add http ignore_expiration setting

mwarning · May 19, 2020 · d6da67c · d6da67c
1 parent f76ea67
commit d6da67c
Show file tree

Hide file tree

Showing 4 changed files with 223 additions and 0 deletions.
diff --git a/app/src/main/java/app/trigger/HttpsDoorSetup.java b/app/src/main/java/app/trigger/HttpsDoorSetup.java
@@ -27,6 +27,7 @@ public class HttpsDoorSetup implements Setup {
     public String ssids;
     public Certificate certificate;
     public Boolean ignore_hostname_mismatch;
+    public Boolean ignore_expiration;
 
     public HttpsDoorSetup(int id, String name) {
         this.id = id;
@@ -44,6 +45,7 @@ public HttpsDoorSetup(int id, String name) {
         this.ssids = "";
         this.certificate = null;
         this.ignore_hostname_mismatch = false;
+        this.ignore_expiration = false;
     }
 
     @Override

diff --git a/app/src/main/java/app/trigger/https/HttpsRequestHandler.java b/app/src/main/java/app/trigger/https/HttpsRequestHandler.java
@@ -4,9 +4,18 @@
 import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
 
 import app.trigger.MainActivity.Action;
 import app.trigger.HttpsDoorSetup;
@@ -28,6 +37,22 @@ public HttpsRequestHandler(OnTaskCompleted listener, HttpsDoorSetup setup, Actio
         this.action = action;
     }
 
+    private static SSLSocketFactory getSocketFactoryIgnoreCertificateExpiredException()
+            throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
+        TrustManagerFactory factory;
+        factory = TrustManagerFactory.getInstance("X509");
+        factory.init((KeyStore) null);
+        TrustManager[] trustManagers = factory.getTrustManagers();
+        for (int i = 0; i < trustManagers.length; i++) {
+            if (trustManagers[i] instanceof X509TrustManager) {
+                trustManagers[i] = new IgnoreExpirationTrustManager((X509TrustManager) trustManagers[i]);
+            }
+        }
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, trustManagers, null);
+        return sslContext.getSocketFactory();
+    }
+
     public void run() {
         if (setup.getId() < 0) {
             this.listener.onTaskResult(setup.getId(), ReplyCode.LOCAL_ERROR, "Internal Error");
@@ -79,6 +104,11 @@ public void run() {
                 HttpsURLConnection.setDefaultSSLSocketFactory(
                     Utils.getSocketFactoryWithCertificate(setup.certificate)
                 );
+            } else if (setup.ignore_expiration) {
+                // ignore notBefore/notAfter
+                HttpsURLConnection.setDefaultSSLSocketFactory(
+                    getSocketFactoryIgnoreCertificateExpiredException()
+                );
             } else {
                 // system certificate
                 HttpsURLConnection.setDefaultSSLSocketFactory(

