android: Added hardcoded SSL cert to secure connection to HNSProxy

This commit is contained in:
Nathan Woodburn 2023-08-30 16:36:03 +10:00
parent 612b9f27e0
commit f9bcc1b0fd
Signed by: nathanwoodburn
GPG Key ID: 203B000478AD0EF1
8 changed files with 38 additions and 3 deletions

View File

@ -14,6 +14,7 @@ import android.webkit.WebViewClient;
import android.widget.Toast; import android.widget.Toast;
import java.net.InetAddress; import java.net.InetAddress;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.util.List; import java.util.List;
import java.util.concurrent.Executor; import java.util.concurrent.Executor;
@ -46,6 +47,12 @@ public class WebActivity extends AppCompatActivity {
// Set proxy to https://proxy.hnsproxy.au // Set proxy to https://proxy.hnsproxy.au
WebSettings webSettings = webView.getSettings(); WebSettings webSettings = webView.getSettings();
webSettings.setJavaScriptEnabled(true);
webSettings.setDomStorageEnabled(true);
webSettings.setDatabaseEnabled(true);
webSettings.setMinimumFontSize(1);
webSettings.setMinimumLogicalFontSize(1);
webView.setWebViewClient(new WebViewClient() { webView.setWebViewClient(new WebViewClient() {
@Override @Override
public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm){ public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm){
@ -54,8 +61,34 @@ public class WebActivity extends AppCompatActivity {
} }
@Override @Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
handler.proceed(); // Ignore SSL certificate errors try {
new Thread(new Runnable() { Certificate certificate = error.getCertificate().getX509Certificate();
byte[] publicKeyBytes = certificate.getPublicKey().getEncoded();
MessageDigest sha256Digest = null;
sha256Digest = MessageDigest.getInstance("SHA-256");
byte[] sha256Hash = sha256Digest.digest(publicKeyBytes);
// Print the hash in hexadecimal format
StringBuilder hexString = new StringBuilder();
for (byte b : sha256Hash) {
hexString.append(String.format("%02X", b));
}
// Get TLSA hash via DIG
String siteHash = hexString.toString();
// Hard coded HNSHosting TLSA
String HNSHostingHash = "7A98E0BC147DA17025C8BF9647A7BF06D7C8F330E99E7BB8828FA9F8E7344B81";
if (siteHash.equals(HNSHostingHash)) {
handler.proceed(); // Ignore SSL certificate errors
} else {
Toast.makeText(WebActivity.this, "SSL ERROR: TLSA Mismatch", Toast.LENGTH_SHORT).show();
}
} catch (NoSuchAlgorithmException e) {
Toast.makeText(WebActivity.this, "SSL ERROR: TLSA check error", Toast.LENGTH_SHORT).show();
}
/*new Thread(new Runnable() {
@Override @Override
public void run() { public void run() {
boolean validSSL = false; boolean validSSL = false;
@ -71,6 +104,8 @@ public class WebActivity extends AppCompatActivity {
} }
// Get TLSA hash via DIG // Get TLSA hash via DIG
String siteHash = hexString.toString(); String siteHash = hexString.toString();
// TLSA lookup for HSD
String domain = url.replace("https://", ""); String domain = url.replace("https://", "");
if (domain.contains("/")) { if (domain.contains("/")) {
domain = domain.substring(0, domain.indexOf("/")); domain = domain.substring(0, domain.indexOf("/"));
@ -124,7 +159,7 @@ public class WebActivity extends AppCompatActivity {
}); });
} }
} }
}).start(); }).start();*/
} }
}); });
setProxy(); setProxy();