Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for FritzBox 6690 #66

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Add support for FritzBox 6690 #66

wants to merge 7 commits into from

Conversation

kaklakariada
Copy link
Owner

Contributed by Manfred

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
7.2% Coverage on New Code (required ≥ 80%)
11.0% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 31, 2024
View reviewed changes
src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
try {
sslContext1.init(keyManagers, trustManagers, secureRandom);
sslContext.init(keyManagers, trustManagers, secureRandom);

Check failure

Code scanning / CodeQL

`TrustManager` that accepts all certificates High

This uses
TrustManager
Loading
, which is defined in
NullTrustManager
Loading
and trusts any certificate.

Copilot Autofix AI about 1 month ago

To fix the problem, we need to replace the NullTrustManager with a TrustManager that only trusts specific self-signed certificates. This involves creating a KeyStore containing the trusted certificates and initializing the TrustManagerFactory with this KeyStore. This way, only the specified certificates will be trusted, and the risk of a machine-in-the-middle attack is mitigated.

  1. Load the self-signed certificate into a KeyStore.
  2. Initialize a TrustManagerFactory with the KeyStore.
  3. Use the TrustManagerFactory to get the TrustManager array.
  4. Initialize the SSLContext with the TrustManager array.
Suggested changeset 1
src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java b/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
--- a/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
+++ b/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
@@ -22,2 +22,7 @@
 import javax.net.ssl.*;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
@@ -42,3 +47,3 @@
         final KeyManager[] keyManagers = null;
-        final TrustManager[] trustManagers = new TrustManager[] { new NullTrustManager() };
+        final TrustManager[] trustManagers = getTrustManagers();
         final SecureRandom secureRandom = new SecureRandom();
@@ -57,2 +62,23 @@
         }
+    }
+    private static TrustManager[] getTrustManagers() {
+        try {
+            // Load the self-signed certificate
+            File certificateFile = new File("path/to/self-signed-certificate");
+            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keyStore.load(null, null);
+            X509Certificate generatedCertificate;
+            try (InputStream cert = new FileInputStream(certificateFile)) {
+                generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
+                        .generateCertificate(cert);
+            }
+            keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
+
+            // Initialize TrustManagerFactory with the KeyStore
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+            return tmf.getTrustManagers();
+        } catch (Exception e) {
+            throw new HttpException("Error initializing trust managers", e);
+        }
     }
EOF
@@ -22,2 +22,7 @@
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

@@ -42,3 +47,3 @@
final KeyManager[] keyManagers = null;
final TrustManager[] trustManagers = new TrustManager[] { new NullTrustManager() };
final TrustManager[] trustManagers = getTrustManagers();
final SecureRandom secureRandom = new SecureRandom();
@@ -57,2 +62,23 @@
}
}
private static TrustManager[] getTrustManagers() {
try {
// Load the self-signed certificate
File certificateFile = new File("path/to/self-signed-certificate");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
X509Certificate generatedCertificate;
try (InputStream cert = new FileInputStream(certificateFile)) {
generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
.generateCertificate(cert);
}
keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);

// Initialize TrustManagerFactory with the KeyStore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
return tmf.getTrustManagers();
} catch (Exception e) {
throw new HttpException("Error initializing trust managers", e);
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@kaklakariada kaklakariada marked this pull request as draft January 4, 2025 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kaklakariada