Merge remote-tracking branch 'upstream/master' into ios-networking-indicator

Author: 0verrfl0w

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## 2.0.0
+
+- Feature #103: implement HTTP SSL cert modes
+
+- :warning: **Breaking Change**: Removed AngularJS (v1) integration service
+- :warning: **Breaking Change**: Removed "enableSSLPinning" and "acceptAllCerts", use "setSSLCertMode" instead
+
 ## 1.11.1
 
 - Fixed #92: headers not deserialized on platform "browser"

README.md

@@ -41,19 +41,6 @@ This plugin registers a global object located at `cordova.plugin.http`.
 
 Check the [Ionic docs](https://ionicframework.com/docs/native/http/) for how to use this plugin with Ionic-native.
 
-### With AngularJS (Deprecated)
-
-:warning: *This feature is deprecated and will be removed anytime soon.* :warning:
-
-This plugin creates a cordovaHTTP service inside of a cordovaHTTP module.  You must load the module when you create your app's module.
-
-```js
-var app = angular.module('myApp', ['ngRoute', 'ngAnimate', 'cordovaHTTP']);
-```
-
-You can then inject the cordovaHTTP service into your controllers.  The functions can then be used identically to the examples shown below except that instead of accepting success and failure callback functions, each function returns a promise.  For more information on promises in AngularJS read the [AngularJS docs](http://docs.angularjs.org/api/ng/service/$q).  For more info on promises in general check out this article on [html5rocks](http://www.html5rocks.com/en/tutorials/es6/promises/).  Make sure that you load cordova.js or phonegap.js after AngularJS is loaded.
-
-
 ## Synchronous Functions
 
 ### getBasicAuthHeader
@@ -141,32 +128,46 @@ cordova.plugin.http.clearCookies();
 ## Asynchronous Functions
 These functions all take success and error callbacks as their last 2 arguments.
 
-### enableSSLPinning
-Enable or disable SSL pinning.  This defaults to false.
+### setSSLCertMode<a name="setSSLCertMode"></a>
+Set SSL Cert handling mode, being one of the following values:
+
+* `default`: default SSL cert handling using system's CA certs
+* `nocheck`: disable SSL cert checking, trusting all certs (meant to be used only for testing purposes)
+* `pinned`: trust only provided certs
 
 To use SSL pinning you must include at least one .cer SSL certificate in your app project.  You can pin to your server certificate or to one of the issuing CA certificates. For ios include your certificate in the root level of your bundle (just add the .cer file to your project/target at the root level).  For android include your certificate in your project's platforms/android/assets folder.  In both cases all .cer files found will be loaded automatically.  If you only have a .pem certificate see this [stackoverflow answer](http://stackoverflow.com/a/16583429/3182729).  You want to convert it to a DER encoded certificate with a .cer extension.
 
 As an alternative, you can store your .cer files in the www/certificates folder.
 
 ```js
-cordova.plugin.http.enableSSLPinning(true, function() {
+// enable SSL pinning
+cordova.plugin.http.setSSLCertMode('pinned', function() {
   console.log('success!');
 }, function() {
   console.log('error :(');
 });
-```
 
-### acceptAllCerts
-Accept all SSL certificates.  Or disable accepting all certificates.  This defaults to false.
+// use system's default CA certs
+cordova.plugin.http.setSSLCertMode('default', function() {
+  console.log('success!');
+}, function() {
+  console.log('error :(');
+});
 
-```js
-cordova.plugin.http.acceptAllCerts(true, function() {
+// disable SSL cert checking, only meant for testing purposes, do NOT use in production!
+cordova.plugin.http.setSSLCertMode('nocheck', function() {
   console.log('success!');
 }, function() {
   console.log('error :(');
 });
 ```
 
+### enableSSLPinning (obsolete)
+This function was removed in 2.0.0. Use ["setSSLCertMode"](#setSSLCertMode) to enable SSL pinning (mode "pinned").
+
+### acceptAllCerts (obsolete)
+This function was removed in 2.0.0. Use ["setSSLCertMode"](#setSSLCertMode) to disable checking certs (mode "nocheck").
+
 ### disableRedirect
 If set to `true`, it won't follow redirects automatically. This defaults to false.
 
