From 7b82a5b5a598a4941a9b013370c40737cbd38075 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 4 Oct 2021 07:37:27 +0200 Subject: Update okhttp to version 4.9.1 and adjust API usage --- .../blinkt/openvpn/fragments/ImportRemoteConfig.kt | 47 +++++++++++++--------- 1 file changed, 27 insertions(+), 20 deletions(-) (limited to 'main/src/ui/java') diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt index 6cd322ca..15806d15 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/ImportRemoteConfig.kt @@ -29,6 +29,9 @@ import kotlinx.coroutines.Dispatchers import kotlinx.coroutines.launch import kotlinx.coroutines.withContext import okhttp3.* +import okhttp3.Handshake.Companion.handshake +import okhttp3.HttpUrl.Companion.toHttpUrl +import okhttp3.HttpUrl.Companion.toHttpUrlOrNull import okhttp3.internal.tls.OkHostnameVerifier import java.io.IOException import java.security.MessageDigest @@ -58,8 +61,8 @@ class BasicAuthInterceptor(user: String, password: String) : Interceptor { } -fun getCompositeSSLSocketFactory(certPin: CertificatePinner, hostname: String): SSLSocketFactory { - val trustPinnedCerts = arrayOf(object : X509TrustManager { +fun getCompositeSSLSocketFactory(certPin: CertificatePinner, hostname: String): Pair { + val trustManager = object : X509TrustManager { override fun getAcceptedIssuers(): Array { return emptyArray() } @@ -73,14 +76,15 @@ fun getCompositeSSLSocketFactory(certPin: CertificatePinner, hostname: String): override fun checkServerTrusted(chain: Array, authType: String) { certPin.check(hostname, chain.toList()) } - }) + } + val trustPinnedCerts = arrayOf(trustManager) // Install the all-trusting trust manager val sslContext = SSLContext.getInstance("TLS") sslContext.init(null, trustPinnedCerts, java.security.SecureRandom()) // Create an ssl socket factory with our all-trusting manager - return sslContext.socketFactory + return Pair(sslContext.socketFactory, trustManager) } @@ -105,11 +109,11 @@ class ImportRemoteConfig : DialogFragment() { mapping[ph] = prefs.getString("pin-${ph}", "") } - val defaultVerifier = OkHostnameVerifier.INSTANCE; + val defaultVerifier = OkHostnameVerifier; val pinHostVerifier = object : HostnameVerifier { - override fun verify(hostname: String?, session: SSLSession?): Boolean { - val unverifiedHandshake = Handshake.get(session) - val cert = unverifiedHandshake.peerCertificates()[0] as X509Certificate + override fun verify(hostname: String, session: SSLSession): Boolean { + val unverifiedHandshake = session.handshake() + val cert = unverifiedHandshake.peerCertificates[0] as X509Certificate val hostPin = CertificatePinner.pin(cert) if (mapping.containsKey(hostname) && mapping[hostname] == hostPin) @@ -142,13 +146,13 @@ class ImportRemoteConfig : DialogFragment() { val cpb = CertificatePinner.Builder() pinnedHosts.forEach { ph -> - cpb.add(ph, prefs.getString("pin-${ph}", "")) + cpb.add(ph, prefs.getString("pin-${ph}", "")!!) } val certPinner = cpb.build() getCompositeSSLSocketFactory(certPinner, hostname).let { - okHttpClient.sslSocketFactory(it) + okHttpClient.sslSocketFactory(it.first, it.second) } //okHttpClient.certificatePinner(certPinner) } @@ -195,7 +199,7 @@ class ImportRemoteConfig : DialogFragment() { fun fetchProfile(c: Context, asUri: HttpUrl, user: String, password: String): Response? { - val httpClient = buildHttpClient(c, user, password, asUri.host() ?: "") + val httpClient = buildHttpClient(c, user, password, asUri.host ?: "") val request = Request.Builder() .url(asUri) @@ -207,7 +211,7 @@ class ImportRemoteConfig : DialogFragment() { } - private fun getAsUrl(url: String, autologin: Boolean): HttpUrl { + private fun getAsUrl(url: String, autologin: Boolean): HttpUrl{ var asurl = url if (!asurl.startsWith("http")) asurl = "https://" + asurl @@ -217,7 +221,7 @@ class ImportRemoteConfig : DialogFragment() { else asurl += "/rest/GetUserlogin?tls-cryptv2=1" - val asUri = HttpUrl.parse(asurl) + val asUri = asurl.toHttpUrl() return asUri } @@ -300,7 +304,7 @@ class ImportRemoteConfig : DialogFragment() { if (importChoiceAS.isChecked) asProfileUri = getAsUrl(asServername.text.toString(), asUseAutologin.isChecked) else - asProfileUri = HttpUrl.parse(asServername.text.toString()) + asProfileUri = asServername.text.toString().toHttpUrl() var e: Exception? = null try { @@ -310,11 +314,11 @@ class ImportRemoteConfig : DialogFragment() { throw Exception("No Response from Server") } - val profile = response.body().string() - if (response.code() == 401 && crvMessage.matcher(profile).matches()) { + val profile = response.body?.string() + if (response.code == 401 && crvMessage.matcher(profile).matches()) { withContext(Dispatchers.Main) { pleaseWait?.dismiss() - showCRDialog(profile) + showCRDialog(profile!!) } } else if (response.isSuccessful) { @@ -327,7 +331,7 @@ class ImportRemoteConfig : DialogFragment() { dismiss() } } else { - throw Exception("Invalid Response from server: \n${response.code()} ${response.message()} \n\n ${profile}") + throw Exception("Invalid Response from server: \n${response.code} ${response.message} \n\n ${profile}") } } catch (ce: SSLHandshakeException) { @@ -353,7 +357,8 @@ class ImportRemoteConfig : DialogFragment() { AlertDialog.Builder(requireContext()) .setTitle("Untrusted certificate found") .setMessage(firstCert.toString()) - .setPositiveButton("Trust") { _, _ -> addPinnedCert(requireContext(), asProfileUri.host(), fp) } + .setPositiveButton("Trust") { _, _ -> addPinnedCert(requireContext(), + asProfileUri.host, fp) } .setNegativeButton("Do not trust", null) .show() } @@ -367,7 +372,9 @@ class ImportRemoteConfig : DialogFragment() { .setTitle("Different certificate than trusted certificate from server") .setMessage(ce.message) .setNegativeButton(android.R.string.ok, null) - .setPositiveButton("Forget pinned certificate", { _, _ -> removedPinnedCert(requireContext(), asProfileUri.host()) }) + .setPositiveButton("Forget pinned certificate", { _, _ -> removedPinnedCert(requireContext(), + asProfileUri.host + ) }) .show(); } e = null -- cgit v1.2.3