diff --git a/app/src/main/java/app/trigger/https/IgnoreExpirationTrustManager.java b/app/src/main/java/app/trigger/https/IgnoreExpirationTrustManager.java
@@ -0,0 +1,184 @@
+package app.trigger.https;
+
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Principal;
+import java.security.PublicKey;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.Set;
+
+import javax.net.ssl.X509TrustManager;
+
+
+class IgnoreExpirationTrustManager implements X509TrustManager {
+    private final X509TrustManager innerTrustManager;
+
+    public IgnoreExpirationTrustManager(X509TrustManager innerTrustManager) {
+        this.innerTrustManager = innerTrustManager;
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+        this.innerTrustManager.checkClientTrusted(chain, authType);
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+        chain = Arrays.copyOf(chain, chain.length);
+        X509Certificate[] newChain = new X509Certificate[chain.length];
+        newChain[0] = new EternalCertificate(chain[0]);
+        System.arraycopy(chain, 1, newChain, 1, chain.length - 1);
+        chain = newChain;
+    	this.innerTrustManager.checkServerTrusted(chain, authType);
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return this.innerTrustManager.getAcceptedIssuers();
+    }
+
+    private class EternalCertificate extends X509Certificate {
+        private final X509Certificate originalCertificate;
+
+        public EternalCertificate(X509Certificate originalCertificate) {
+            this.originalCertificate = originalCertificate;
+        }
+
+        @Override
+        public void checkValidity() {
+            // ignore notBefore/notAfter
+        }
+
+        @Override
+        public void checkValidity(Date date) {
+            // ignore notBefore/notAfter
+        }
+
+        @Override
+        public int getVersion() {
+            return originalCertificate.getVersion();
+        }
+
+        @Override
+        public BigInteger getSerialNumber() {
+            return originalCertificate.getSerialNumber();
+        }
+
+        @Override
+        public Principal getIssuerDN() {
+            return originalCertificate.getIssuerDN();
+        }
+
+        @Override
+        public Principal getSubjectDN() {
+            return originalCertificate.getSubjectDN();
+        }
+
+        @Override
+        public Date getNotBefore() {
+            return originalCertificate.getNotBefore();
+        }
+
+        @Override
+        public Date getNotAfter() {
+            return originalCertificate.getNotAfter();
+        }
+
+        @Override
+        public byte[] getTBSCertificate() throws CertificateEncodingException {
+            return originalCertificate.getTBSCertificate();
+        }
+
+        @Override
+        public byte[] getSignature() {
+            return originalCertificate.getSignature();
+        }
+
+        @Override
+        public String getSigAlgName() {
+            return originalCertificate.getSigAlgName();
+        }
+
+        @Override
+        public String getSigAlgOID() {
+            return originalCertificate.getSigAlgOID();
+        }
+
+        @Override
+        public byte[] getSigAlgParams() {
+            return originalCertificate.getSigAlgParams();
+        }
+
+        @Override
+        public boolean[] getIssuerUniqueID() {
+            return originalCertificate.getIssuerUniqueID();
+        }
+
+        @Override
+        public boolean[] getSubjectUniqueID() {
+            return originalCertificate.getSubjectUniqueID();
+        }
+
+        @Override
+        public boolean[] getKeyUsage() {
+            return originalCertificate.getKeyUsage();
+        }
+
+        @Override
+        public int getBasicConstraints() {
+            return originalCertificate.getBasicConstraints();
+        }
+
+        @Override
+        public byte[] getEncoded() throws CertificateEncodingException {
+            return originalCertificate.getEncoded();
+        }
+
+        @Override
+        public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
+            originalCertificate.verify(key);
+        }
+
+        @Override
+        public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
+            originalCertificate.verify(key, sigProvider);
+        }
+
+        @Override
+        public String toString() {
+            return originalCertificate.toString();
+        }
+
+        @Override
+        public PublicKey getPublicKey() {
+            return originalCertificate.getPublicKey();
+        }
+
+        @Override
+        public Set<String> getCriticalExtensionOIDs() {
+            return originalCertificate.getCriticalExtensionOIDs();
+        }
+
+        @Override
+        public byte[] getExtensionValue(String oid) {
+            return originalCertificate.getExtensionValue(oid);
+        }
+
+        @Override
+        public Set<String> getNonCriticalExtensionOIDs() {
+            return originalCertificate.getNonCriticalExtensionOIDs();
+        }
+
+        @Override
+        public boolean hasUnsupportedCriticalExtension() {
+            return originalCertificate.hasUnsupportedCriticalExtension();
+        }
+    }
+}
diff --git a/app/src/main/res/xml/setup.xml b/app/src/main/res/xml/setup.xml
@@ -82,6 +82,13 @@
             android:defaultValue="false"
             android:persistent="false" />
 
+        <CheckBoxPreference
+            android:key="ignore_expiration"
+            android:title="Disable Certificate Date Check"
+            android:summary="Warning: This disables security"
+            android:defaultValue="false"
+            android:persistent="false" />
+
         <app.trigger.ImagePreference
             android:key="open_image"
             android:title="Open Door Image"