diff options
Diffstat (limited to 'main')
-rw-r--r-- | main/build.gradle.kts | 2 | ||||
-rw-r--r-- | main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt | 47 |
2 files changed, 28 insertions, 21 deletions
diff --git a/main/build.gradle.kts b/main/build.gradle.kts index cb4e28c9..0cf8d2e9 100644 --- a/main/build.gradle.kts +++ b/main/build.gradle.kts @@ -177,7 +177,7 @@ dependencies { dependencies.add("uiImplementation", "androidx.recyclerview:recyclerview:1.0.0") dependencies.add("uiImplementation", "androidx.appcompat:appcompat:1.1.0") dependencies.add("uiImplementation", "com.github.PhilJay:MPAndroidChart:v3.1.0") - dependencies.add("uiImplementation", "com.squareup.okhttp3:okhttp:3.2.0") + dependencies.add("uiImplementation", "com.squareup.okhttp3:okhttp:4.9.1") dependencies.add("uiImplementation", "androidx.core:core:$coreVersion") dependencies.add("uiImplementation", "androidx.core:core-ktx:$coreVersion") dependencies.add("uiImplementation", "androidx.fragment:fragment-ktx:$fragment_version") diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt index 6cd322ca..15806d15 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt @@ -29,6 +29,9 @@ import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.launch import kotlinx.coroutines.withContext import okhttp3.* +import okhttp3.Handshake.Companion.handshake +import okhttp3.HttpUrl.Companion.toHttpUrl +import okhttp3.HttpUrl.Companion.toHttpUrlOrNull import okhttp3.internal.tls.OkHostnameVerifier import java.io.IOException import java.security.MessageDigest @@ -58,8 +61,8 @@ class BasicAuthInterceptor(user: String, password: String) : Interceptor { } -fun getCompositeSSLSocketFactory(certPin: CertificatePinner, hostname: String): SSLSocketFactory { - val trustPinnedCerts = arrayOf<TrustManager>(object : X509TrustManager { +fun getCompositeSSLSocketFactory(certPin: CertificatePinner, hostname: String): Pair<SSLSocketFactory, X509TrustManager> { + val trustManager = object : X509TrustManager { override fun getAcceptedIssuers(): Array<X509Certificate> { return emptyArray() } @@ -73,14 +76,15 @@ fun getCompositeSSLSocketFactory(certPin: CertificatePinner, hostname: String): override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) { certPin.check(hostname, chain.toList()) } - }) + } + val trustPinnedCerts = arrayOf<TrustManager>(trustManager) // Install the all-trusting trust manager val sslContext = SSLContext.getInstance("TLS") sslContext.init(null, trustPinnedCerts, java.security.SecureRandom()) // Create an ssl socket factory with our all-trusting manager - return sslContext.socketFactory + return Pair(sslContext.socketFactory, trustManager) } @@ -105,11 +109,11 @@ class ImportRemoteConfig : DialogFragment() { mapping[ph] = prefs.getString("pin-${ph}", "") } - val defaultVerifier = OkHostnameVerifier.INSTANCE; + val defaultVerifier = OkHostnameVerifier; val pinHostVerifier = object : HostnameVerifier { - override fun verify(hostname: String?, session: SSLSession?): Boolean { - val unverifiedHandshake = Handshake.get(session) - val cert = unverifiedHandshake.peerCertificates()[0] as X509Certificate + override fun verify(hostname: String, session: SSLSession): Boolean { + val unverifiedHandshake = session.handshake() + val cert = unverifiedHandshake.peerCertificates[0] as X509Certificate val hostPin = CertificatePinner.pin(cert) if (mapping.containsKey(hostname) && mapping[hostname] == hostPin) @@ -142,13 +146,13 @@ class ImportRemoteConfig : DialogFragment() { val cpb = CertificatePinner.Builder() pinnedHosts.forEach { ph -> - cpb.add(ph, prefs.getString("pin-${ph}", "")) + cpb.add(ph, prefs.getString("pin-${ph}", "")!!) } val certPinner = cpb.build() getCompositeSSLSocketFactory(certPinner, hostname).let { - okHttpClient.sslSocketFactory(it) + okHttpClient.sslSocketFactory(it.first, it.second) } //okHttpClient.certificatePinner(certPinner) } @@ -195,7 +199,7 @@ class ImportRemoteConfig : DialogFragment() { fun fetchProfile(c: Context, asUri: HttpUrl, user: String, password: String): Response? { - val httpClient = buildHttpClient(c, user, password, asUri.host() ?: "") + val httpClient = buildHttpClient(c, user, password, asUri.host ?: "") val request = Request.Builder() .url(asUri) @@ -207,7 +211,7 @@ class ImportRemoteConfig : DialogFragment() { } - private fun getAsUrl(url: String, autologin: Boolean): HttpUrl { + private fun getAsUrl(url: String, autologin: Boolean): HttpUrl{ var asurl = url if (!asurl.startsWith("http")) asurl = "https://" + asurl @@ -217,7 +221,7 @@ class ImportRemoteConfig : DialogFragment() { else asurl += "/rest/GetUserlogin?tls-cryptv2=1" - val asUri = HttpUrl.parse(asurl) + val asUri = asurl.toHttpUrl() return asUri } @@ -300,7 +304,7 @@ class ImportRemoteConfig : DialogFragment() { if (importChoiceAS.isChecked) asProfileUri = getAsUrl(asServername.text.toString(), asUseAutologin.isChecked) else - asProfileUri = HttpUrl.parse(asServername.text.toString()) + asProfileUri = asServername.text.toString().toHttpUrl() var e: Exception? = null try { @@ -310,11 +314,11 @@ class ImportRemoteConfig : DialogFragment() { throw Exception("No Response from Server") } - val profile = response.body().string() - if (response.code() == 401 && crvMessage.matcher(profile).matches()) { + val profile = response.body?.string() + if (response.code == 401 && crvMessage.matcher(profile).matches()) { withContext(Dispatchers.Main) { pleaseWait?.dismiss() - showCRDialog(profile) + showCRDialog(profile!!) } } else if (response.isSuccessful) { @@ -327,7 +331,7 @@ class ImportRemoteConfig : DialogFragment() { dismiss() } } else { - throw Exception("Invalid Response from server: \n${response.code()} ${response.message()} \n\n ${profile}") + throw Exception("Invalid Response from server: \n${response.code} ${response.message} \n\n ${profile}") } } catch (ce: SSLHandshakeException) { @@ -353,7 +357,8 @@ class ImportRemoteConfig : DialogFragment() { AlertDialog.Builder(requireContext()) .setTitle("Untrusted certificate found") .setMessage(firstCert.toString()) - .setPositiveButton("Trust") { _, _ -> addPinnedCert(requireContext(), asProfileUri.host(), fp) } + .setPositiveButton("Trust") { _, _ -> addPinnedCert(requireContext(), + asProfileUri.host, fp) } .setNegativeButton("Do not trust", null) .show() } @@ -367,7 +372,9 @@ class ImportRemoteConfig : DialogFragment() { .setTitle("Different certificate than trusted certificate from server") .setMessage(ce.message) .setNegativeButton(android.R.string.ok, null) - .setPositiveButton("Forget pinned certificate", { _, _ -> removedPinnedCert(requireContext(), asProfileUri.host()) }) + .setPositiveButton("Forget pinned certificate", { _, _ -> removedPinnedCert(requireContext(), + asProfileUri.host + ) }) .show(); } e = null |