1 年之前 · a3d59a0761
--- a/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt
+++ b/app-common/src/main/java/im/angry/openeuicc/core/DefaultEuiccChannelFactory.kt
@@ -42,7 +42,8 @@ open class DefaultEuiccChannelFactory(protected val context: Context) : EuiccCha
 
															                     port,
														
 
															                     context.preferenceRepository.verboseLoggingFlow
														
 
															                 ),
														
 
															-                context.preferenceRepository.verboseLoggingFlow
														
 
															+                context.preferenceRepository.verboseLoggingFlow,
														
 
															+                context.preferenceRepository.ignoreTLSCertificateFlow,
														
 
															             ).also {
														
 
															                 Log.i(DefaultEuiccChannelManager.TAG, "Is OMAPI channel, setting MSS to 60")
														
 
															                 it.lpa.setEs10xMss(60)
														
@@ -72,7 +73,8 @@ open class DefaultEuiccChannelFactory(protected val context: Context) : EuiccCha
 
															                 bulkOut,
														
 
															                 context.preferenceRepository.verboseLoggingFlow
														
 
															             ),
														
 
															-            context.preferenceRepository.verboseLoggingFlow
														
 
															+            context.preferenceRepository.verboseLoggingFlow,
														
 
															+            context.preferenceRepository.ignoreTLSCertificateFlow,
														
 
															         )
														
 
															     }
														
--- a/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt
+++ b/app-common/src/main/java/im/angry/openeuicc/core/EuiccChannelImpl.kt
@@ -11,14 +11,15 @@ class EuiccChannelImpl(
 
															     override val type: String,
														
 
															     override val port: UiccPortInfoCompat,
														
 
															     apduInterface: ApduInterface,
														
 
															-    verboseLoggingFlow: Flow<Boolean>
														
 
															+    verboseLoggingFlow: Flow<Boolean>,
														
 
															+    ignoreTLSCertificateFlow: Flow<Boolean>
														
 
															 ) : EuiccChannel {
														
 
															     override val slotId = port.card.physicalSlotIndex
														
 
															     override val logicalSlotId = port.logicalSlotIndex
														
 
															     override val portId = port.portIndex
														
 
															     override val lpa: LocalProfileAssistant =
														
 
															-        LocalProfileAssistantImpl(apduInterface, HttpInterfaceImpl(verboseLoggingFlow))
														
 
															+        LocalProfileAssistantImpl(apduInterface, HttpInterfaceImpl(verboseLoggingFlow, ignoreTLSCertificateFlow))
														
 
															     override val valid: Boolean
														
 
															         get() = lpa.valid
														
--- a/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt
+++ b/app-common/src/main/java/im/angry/openeuicc/ui/SettingsFragment.kt
@@ -75,6 +75,9 @@ class SettingsFragment: PreferenceFragmentCompat() {
 
															         findPreference<CheckBoxPreference>("pref_developer_experimental_download_wizard")
														
 
															             ?.bindBooleanFlow(preferenceRepository.experimentalDownloadWizardFlow, PreferenceKeys.EXPERIMENTAL_DOWNLOAD_WIZARD)
														
 
															+
														
 
															+        findPreference<CheckBoxPreference>("pref_ignore_tls_certificate")
														
 
															+            ?.bindBooleanFlow(preferenceRepository.ignoreTLSCertificateFlow, PreferenceKeys.IGNORE_TLS_CERTIFICATE)
														
 
															     }
														
 
															     override fun onStart() {
														
--- a/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt
+++ b/app-common/src/main/java/im/angry/openeuicc/util/PreferenceUtils.kt
@@ -20,13 +20,19 @@ val Fragment.preferenceRepository: PreferenceRepository
 
															     get() = requireContext().preferenceRepository
														
 
															 object PreferenceKeys {
														
 
															+    // ---- Profile Notifications ----
														
 
															     val NOTIFICATION_DOWNLOAD = booleanPreferencesKey("notification_download")
														
 
															     val NOTIFICATION_DELETE = booleanPreferencesKey("notification_delete")
														
 
															     val NOTIFICATION_SWITCH = booleanPreferencesKey("notification_switch")
														
