class EasyX509TrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException { }
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException { }
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}

View File

@ -133,6 +133,7 @@ public class FeedsFragment extends Fragment implements OnItemClickListener {
FeedsRequest fr = new FeedsRequest(); FeedsRequest fr = new FeedsRequest();
fr.setApi(m_prefs.getString("ttrss_url", null)); fr.setApi(m_prefs.getString("ttrss_url", null));
fr.setTrustAny(m_prefs.getBoolean("ssl_trust_any", false));
final String sessionId = ((MainActivity)getActivity()).getSessionId(); final String sessionId = ((MainActivity)getActivity()).getSessionId();
final boolean unreadOnly = ((MainActivity)getActivity()).getUnreadOnly(); final boolean unreadOnly = ((MainActivity)getActivity()).getUnreadOnly();
@ -212,8 +213,9 @@ public class FeedsFragment extends Fragment implements OnItemClickListener {
// report null object received // report null object received
} }
return; showLoading(false);
return;
} }
} }

View File

@ -125,6 +125,7 @@ public class HeadlinesFragment extends Fragment implements OnItemClickListener {
HeadlinesRequest req = new HeadlinesRequest(); HeadlinesRequest req = new HeadlinesRequest();
req.setApi(m_prefs.getString("ttrss_url", null)); req.setApi(m_prefs.getString("ttrss_url", null));
req.setTrustAny(m_prefs.getBoolean("ssl_trust_any", false));
final String sessionId = ((MainActivity)getActivity()).getSessionId(); final String sessionId = ((MainActivity)getActivity()).getSessionId();
final boolean showUnread = ((MainActivity)getActivity()).getUnreadArticlesOnly(); final boolean showUnread = ((MainActivity)getActivity()).getUnreadArticlesOnly();
@ -226,6 +227,8 @@ public class HeadlinesFragment extends Fragment implements OnItemClickListener {
// report null object // report null object
} }
showLoading(false);
return; return;
} }

View File

@ -490,8 +490,10 @@ public class MainActivity extends FragmentActivity implements FeedsFragment.OnFe
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
} else {
setLoadingStatus(R.string.login_no_data, false);
} }
} }
} }
@Override @Override
@ -601,6 +603,7 @@ public class MainActivity extends FragmentActivity implements FeedsFragment.OnFe
LoginRequest ar = new LoginRequest(); LoginRequest ar = new LoginRequest();
ar.setApi(m_prefs.getString("ttrss_url", null)); ar.setApi(m_prefs.getString("ttrss_url", null));
ar.setTrustAny(m_prefs.getBoolean("ssl_trust_any", false));
HashMap<String,String> map = new HashMap<String,String>() { HashMap<String,String> map = new HashMap<String,String>() {
{ {