Implement magic hostname verifier

Signed-off-by: Mario Danic <mario@lovelyhq.com>
2025-03-06 06:15:12 +00:00 · 2017-10-29 12:32:36 +01:00 · 2017-10-29 12:32:36 +01:00 · 734f4f5f5c
commit 734f4f5f5c
parent f571244e62
2 changed files with 42 additions and 1 deletions
--- a/app/src/main/java/com/nextcloud/talk/dagger/modules/RestModule.java
+++ b/app/src/main/java/com/nextcloud/talk/dagger/modules/RestModule.java
@ -125,7 +125,7 @@ public class RestModule {
        }

        httpClient.sslSocketFactory(sslSocketFactoryCompat, magicTrustManager);
-        httpClient.hostnameVerifier(OkHostnameVerifier.INSTANCE);
+        httpClient.hostnameVerifier(magicTrustManager.getHostnameVerifier(OkHostnameVerifier.INSTANCE));

        if (!Proxy.NO_PROXY.equals(proxy)) {
            httpClient.proxy(proxy);
@ -167,6 +167,7 @@ public class RestModule {
                    return null;
                }
            }
+
            return response.request().newBuilder()
                    .header("Proxy-Authorization", credentials)
                    .build();
--- a/app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java
+++ b/app/src/main/java/com/nextcloud/talk/utils/ssl/MagicTrustManager.java
@ -35,10 +35,14 @@ import java.security.KeyStoreException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;

+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;

+
 public class MagicTrustManager implements X509TrustManager {
    private static final String TAG = "MagicTrustManager";

@ -46,6 +50,12 @@ public class MagicTrustManager implements X509TrustManager {
    private X509TrustManager systemTrustManager = null;
    private KeyStore trustedKeyStore = null;

+    private HostnameVerifier hostnameVerifier;
+
+    public HostnameVerifier getHostnameVerifier(HostnameVerifier defaultHostNameVerifier) {
+        return new MagicHostnameVerifier(defaultHostNameVerifier);
+    }
+
    public MagicTrustManager() {
        keystoreFile = new File(NextcloudTalkApplication.getSharedApplication().getDir("CertsKeystore",
                Context.MODE_PRIVATE), "keystore.bks");
@ -130,4 +140,34 @@ public class MagicTrustManager implements X509TrustManager {
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
+
+    private class MagicHostnameVerifier implements HostnameVerifier {
+        private static final String TAG = "MagicHostnameVerifier";
+        private HostnameVerifier defaultHostNameVerifier;
+
+        public MagicHostnameVerifier(HostnameVerifier defaultHostNameVerifier) {
+            this.defaultHostNameVerifier = defaultHostNameVerifier;
+        }
+
+        @Override
+        public boolean verify(String s, SSLSession sslSession) {
+
+            if (defaultHostNameVerifier.verify(s, sslSession)) {
+                return true;
+            }
+
+
+            try {
+                X509Certificate[] certificates = (X509Certificate[]) sslSession.getPeerCertificates();
+                if (certificates.length > 0 && certificates[0] != null) {
+                    return true;
+                }
+            } catch (SSLPeerUnverifiedException e) {
+                Log.d(TAG, "Couldn't get certificate for host name verification");
+            }
+
+            return false;
+        }
+    }
+
 }