Implemented basics of multiple tunnel handling

Also implemented accepting all server certs as my subject server had an expired certificate. Signed-off-by: Balint Kovacs <blint@blint.hu>
2024-11-23 09:22:16 -05:00 · 2011-04-18 07:30:03 +02:00 · 2011-04-18 07:30:03 +02:00 · 4d724fb37d
commit 4d724fb37d
parent 9d44957132
4 changed files with 27 additions and 7 deletions
--- a/bin/SSLDroid.apk
+++ b/bin/SSLDroid.apk
--- a/bin/classes.dex
+++ b/bin/classes.dex
--- a/src/hu/blint/ssldroid/SSLDroid.java
+++ b/src/hu/blint/ssldroid/SSLDroid.java
@ -12,7 +12,7 @@ public class SSLDroid extends Service {

 	final String TAG = "SSLDroid";
 	public static final String PREFS_NAME = "MyPrefsFile";
-	TcpProxy tp;
+	TcpProxy tp[];

 	@Override
 	public void onCreate() {
@ -63,11 +63,14 @@ public class SSLDroid extends Service {

 		//createNotification("test", "This is a test of the emergency broadcast system");

-		tp = new TcpProxy();
+		tp = new TcpProxy[2];
 		try {
-			tp.serve(listenPort, targetHost, targetPort, keyFile, keyPass);
+			tp[0] = new TcpProxy();
+			tp[0].serve(listenPort, targetHost, targetPort, keyFile, keyPass);
+			tp[1] = new TcpProxy();
+			tp[1].serve(9998, "imaps.balabit.hu", 993, keyFile, keyPass);
 		} catch (Exception e) {
-			Log.d(TAG, "Error" + e.toString());
+			Log.d(TAG, "Error:" + e.toString());
 		}
 	}
 	
@ -84,7 +87,9 @@ public class SSLDroid extends Service {
 	@Override
 	public void onDestroy() {
 		try {
-			tp.stop();
+			for (TcpProxy proxy : tp) {
+	            proxy.stop();
+	        }
 			removeNotification(0);
 			Log.d(TAG, "SSLDroid Service Stopped");
 		} catch (Exception e) {
--- a/src/hu/blint/ssldroid/TcpProxyServerThread.java
+++ b/src/hu/blint/ssldroid/TcpProxyServerThread.java
@ -23,6 +23,8 @@ import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;

 import android.util.Log;

@ -53,7 +55,20 @@ public class TcpProxyServerThread extends Thread {
 		}
 	}*/
 	
-	
+	// Create a trust manager that does not validate certificate chains
+	TrustManager[] trustAllCerts = new TrustManager[]{
+	    new X509TrustManager() {
+	        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+	            return null;
+	        }
+	        public void checkClientTrusted(
+	            java.security.cert.X509Certificate[] certs, String authType) {
+	        }
+	        public void checkServerTrusted(
+	            java.security.cert.X509Certificate[] certs, String authType) {
+	        }
+	    }
+	};	
 	
 	private static SSLSocketFactory sslSocketFactory;

@ -66,7 +81,7 @@ public class TcpProxyServerThread extends Thread {
 				keyStore.load(new FileInputStream(pkcsFile), pwd.toCharArray());
 				keyManagerFactory.init(keyStore, pwd.toCharArray());
 				SSLContext context = SSLContext.getInstance("TLS");
-				context.init(keyManagerFactory.getKeyManagers(), null,
+				context.init(keyManagerFactory.getKeyManagers(), trustAllCerts,
 						new SecureRandom());
 				sslSocketFactory = (SSLSocketFactory) context.getSocketFactory();