Created separate enable and disable methods for SSL validation

Joonas Kannisto · Joonas Kannisto · commit 53f2d2e6c717 · 2024-10-25T13:46:54.000+03:00
diff --git a/README.md b/README.md
@@ -483,18 +483,24 @@ certificatePinningAdd("mydomain.com", ["DCU5TkA8n3L8+QM7dyTjfRlxWibigF+1cxMzRhlJ
 certificatePinningClear();
 ```
 
-### Allow SSL errors and self-signed certificates
+### Enable or disable SSL validations
 
-You can allow SSL errors and self-signed certificates if you want. This only works on android devices.
+Enable or disable SSL validations. This only works on android devices.
 
 ```typescript
-import { allowSslErrors } from "@klippa/nativescript-http";
+import { disableSSLValidation, enableSSLValidation } from "@klippa/nativescript-http";
 
 /**
- * Allow SSL errors and self-signed certificates
- * @param allow true/false
+ * Enable SSL validation
+ * ** Only Android **
  */
-allowSslErrors(true);
+export declare function enableSSLValidation(): void;
+
+/**
+ * Disable SSL validation
+ * ** Only Android **
+ */
+export declare function disableSSLValidation(): void;
 ```
 
 ## Roadmap
diff --git a/src/http.android.ts b/src/http.android.ts
@@ -496,8 +496,12 @@ export function clearCookies() {
     com.klippa.NativeScriptHTTP.Async.Http.ClearCookies();
 }
 
-export function allowSslErrors(allow: boolean) {
-    com.klippa.NativeScriptHTTP.Async.Http.AllowSslErrors(allow);
+export function enableSSLValidation() {
+    com.klippa.NativeScriptHTTP.Async.Http.EnableSSLValidation();
+}
+
+export function disableSSLValidation() {
+    com.klippa.NativeScriptHTTP.Async.Http.DisableSSLValidation();
 }
 
 export function setUserAgent(userAgent?: string) {
diff --git a/src/index.d.ts b/src/index.d.ts
@@ -113,11 +113,16 @@ export declare function setConcurrencyLimits(maxRequests: number, maxRequestsPer
 export declare function clearCookies(): void;
 
 /**
- * Allow SSL errors and self-signed certificates
+ * Enable SSL validation
  * ** Only Android **
- * @param allow true/false
  */
-export declare function allowSslErrors(allow: boolean): void;
+export declare function enableSSLValidation(): void;
+
+/**
+ * Disable SSL validation
+ * ** Only Android **
+ */
+export declare function disableSSLValidation(): void;
 
 /**
  * Set a global user agent.
diff --git a/src/platforms/android/java/com/klippa/NativeScriptHTTP/Async.java b/src/platforms/android/java/com/klippa/NativeScriptHTTP/Async.java
@@ -9,6 +9,8 @@
 import java.io.Closeable;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Locale;
 import java.util.Stack;
@@ -17,6 +19,11 @@
 import java.util.concurrent.ThreadPoolExecutor;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
 import okhttp3.Call;
 import okhttp3.Callback;
 import okhttp3.CertificatePinner;
@@ -29,6 +36,7 @@
 import okhttp3.ResponseBody;
 import okhttp3.WebSocket;
 import okhttp3.WebSocketListener;
+import okhttp3.internal.tls.OkHostnameVerifier;
 
 public class Async {
     static final String TAG = "Async";
@@ -89,55 +97,26 @@ public static class Http {
         private static MemoryCookieJar cookieJar;
         private static CertificatePinner.Builder certificatePinnerBuilder;
         private static ImageParseMethod imageParseMethod = ImageParseMethod.CONTENTTYPE;
-        private static boolean allowSslErrors = false;
+
+        private static TrustManager TRUST_ALL_CERTS = new X509TrustManager() {
+            @Override
+            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) { }
+
+            @Override
+            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) { }
+
+            @Override
+            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                return new java.security.cert.X509Certificate[] {};
+            }
+        };
 
         public static void InitClient() {
             if (cookieJar == null) {
                 cookieJar = new MemoryCookieJar();
             }
 
             if (client == null) {
-                if (allowSslErrors) {
-                    // Allow all ssl errors
-                    try {
-                        javax.net.ssl.TrustManager TRUST_ALL_CERTS = new javax.net.ssl.X509TrustManager() {
-                            @Override
-                            public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
-                            }
-
-                            @Override
-                            public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
-                            }
-
-                            @Override
-                            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
-                                return new java.security.cert.X509Certificate[] {};
-                            }
-                        };
-
-                        javax.net.ssl.SSLContext sslContext = javax.net.ssl.SSLContext.getInstance("SSL");
-                        sslContext.init(null, new javax.net.ssl.TrustManager[] { TRUST_ALL_CERTS }, new java.security.SecureRandom());
-                        client = new OkHttpClient.Builder()
