From 0f2f99a98c975ef725ca2f9bf4add3266f4e8d77 Mon Sep 17 00:00:00 2001
From: Philipp Crocoll <philipp@crocoll.net>
Date: Tue, 22 Nov 2016 12:38:19 +0100
Subject: [PATCH] WebDavStorage: introduced possibility to accept validation
 errors

---
 .../javafilestorage/WebDavStorage.java        | 56 +++++++++++++++----
 1 file changed, 45 insertions(+), 11 deletions(-)

diff --git a/src/java/JavaFileStorage/app/src/main/java/keepass2android/javafilestorage/WebDavStorage.java b/src/java/JavaFileStorage/app/src/main/java/keepass2android/javafilestorage/WebDavStorage.java
index 7183aa47..6f07f0e0 100644
--- a/src/java/JavaFileStorage/app/src/main/java/keepass2android/javafilestorage/WebDavStorage.java
+++ b/src/java/JavaFileStorage/app/src/main/java/keepass2android/javafilestorage/WebDavStorage.java
@@ -13,24 +13,30 @@ import com.burgstaller.okhttp.basic.BasicAuthenticator;
 import com.burgstaller.okhttp.digest.CachingAuthenticator;
 import com.burgstaller.okhttp.digest.DigestAuthenticator;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.FileNotFoundException;
 import java.io.InputStream;
 import java.io.StringReader;
 import java.io.UnsupportedEncodingException;
 import java.net.URL;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
-import java.util.TimeZone;
 import java.util.concurrent.ConcurrentHashMap;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+import keepass2android.javafilestorage.webdav.DecoratedTrustManager;
 import keepass2android.javafilestorage.webdav.PropfindXmlParser;
 import keepass2android.javafilestorage.webdav.WebDavUtil;
 import okhttp3.MediaType;
@@ -41,6 +47,14 @@ import okhttp3.Response;
 
 public class WebDavStorage extends JavaFileStorageBase {
 
+    private final ICertificateErrorHandler mCertificateErrorHandler;
+
+    public WebDavStorage(ICertificateErrorHandler certificateErrorHandler)
+    {
+
+        mCertificateErrorHandler = certificateErrorHandler;
+    }
+
     public String buildFullPath(String url, String username, String password) throws UnsupportedEncodingException {
         String scheme = url.substring(0, url.indexOf("://"));
         url = url.substring(scheme.length() + 3);
@@ -104,7 +118,8 @@ public class WebDavStorage extends JavaFileStorageBase {
         }
     }
 
-    private OkHttpClient getClient(ConnectionInfo ci) {
+    private OkHttpClient getClient(ConnectionInfo ci) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException {
+
         OkHttpClient.Builder builder = new OkHttpClient.Builder();
         final Map<String, CachingAuthenticator> authCache = new ConcurrentHashMap<>();
 
@@ -117,10 +132,28 @@ public class WebDavStorage extends JavaFileStorageBase {
                 .with("digest", digestAuthenticator)
                 .with("basic", basicAuthenticator)
                 .build();
-        OkHttpClient client = builder
-                .authenticator(new CachingAuthenticatorDecorator(authenticator, authCache))
-                .addInterceptor(new AuthenticationCacheInterceptor(authCache))
-                .build();
+
+        builder = builder.authenticator(new CachingAuthenticatorDecorator(authenticator, authCache))
+                .addInterceptor(new AuthenticationCacheInterceptor(authCache));
+        if ((mCertificateErrorHandler != null) && (mCertificateErrorHandler.alwaysFailOnValidationError())) {
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
+                    TrustManagerFactory.getDefaultAlgorithm());
+            trustManagerFactory.init((KeyStore) null);
+            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
+                throw new IllegalStateException("Unexpected default trust managers:"
+                        + Arrays.toString(trustManagers));
+            }
+            X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
+            trustManager = new DecoratedTrustManager(trustManager, mCertificateErrorHandler);
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, new TrustManager[] { trustManager }, null);
+            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+
+            builder = builder.sslSocketFactory(sslSocketFactory, trustManager);
+        }
+
+        OkHttpClient client =  builder.build();
         return client;
     }
 
@@ -280,6 +313,7 @@ public class WebDavStorage extends JavaFileStorageBase {
         String username_enc = (userPwd.substring(0, userPwd.indexOf(":")));
         String password_enc = (userPwd.substring(userPwd.indexOf(":") + 1));
 
+
         String host = filename.substring(filename.indexOf('@')+1);
         int firstSlashPos = host.indexOf("/");
         if (firstSlashPos >= 0)