 
															+
														
 
															+    // ---- Advanced ----
														
 
															     val DISABLE_SAFEGUARD_REMOVABLE_ESIM = booleanPreferencesKey("disable_safeguard_removable_esim")
														
 
															     val VERBOSE_LOGGING = booleanPreferencesKey("verbose_logging")
														
 
															+
														
 
															+    // ---- Developer Options ----
														
 
															     val DEVELOPER_OPTIONS_ENABLED = booleanPreferencesKey("developer_options_enabled")
														
 
															     val EXPERIMENTAL_DOWNLOAD_WIZARD = booleanPreferencesKey("experimental_download_wizard")
														
 
															+    val IGNORE_TLS_CERTIFICATE = booleanPreferencesKey("ignore_tls_certificate")
														
 
															 }
														
 
															 class PreferenceRepository(context: Context) {
														
@@ -57,6 +63,9 @@ class PreferenceRepository(context: Context) {
 
															     val experimentalDownloadWizardFlow: Flow<Boolean> =
														
 
															         dataStore.data.map { it[PreferenceKeys.EXPERIMENTAL_DOWNLOAD_WIZARD] ?: false }
														
 
															+    val ignoreTLSCertificateFlow: Flow<Boolean> =
														
 
															+        dataStore.data.map { it[PreferenceKeys.IGNORE_TLS_CERTIFICATE] ?: false }
														
 
															+
														
 
															     suspend fun <T> updatePreference(key: Preferences.Key<T>, value: T) {
														
 
															         dataStore.edit {
														
 
															             it[key] = value
														
--- a/app-common/src/main/res/values/strings.xml
+++ b/app-common/src/main/res/values/strings.xml
@@ -123,6 +123,8 @@
 
															     <string name="pref_developer">Developer Options</string>
														
 
															     <string name="pref_developer_experimental_download_wizard">Experimental Download Wizard</string>
														
 
															     <string name="pref_developer_experimental_download_wizard_desc">Enable the experimental new download wizard. Note that it is not fully working yet.</string>
														
 
															+    <string name="pref_developer_ignore_tls_certificate">Ignore SM-DP+ TLS certificate</string>
														
 
															+    <string name="pref_developer_ignore_tls_certificate_desc">Ignore SM-DP+ TLS certificate, allow any RSP</string>
														
 
															     <string name="pref_info">Info</string>
														
 
															     <string name="pref_info_app_version">App Version</string>
														
 
															     <string name="pref_info_source_code">Source Code</string>
														
--- a/app-common/src/main/res/xml/pref_settings.xml
+++ b/app-common/src/main/res/xml/pref_settings.xml
@@ -55,6 +55,12 @@
 
															             app:title="@string/pref_developer_experimental_download_wizard"
														
 
															             app:summary="@string/pref_developer_experimental_download_wizard_desc" />
														
 
															+        <CheckBoxPreference
														
 
															+            app:iconSpaceReserved="false"
														
 
															+            app:key="pref_developer_ignore_tls_certificate"
														
 
															+            app:summary="@string/pref_developer_ignore_tls_certificate_desc"
														
 
															+            app:title="@string/pref_developer_ignore_tls_certificate" />
														
 
															+
														
 
															     </PreferenceCategory>
														
 
															     <PreferenceCategory
														
--- a/app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt
+++ b/app/src/main/java/im/angry/openeuicc/core/PrivilegedEuiccChannelFactory.kt
@@ -35,7 +35,8 @@ class PrivilegedEuiccChannelFactory(context: Context) : DefaultEuiccChannelFacto
 
															                         tm,
														
 
															                         context.preferenceRepository.verboseLoggingFlow
														
 
															                     ),
														
 
															-                    context.preferenceRepository.verboseLoggingFlow
														
 
															+                    context.preferenceRepository.verboseLoggingFlow,
														
 
															+                    context.preferenceRepository.ignoreTLSCertificateFlow,
														
 
															                 )
														