-                            .writeTimeout(60, TimeUnit.SECONDS)
-                            .readTimeout(60, TimeUnit.SECONDS)
-                            .connectTimeout(60, TimeUnit.SECONDS)
-                            .sslSocketFactory(sslContext.getSocketFactory(), (javax.net.ssl.X509TrustManager) TRUST_ALL_CERTS)
-                            .hostnameVerifier(new javax.net.ssl.HostnameVerifier() {
-                                @Override
-                                public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
-                                    return true;
-                                }
-                            })
-                            .cookieJar(cookieJar)
-                            .build();
-                    }  catch (java.security.KeyManagementException e) {
-                        e.printStackTrace();
-                    } catch (java.security.NoSuchAlgorithmException e) {
-                        e.printStackTrace();
-                    }
-                    return;
-                }
-
                 client = new OkHttpClient.Builder()
                         .writeTimeout(60, TimeUnit.SECONDS)
                         .readTimeout(60, TimeUnit.SECONDS)
@@ -230,10 +209,56 @@ public static void ClearCookies() {
             }
         }
 
-        public static void AllowSslErrors(boolean allow) {
-            client = null;
-            allowSslErrors = allow;
+        public static void EnableSSLValidation() {
+            InitClient();
+            
+            try {
+                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                trustManagerFactory.init((KeyStore) null);
+                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+                
+                X509TrustManager trustManager = null;
+                for (TrustManager tm : trustManagers) {
+                    if (tm instanceof X509TrustManager) {
+                        trustManager = (X509TrustManager) tm;
+                        break;
+                    }
+                }
+                if (trustManager != null) {
+                    SSLContext sslContext = SSLContext.getInstance("TLS");
+                    sslContext.init(null, new TrustManager[] { trustManager }, new SecureRandom());
+
+                    client = client.newBuilder()
+                        .sslSocketFactory(sslContext.getSocketFactory(), trustManager)
+                        .hostnameVerifier(OkHostnameVerifier.INSTANCE)
+                        .build();
+                }
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+
+        public static void DisableSSLValidation() {
             InitClient();
+
+            try {
+                SSLContext sslContext = SSLContext.getInstance("SSL");
+                sslContext.init(null, new TrustManager[] { TRUST_ALL_CERTS }, new SecureRandom());
+
+                client = client.newBuilder()
+                    .sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) TRUST_ALL_CERTS)
+                    .hostnameVerifier(new javax.net.ssl.HostnameVerifier() {
+                        @Override
+                        public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
+                            return true;
+                        }
+                    })
+                    .build();
+            }  catch (java.security.KeyManagementException e) {
+                e.printStackTrace();
+            } catch (java.security.NoSuchAlgorithmException e) {
+                e.printStackTrace();
+            }
         }
 
         public static void SetImageParseMethod(ImageParseMethod newImageParseMethod) {
diff --git a/src/typings/android.d.ts b/src/typings/android.d.ts
@@ -25,7 +25,8 @@ declare module com {
 					public static class: java.lang.Class<com.klippa.NativeScriptHTTP.Async.Http>;
 					public static SetConcurrencyLimits(param0: number, param1: number): void;
 					public static ClearCookies(): void;
-					public static AllowSslErrors(param0: boolean): void;
+					public static EnableSSLValidation(): void;
+					public static DisableSSLValidation(): void;
 					public static MakeRequest(param0: com.klippa.NativeScriptHTTP.Async.Http.RequestOptions, param1: com.klippa.NativeScriptHTTP.Async.CompleteCallback, param2: any): void;
 					public constructor();
 					public static InitClient(): void;

Original file line number	Diff line number	Diff line change
`@@ -496,8 +496,12 @@ export function clearCookies() {`
`496`	`496`	`com.klippa.NativeScriptHTTP.Async.Http.ClearCookies();`
`497`	`497`	`}`
`498`	`498`
`499`		`-export function allowSslErrors(allow: boolean) {`
`500`		`- com.klippa.NativeScriptHTTP.Async.Http.AllowSslErrors(allow);`
	`499`	`+export function enableSSLValidation() {`
	`500`	`+ com.klippa.NativeScriptHTTP.Async.Http.EnableSSLValidation();`
	`501`	`+}`
	`502`	`+`
	`503`	`+export function disableSSLValidation() {`
	`504`	`+ com.klippa.NativeScriptHTTP.Async.Http.DisableSSLValidation();`
`501`	`505`	`}`
`502`	`506`
`503`	`507`	`export function setUserAgent(userAgent?: string) {`