@@ -178,8 +179,8 @@ cordova.plugin.http.disableRedirect(true, function() {
 });
 ```
 
-### validateDomainName
-This function was removed in v1.6.2. Domain name validation is disabled automatically when you enable "acceptAllCerts".
+### validateDomainName (obsolete)
+This function was removed in v1.6.2. Domain name validation is disabled automatically when you set SSL cert mode to "nocheck".
 
 ### removeCookies
 Remove all cookies associated with a given URL.

package.json

@@ -1,6 +1,6 @@
 {
   "name": "cordova-plugin-advanced-http",
-  "version": "1.11.1",
+  "version": "2.0.0",
   "description": "Cordova / Phonegap plugin for communicating with HTTP servers using SSL pinning",
   "scripts": {
     "buildbrowser": "./scripts/build-test-app.sh --browser",

plugin.xml

@@ -13,7 +13,6 @@
   <js-module src="www/messages.js" name="messages"/>
   <js-module src="www/local-storage-store.js" name="local-storage-store"/>
   <js-module src="www/cookie-handler.js" name="cookie-handler"/>
-  <js-module src="www/angular-integration.js" name="angular-integration"/>
   <js-module src="www/helpers.js" name="helpers"/>
   <js-module src="www/advanced-http.js" name="http">
     <clobbers target="cordova.plugin.http"/>
@@ -82,4 +81,4 @@
       <runs/>
     </js-module>
   </platform>
-</plugin>
+</plugin>

src/android/com/synconset/cordovahttp/CordovaHttpPlugin.java

@@ -86,25 +86,25 @@ else if (action.equals("delete")) {
             CordovaHttpHead head = new CordovaHttpHead(urlString, params, headers, timeoutInMilliseconds, callbackContext);
 
             cordova.getThreadPool().execute(head);
-        } else if (action.equals("enableSSLPinning")) {
-            try {
-                boolean enable = args.getBoolean(0);
-                this.enableSSLPinning(enable);
-                callbackContext.success();
-            } catch(Exception e) {
-                e.printStackTrace();
-                callbackContext.error("There was an error setting up ssl pinning");
-            }
-        } else if (action.equals("acceptAllCerts")) {
-            boolean accept = args.getBoolean(0);
+        } else if (action.equals("setSSLCertMode")) {
+            String mode = args.getString(0);
 
-            if (accept) {
-              HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_TRUSTALL);
-            } else {
-              HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
+            if (mode.equals("default")) {
+                HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
+                callbackContext.success();
+            } else if (mode.equals("nocheck")) {
+                HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_TRUSTALL);
+                callbackContext.success();
+            } else if (mode.equals("pinned")) {
+                try {
+                    this.loadSSLCerts();
+                    HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
+                    callbackContext.success();
+                } catch(Exception e) {
+                    e.printStackTrace();
+                    callbackContext.error("There was an error setting up ssl pinning");
+                }
             }
-
-            callbackContext.success();
         } else if (action.equals("uploadFile")) {
             String urlString = args.getString(0);
             Object params = args.get(1);
@@ -125,50 +125,44 @@ else if (action.equals("delete")) {
 
             cordova.getThreadPool().execute(download);
         } else if (action.equals("disableRedirect")) {
-           boolean disable = args.getBoolean(0);
-           CordovaHttp.disableRedirect(disable);
-           callbackContext.success();
+            boolean disable = args.getBoolean(0);
+            CordovaHttp.disableRedirect(disable);
+            callbackContext.success();
         } else {
             return false;
         }
         return true;
     }
 
-    private void enableSSLPinning(boolean enable) throws GeneralSecurityException, IOException {
-        if (enable) {
-            AssetManager assetManager = cordova.getActivity().getAssets();
-            String[] files = assetManager.list("");
-            int index;
-            ArrayList<String> cerFiles = new ArrayList<String>();
-            for (int i = 0; i < files.length; i++) {
-                index = files[i].lastIndexOf('.');
-                if (index != -1) {
-                    if (files[i].substring(index).equals(".cer")) {
-                        cerFiles.add(files[i]);
-                    }
-                }
-            }
-
-            // scan the www/certificates folder for .cer files as well
-            files = assetManager.list("www/certificates");
-            for (int i = 0; i < files.length; i++) {
-              index = files[i].lastIndexOf('.');