 
															             } catch (e: IllegalArgumentException) {
														
 
															                 // Failed
														
--- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt
+++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/HttpInterfaceImpl.kt
@@ -9,10 +9,14 @@ import java.net.URL
 
															 import java.security.SecureRandom
														
 
															 import javax.net.ssl.HttpsURLConnection
														
 
															 import javax.net.ssl.SSLContext
														
 
															+import javax.net.ssl.SSLSocketFactory
														
 
															 import javax.net.ssl.TrustManager
														
 
															 import javax.net.ssl.TrustManagerFactory
														
 
															-class HttpInterfaceImpl(private val verboseLoggingFlow: Flow<Boolean>) : HttpInterface {
														
 
															+class HttpInterfaceImpl(
														
 
															+    private val verboseLoggingFlow: Flow<Boolean>,
														
 
															+    private val ignoreTLSCertificateFlow: Flow<Boolean>
														
 
															+) : HttpInterface {
														
 
															     companion object {
														
 
															         private const val TAG = "HttpInterfaceImpl"
														
 
															     }
														
@@ -36,9 +40,6 @@ class HttpInterfaceImpl(private val verboseLoggingFlow: Flow<Boolean>) : HttpInt
 
															         }
														
 
															         try {
														
 
															-            val sslContext = SSLContext.getInstance("TLS")
														
 
															-            sslContext.init(null, trustManagers, SecureRandom())
														
 
															-
														
 
															             val conn = parsedUrl.openConnection() as HttpsURLConnection
														
 
															             conn.connectTimeout = 2000
														
@@ -47,7 +48,7 @@ class HttpInterfaceImpl(private val verboseLoggingFlow: Flow<Boolean>) : HttpInt
 
															                 conn.readTimeout = 1000
														
 
															             }
														
 
															-            conn.sslSocketFactory = sslContext.socketFactory
														
 
															+            conn.sslSocketFactory = getSocketFactory()
														
 
															             conn.requestMethod = "POST"
														
 
															             conn.doInput = true
														
 
															             conn.doOutput = true
														
@@ -79,6 +80,18 @@ class HttpInterfaceImpl(private val verboseLoggingFlow: Flow<Boolean>) : HttpInt
 
															         }
														
 
															     }
														
 
															+    private fun getSocketFactory(): SSLSocketFactory {
														
 
															+        val trustManagers =
														
 
															+            if (runBlocking { ignoreTLSCertificateFlow.first() }) {
														
 
															+                arrayOf(IgnoreTLSCertificate())
														
 
															+            } else {
														
 
															+                this.trustManagers
														
 
															+            }
														
 
															+        val sslContext = SSLContext.getInstance("TLS")
														
 
															+        sslContext.init(null, trustManagers, SecureRandom())
														
 
															+        return sslContext.socketFactory
														
 
															+    }
														
 
															+
														
 
															     override fun usePublicKeyIds(pkids: Array<String>) {
														
 
															         val trustManagerFactory = TrustManagerFactory.getInstance("PKIX").apply {
														
 
															             init(keyIdToKeystore(pkids))
														
--- a/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/IgnoreTLSCertificate.kt
+++ b/libs/lpac-jni/src/main/java/net/typeblog/lpac_jni/impl/IgnoreTLSCertificate.kt
@@ -0,0 +1,22 @@
 
															+package net.typeblog.lpac_jni.impl
														
 
															+
														
 
															+import android.annotation.SuppressLint
														
 
															+import java.security.cert.X509Certificate
														
 
															+import javax.net.ssl.X509TrustManager
														
 
															+
														
 
															+@SuppressLint("CustomX509TrustManager")
														
 
															+class IgnoreTLSCertificate : X509TrustManager {
														
 
															+    @SuppressLint("TrustAllX509TrustManager")
														
 
															+    override fun checkClientTrusted(p0: Array<out X509Certificate>?, p1: String?) {
														
 
															+        return
														
 
															+    }
														
 
															+
														
 
															+    @SuppressLint("TrustAllX509TrustManager")
														
 
															+    override fun checkServerTrusted(p0: Array<out X509Certificate>?, p1: String?) {
														
 
															+        return
														
 
															+    }
														
 
															+
														
 
															+    override fun getAcceptedIssuers(): Array<X509Certificate> {
														
 
															+        return emptyArray()
														
 
															+    }
														
 
															+}