Skip to content

Commit

Permalink
android: enable insecure SSL on Exoplayer (#952)
Browse files Browse the repository at this point in the history
  • Loading branch information
pulsejet committed Mar 25, 2024
1 parent a9fb431 commit 99c495b
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 28 deletions.
6 changes: 6 additions & 0 deletions android/app/src/main/java/gallery/memories/MainActivity.kt
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,7 @@ class MainActivity : AppCompatActivity() {
} else null
}

@SuppressLint("WebViewClientOnReceivedSslError")
override fun onReceivedSslError(
view: WebView?,
handler: SslErrorHandler?,
Expand Down Expand Up @@ -294,6 +295,11 @@ class MainActivity : AppCompatActivity() {
playerUris = uris
playerUid = uid

// Set insecure TLS if enabled
if (nativex.http.isTrustingAllCertificates) {
nativex.http.setDefaultInsecureTLS()
}

// Build exoplayer
player = ExoPlayer.Builder(this)
.build()
Expand Down
86 changes: 58 additions & 28 deletions android/app/src/main/java/gallery/memories/service/HttpService.kt
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package gallery.memories.service

import android.annotation.SuppressLint
import android.net.Uri
import android.util.Base64
import android.webkit.WebView
Expand All @@ -13,8 +14,8 @@ import org.json.JSONObject
import java.security.SecureRandom
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.HttpsURLConnection
import javax.net.ssl.SSLContext
import javax.net.ssl.TrustManager
import javax.net.ssl.X509TrustManager


Expand All @@ -28,6 +29,8 @@ class HttpService {
private var mBaseUrl: String? = null
private var mTrustAll = false

private var mTrustAllDefault = false

/**
* Check if all certificates are trusted
*/
Expand All @@ -50,40 +53,29 @@ class HttpService {
mBaseUrl = url
mTrustAll = trustAll
client = if (trustAll) {
val trustAllCerts = arrayOf<TrustManager>(
object : X509TrustManager {
@Throws(CertificateException::class)
override fun checkClientTrusted(
chain: Array<X509Certificate>,
authType: String
) {
}

@Throws(CertificateException::class)
override fun checkServerTrusted(
chain: Array<X509Certificate>,
authType: String
) {
}

override fun getAcceptedIssuers(): Array<X509Certificate> {
return arrayOf()
}
}
)

val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, trustAllCerts, SecureRandom())

val (sc, tm) = getInsecureTLSContext()
OkHttpClient.Builder()
.sslSocketFactory(sslContext.socketFactory, trustAllCerts[0] as X509TrustManager)
.hostnameVerifier({ hostname, session -> true })
.sslSocketFactory(sc.socketFactory, tm)
.hostnameVerifier { _, _ -> true }
.build()
} else {
OkHttpClient()
}
}

/**
* Set the default HTTPS connection factory to insecure
*/
fun setDefaultInsecureTLS() {
// do this only once in the application's lifetime
if (mTrustAllDefault) return
mTrustAllDefault = true

val (sc, tm) = getInsecureTLSContext()
HttpsURLConnection.setDefaultSSLSocketFactory(sc.socketFactory)
HttpsURLConnection.setDefaultHostnameVerifier { _, _ -> true }
}

/**
* Set the authorization header
* @param credentials The credentials to use
Expand Down Expand Up @@ -191,4 +183,42 @@ class HttpService {

return builder.build()
}

/**
* Get a SSL Context that trusts all certificates
*/
private fun getInsecureTLSContext(): Pair<SSLContext, X509TrustManager> {
val trustAllCerts = getInsecureTrustManager()
val sslContext = SSLContext.getInstance("SSL")
sslContext.init(null, arrayOf(trustAllCerts), SecureRandom())
return Pair(sslContext, trustAllCerts)
}

/**
* Get a trust manager that trusts all certificates
*/
private fun getInsecureTrustManager(): X509TrustManager {
return object : X509TrustManager {
@SuppressLint("TrustAllX509TrustManager")
@Throws(CertificateException::class)
override fun checkClientTrusted(
chain: Array<X509Certificate>,
authType: String
) {
}

@SuppressLint("TrustAllX509TrustManager")
@Throws(CertificateException::class)
override fun checkServerTrusted(
chain: Array<X509Certificate>,
authType: String
) {
}

override fun getAcceptedIssuers(): Array<X509Certificate> {
return arrayOf()
}
}
}

}

0 comments on commit 99c495b

Please sign in to comment.