-              if (index != -1) {
+    private void loadSSLCerts() throws GeneralSecurityException, IOException {
+        AssetManager assetManager = cordova.getActivity().getAssets();
+        String[] files = assetManager.list("");
+        int index;
+        ArrayList<String> cerFiles = new ArrayList<String>();
+        for (int i = 0; i < files.length; i++) {
+            index = files[i].lastIndexOf('.');
+            if (index != -1) {
                 if (files[i].substring(index).equals(".cer")) {
-                  cerFiles.add("www/certificates/" + files[i]);
+                    cerFiles.add(files[i]);
                 }
-              }
             }
+        }
 
-            for (int i = 0; i < cerFiles.size(); i++) {
-                InputStream in = cordova.getActivity().getAssets().open(cerFiles.get(i));
-                InputStream caInput = new BufferedInputStream(in);
-                HttpRequest.addCert(caInput);
+        // scan the www/certificates folder for .cer files as well
+        files = assetManager.list("www/certificates");
+        for (int i = 0; i < files.length; i++) {
+          index = files[i].lastIndexOf('.');
+          if (index != -1) {
+            if (files[i].substring(index).equals(".cer")) {
+              cerFiles.add("www/certificates/" + files[i]);
             }
+          }
+        }
 
-            HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_PINNED);
-        } else {
-            HttpRequest.setSSLCertMode(HttpRequest.CERT_MODE_DEFAULT);
+        for (int i = 0; i < cerFiles.size(); i++) {
+            InputStream in = cordova.getActivity().getAssets().open(cerFiles.get(i));
+            InputStream caInput = new BufferedInputStream(in);
+            HttpRequest.addCert(caInput);
         }
     }
 }

src/ios/CordovaHttpPlugin.h

@@ -4,8 +4,7 @@
 
 @interface CordovaHttpPlugin : CDVPlugin
 
-- (void)enableSSLPinning:(CDVInvokedUrlCommand*)command;
-- (void)acceptAllCerts:(CDVInvokedUrlCommand*)command;
+- (void)setSSLCertMode:(CDVInvokedUrlCommand*)command;
 - (void)disableRedirect:(CDVInvokedUrlCommand*)command;
 - (void)post:(CDVInvokedUrlCommand*)command;
 - (void)get:(CDVInvokedUrlCommand*)command;

src/ios/CordovaHttpPlugin.m

@@ -121,23 +121,31 @@ - (NSMutableDictionary*)copyHeaderFields:(NSDictionary *)headerFields {
     return headerFieldsCopy;
 }
 
-- (void)setTimeout:(NSTimeInterval)timeout forManager:(AFHTTPSessionManager*)manager {
-    [manager.requestSerializer setTimeoutInterval:timeout];
-}
+- (void)setSSLCertMode:(CDVInvokedUrlCommand*)command {
+    NSString *certMode = [command.arguments objectAtIndex:0];
 
-- (void)enableSSLPinning:(CDVInvokedUrlCommand*)command {
-    bool enable = [[command.arguments objectAtIndex:0] boolValue];
-
-    if (enable) {
-        securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
-    } else {
+    if ([certMode isEqualToString: @"default"]) {
+        securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
+        securityPolicy.allowInvalidCertificates = NO;
+        securityPolicy.validatesDomainName = YES;
+    } else if ([certMode isEqualToString: @"nocheck"]) {
         securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
+        securityPolicy.allowInvalidCertificates = YES;
+        securityPolicy.validatesDomainName = NO;
+    } else if ([certMode isEqualToString: @"pinned"]) {
+        securityPolicy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeCertificate];
+        securityPolicy.allowInvalidCertificates = NO;
+        securityPolicy.validatesDomainName = YES;
     }
 
     CDVPluginResult* pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK];
     [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];
 }
 
+- (void)setTimeout:(NSTimeInterval)timeout forManager:(AFHTTPSessionManager*)manager {
+    [manager.requestSerializer setTimeoutInterval:timeout];
+}
+
 - (void)disableRedirect:(CDVInvokedUrlCommand*)command {
     CDVPluginResult* pluginResult = nil;
     bool disable = [[command.arguments objectAtIndex:0] boolValue];
@@ -148,17 +156,6 @@ - (void)disableRedirect:(CDVInvokedUrlCommand*)command {
     [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];
 }
 
-- (void)acceptAllCerts:(CDVInvokedUrlCommand*)command {
-    CDVPluginResult* pluginResult = nil;
-    bool allow = [[command.arguments objectAtIndex:0] boolValue];
-
-    securityPolicy.allowInvalidCertificates = allow;
-    securityPolicy.validatesDomainName = !allow;
-
-    pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK];
-    [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];
-}
-
 - (void)post:(CDVInvokedUrlCommand*)command {
     AFHTTPSessionManager *manager = [AFHTTPSessionManager manager];
     manager.securityPolicy = securityPolicy;