From 3e0a2f591ae5e7cef07c68a6198f028104f14133 Mon Sep 17 00:00:00 2001 From: septs Date: Sun, 17 Nov 2024 10:27:44 +0800 Subject: [PATCH 1/4] feat: ignore tls certificate --- .../core/DefaultEuiccChannelFactory.kt | 6 +++-- .../angry/openeuicc/core/EuiccChannelImpl.kt | 5 ++-- .../im/angry/openeuicc/ui/SettingsFragment.kt | 3 +++ .../angry/openeuicc/util/PreferenceUtils.kt | 9 ++++++++ app-common/src/main/res/values/strings.xml | 2 ++ app-common/src/main/res/xml/pref_settings.xml | 6 +++++ .../core/PrivilegedEuiccChannelFactory.kt | 3 ++- .../lpac_jni/impl/HttpInterfaceImpl.kt | 23 +++++++++++++++---- .../lpac_jni/impl/IgnoreTLSCertificate.kt | 22 ++++++++++++++++++ 9 files changed, 69 insertions(+), 10 deletions(-) create mode 100644 libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/IgnoreTLSCertificate.kt diff --git a/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt b/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt index 410cccc..eea45e0 100644 --- a/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt +++ b/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt @@ -42,7 +42,8 @@ open class DefaultEuiccChannelFactory(protected val context: Context) : EuiccCha port, context.preferenceRepository.verboseLoggingFlow ), - context.preferenceRepository.verboseLoggingFlow + context.preferenceRepository.verboseLoggingFlow, + context.preferenceRepository.ignoreTLSCertificate, ).also { Log.i(DefaultEuiccChannelManager.TAG, "Is OMAPI channel, setting MSS to 60") it.lpa.setEs10xMss(60) @@ -72,7 +73,8 @@ open class DefaultEuiccChannelFactory(protected val context: Context) : EuiccCha bulkOut, context.preferenceRepository.verboseLoggingFlow ), - context.preferenceRepository.verboseLoggingFlow + context.preferenceRepository.verboseLoggingFlow, + context.preferenceRepository.ignoreTLSCertificate, ) } diff --git a/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt b/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt index 9bccbff..f305a1b 100644 --- a/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt +++ b/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt @@ -11,14 +11,15 @@ class EuiccChannelImpl( override val type: String, override val port: UiccPortInfoCompat, apduInterface: ApduInterface, - verboseLoggingFlow: Flow + verboseLoggingFlow: Flow, + ignoreTLSCertificate: Flow ) : EuiccChannel { override val slotId = port.card.physicalSlotIndex override val logicalSlotId = port.logicalSlotIndex override val portId = port.portIndex override val lpa: LocalProfileAssistant = - LocalProfileAssistantImpl(apduInterface, HttpInterfaceImpl(verboseLoggingFlow)) + LocalProfileAssistantImpl(apduInterface, HttpInterfaceImpl(verboseLoggingFlow, ignoreTLSCertificate)) override val valid: Boolean get() = lpa.valid diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt b/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt index f368732..83be1ea 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt @@ -75,6 +75,9 @@ class SettingsFragment: PreferenceFragmentCompat() { findPreference("pref_developer_experimental_download_wizard") ?.bindBooleanFlow(preferenceRepository.experimentalDownloadWizardFlow, PreferenceKeys.EXPERIMENTAL_DOWNLOAD_WIZARD) + + findPreference("pref_ignore_tls_certificate") + ?.bindBooleanFlow(preferenceRepository.ignoreTLSCertificate, PreferenceKeys.IGNORE_TLS_CERTIFICATE) } override fun onStart() { diff --git a/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt b/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt index 700c4cd..133204c 100644 --- a/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt +++ b/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt @@ -20,13 +20,19 @@ val Fragment.preferenceRepository: PreferenceRepository get() = requireContext().preferenceRepository object PreferenceKeys { + // ---- Profile Notifications ---- val NOTIFICATION_DOWNLOAD = booleanPreferencesKey("notification_download") val NOTIFICATION_DELETE = booleanPreferencesKey("notification_delete") val NOTIFICATION_SWITCH = booleanPreferencesKey("notification_switch") + + // ---- Advanced ---- val DISABLE_SAFEGUARD_REMOVABLE_ESIM = booleanPreferencesKey("disable_safeguard_removable_esim") val VERBOSE_LOGGING = booleanPreferencesKey("verbose_logging") + + // ---- Developer Options ---- val DEVELOPER_OPTIONS_ENABLED = booleanPreferencesKey("developer_options_enabled") val EXPERIMENTAL_DOWNLOAD_WIZARD = booleanPreferencesKey("experimental_download_wizard") + val IGNORE_TLS_CERTIFICATE = booleanPreferencesKey("ignore_tls_certificate") } class PreferenceRepository(context: Context) { @@ -57,6 +63,9 @@ class PreferenceRepository(context: Context) { val experimentalDownloadWizardFlow: Flow = dataStore.data.map { it[PreferenceKeys.EXPERIMENTAL_DOWNLOAD_WIZARD] ?: false } + val ignoreTLSCertificate: Flow = + dataStore.data.map { it[PreferenceKeys.IGNORE_TLS_CERTIFICATE] ?: false } + suspend fun updatePreference(key: Preferences.Key, value: T) { dataStore.edit { it[key] = value diff --git a/app-common/src/main/res/values/strings.xml b/app-common/src/main/res/values/strings.xml index 062a5c0..a2373a3 100644 --- a/app-common/src/main/res/values/strings.xml +++ b/app-common/src/main/res/values/strings.xml @@ -123,6 +123,8 @@ Developer Options Experimental Download Wizard Enable the experimental new download wizard. Note that it is not fully working yet. + Do not check SM-DP+ TLS certificate + Do not check SM-DP+ TLS certificate, allow any RSP Info App Version Source Code diff --git a/app-common/src/main/res/xml/pref_settings.xml b/app-common/src/main/res/xml/pref_settings.xml index 150aca5..d43c84b 100644 --- a/app-common/src/main/res/xml/pref_settings.xml +++ b/app-common/src/main/res/xml/pref_settings.xml @@ -55,6 +55,12 @@ app:title="@string/pref_developer_experimental_download_wizard" app:summary="@string/pref_developer_experimental_download_wizard_desc" /> + + ) : HttpInterface { +class HttpInterfaceImpl( + private val verboseLoggingFlow: Flow, + private val ignoreTLSCertificate: Flow +) : HttpInterface { companion object { private const val TAG = "HttpInterfaceImpl" } @@ -36,9 +40,6 @@ class HttpInterfaceImpl(private val verboseLoggingFlow: Flow) : HttpInt } try { - val sslContext = SSLContext.getInstance("TLS") - sslContext.init(null, trustManagers, SecureRandom()) - val conn = parsedUrl.openConnection() as HttpsURLConnection conn.connectTimeout = 2000 @@ -47,7 +48,7 @@ class HttpInterfaceImpl(private val verboseLoggingFlow: Flow) : HttpInt conn.readTimeout = 1000 } - conn.sslSocketFactory = sslContext.socketFactory + conn.sslSocketFactory = getSocketFactory() conn.requestMethod = "POST" conn.doInput = true conn.doOutput = true @@ -79,6 +80,18 @@ class HttpInterfaceImpl(private val verboseLoggingFlow: Flow) : HttpInt } } + private fun getSocketFactory(): SSLSocketFactory { + val trustManagers = + if (runBlocking { ignoreTLSCertificate.first() }) { + arrayOf(IgnoreTLSCertificate()) + } else { + this.trustManagers + } + val sslContext = SSLContext.getInstance("TLS") + sslContext.init(null, trustManagers, SecureRandom()) + return sslContext.socketFactory + } + override fun usePublicKeyIds(pkids: Array) { val trustManagerFactory = TrustManagerFactory.getInstance("PKIX").apply { init(keyIdToKeystore(pkids)) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/IgnoreTLSCertificate.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/IgnoreTLSCertificate.kt new file mode 100644 index 0000000..7b13282 --- /dev/null +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/IgnoreTLSCertificate.kt @@ -0,0 +1,22 @@ +package net.typeblog.lpac_jni.impl + +import android.annotation.SuppressLint +import java.security.cert.X509Certificate +import javax.net.ssl.X509TrustManager + +@SuppressLint("CustomX509TrustManager") +class IgnoreTLSCertificate : X509TrustManager { + @SuppressLint("TrustAllX509TrustManager") + override fun checkClientTrusted(p0: Array?, p1: String?) { + return + } + + @SuppressLint("TrustAllX509TrustManager") + override fun checkServerTrusted(p0: Array?, p1: String?) { + return + } + + override fun getAcceptedIssuers(): Array { + return emptyArray() + } +} \ No newline at end of file -- 2.45.3 From 1092be942a3408adb1629758f637350cef087380 Mon Sep 17 00:00:00 2001 From: septs Date: Sun, 17 Nov 2024 10:39:25 +0800 Subject: [PATCH 2/4] choer: accept reviews --- .../im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt | 4 ++-- .../src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt | 2 +- .../src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt | 2 +- app-common/src/main/res/values/strings.xml | 4 ++-- .../im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt b/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt index eea45e0..a8fa1d5 100644 --- a/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt +++ b/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt @@ -43,7 +43,7 @@ open class DefaultEuiccChannelFactory(protected val context: Context) : EuiccCha context.preferenceRepository.verboseLoggingFlow ), context.preferenceRepository.verboseLoggingFlow, - context.preferenceRepository.ignoreTLSCertificate, + context.preferenceRepository.ignoreTLSCertificateFlow, ).also { Log.i(DefaultEuiccChannelManager.TAG, "Is OMAPI channel, setting MSS to 60") it.lpa.setEs10xMss(60) @@ -74,7 +74,7 @@ open class DefaultEuiccChannelFactory(protected val context: Context) : EuiccCha context.preferenceRepository.verboseLoggingFlow ), context.preferenceRepository.verboseLoggingFlow, - context.preferenceRepository.ignoreTLSCertificate, + context.preferenceRepository.ignoreTLSCertificateFlow, ) } diff --git a/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt b/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt index 83be1ea..89963cb 100644 --- a/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt +++ b/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt @@ -77,7 +77,7 @@ class SettingsFragment: PreferenceFragmentCompat() { ?.bindBooleanFlow(preferenceRepository.experimentalDownloadWizardFlow, PreferenceKeys.EXPERIMENTAL_DOWNLOAD_WIZARD) findPreference("pref_ignore_tls_certificate") - ?.bindBooleanFlow(preferenceRepository.ignoreTLSCertificate, PreferenceKeys.IGNORE_TLS_CERTIFICATE) + ?.bindBooleanFlow(preferenceRepository.ignoreTLSCertificateFlow, PreferenceKeys.IGNORE_TLS_CERTIFICATE) } override fun onStart() { diff --git a/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt b/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt index 133204c..505630e 100644 --- a/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt +++ b/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt @@ -63,7 +63,7 @@ class PreferenceRepository(context: Context) { val experimentalDownloadWizardFlow: Flow = dataStore.data.map { it[PreferenceKeys.EXPERIMENTAL_DOWNLOAD_WIZARD] ?: false } - val ignoreTLSCertificate: Flow = + val ignoreTLSCertificateFlow: Flow = dataStore.data.map { it[PreferenceKeys.IGNORE_TLS_CERTIFICATE] ?: false } suspend fun updatePreference(key: Preferences.Key, value: T) { diff --git a/app-common/src/main/res/values/strings.xml b/app-common/src/main/res/values/strings.xml index a2373a3..bdb89ca 100644 --- a/app-common/src/main/res/values/strings.xml +++ b/app-common/src/main/res/values/strings.xml @@ -123,8 +123,8 @@ Developer Options Experimental Download Wizard Enable the experimental new download wizard. Note that it is not fully working yet. - Do not check SM-DP+ TLS certificate - Do not check SM-DP+ TLS certificate, allow any RSP + Ignore SM-DP+ TLS certificate + Ignore SM-DP+ TLS certificate, allow any RSP Info App Version Source Code diff --git a/app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt b/app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt index 4860f6d..1537fc9 100644 --- a/app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt +++ b/app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt @@ -36,7 +36,7 @@ class PrivilegedEuiccChannelFactory(context: Context) : DefaultEuiccChannelFacto context.preferenceRepository.verboseLoggingFlow ), context.preferenceRepository.verboseLoggingFlow, - context.preferenceRepository.ignoreTLSCertificate, + context.preferenceRepository.ignoreTLSCertificateFlow, ) } catch (e: IllegalArgumentException) { // Failed -- 2.45.3 From 61319416ee5ca489f062c91b4b42b3236d5ac849 Mon Sep 17 00:00:00 2001 From: septs Date: Sun, 17 Nov 2024 10:40:57 +0800 Subject: [PATCH 3/4] choer: accept reviews --- .../src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt b/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt index f305a1b..79dec34 100644 --- a/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt +++ b/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt @@ -12,14 +12,14 @@ class EuiccChannelImpl( override val port: UiccPortInfoCompat, apduInterface: ApduInterface, verboseLoggingFlow: Flow, - ignoreTLSCertificate: Flow + ignoreTLSCertificateFlow: Flow ) : EuiccChannel { override val slotId = port.card.physicalSlotIndex override val logicalSlotId = port.logicalSlotIndex override val portId = port.portIndex override val lpa: LocalProfileAssistant = - LocalProfileAssistantImpl(apduInterface, HttpInterfaceImpl(verboseLoggingFlow, ignoreTLSCertificate)) + LocalProfileAssistantImpl(apduInterface, HttpInterfaceImpl(verboseLoggingFlow, ignoreTLSCertificateFlow)) override val valid: Boolean get() = lpa.valid -- 2.45.3 From 8578d47d35b1795ed0d9791da064c857c7a04a97 Mon Sep 17 00:00:00 2001 From: septs Date: Sun, 17 Nov 2024 10:41:33 +0800 Subject: [PATCH 4/4] choer: accept reviews --- .../main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt index 4fb47e3..77227f8 100644 --- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt +++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt @@ -15,7 +15,7 @@ import javax.net.ssl.TrustManagerFactory class HttpInterfaceImpl( private val verboseLoggingFlow: Flow, - private val ignoreTLSCertificate: Flow + private val ignoreTLSCertificateFlow: Flow ) : HttpInterface { companion object { private const val TAG = "HttpInterfaceImpl" @@ -82,7 +82,7 @@ class HttpInterfaceImpl( private fun getSocketFactory(): SSLSocketFactory { val trustManagers = - if (runBlocking { ignoreTLSCertificate.first() }) { + if (runBlocking { ignoreTLSCertificateFlow.first() }) { arrayOf(IgnoreTLSCertificate()) } else { this.trustManagers -- 2.45.3