Internal certificate validation

Trolldemorted · Trolldemorted · commit 437bcb6a3504 · 2018-06-20T21:14:45.000+02:00
diff --git a/libsignal-service-dotnet-tests/ConnectionTest.cs b/libsignal-service-dotnet-tests/ConnectionTest.cs
@@ -0,0 +1,32 @@
+﻿using libsignalservice;
+using libsignalservice.configuration;
+using libsignalservice.push.exceptions;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Threading;
+using System.Threading.Tasks;
+
+namespace libsignal_service_dotnet_tests
+{
+    [TestClass]
+    public class ConnectionTest
+    {
+        public static SignalServiceUrl[] ServiceUrls = new SignalServiceUrl[] { new SignalServiceUrl("https://textsecure-service.whispersystems.org") };
+        public static SignalServiceConfiguration ServiceConfiguration = new SignalServiceConfiguration(ServiceUrls, null);
+        public static string UserAgent = "libsignal-service-dotnet-tests";
+
+        [TestMethod]
+        public async Task TestConnection()
+        {
+            var cancelSource = new CancellationTokenSource();
+            var pushServiceSocket = new SignalServiceAccountManager(ServiceConfiguration, "A", "B", 1, UserAgent);
+            try
+            {
+                var turn = await pushServiceSocket.GetTurnServerInfo(cancelSource.Token);
+            }
+            catch (AuthorizationFailedException) { }
+        }
+    }
+}
diff --git a/libsignal-service-dotnet/push/PushServiceSocket.cs b/libsignal-service-dotnet/push/PushServiceSocket.cs
@@ -496,7 +496,7 @@ private async Task DownloadAttachment(CancellationToken token, string url, Strea
         {
             try
             {
-                HttpClient connection = new HttpClient();
+                HttpClient connection = Util.CreateHttpClient();
                 var headers = connection.DefaultRequestHeaders;
                 Debug.WriteLine("downloading " + url);
                 HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Get, url);
@@ -546,7 +546,7 @@ private async Task<byte[]> UploadAttachment(CancellationToken token, string meth
             };
             request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");
             request.Headers.ConnectionClose = true;
-            HttpClient client = new HttpClient();
+            HttpClient client = Util.CreateHttpClient();
             HttpResponseMessage response = await client.SendAsync(request, token);
             if (response.StatusCode != HttpStatusCode.OK)
             {
@@ -707,10 +707,7 @@ private async Task<string> MakeServiceRequestAsync(CancellationToken token, stri
             return responseBody;
         }
 
-        private bool Func(HttpRequestMessage a, X509Certificate2 b, X509Chain c, SslPolicyErrors d)
-        {
-            return true;
-        }
+
 
         private async Task<HttpResponseMessage> GetServiceConnectionAsync(CancellationToken token, string urlFragment, string method, string body)
         {
@@ -721,7 +718,7 @@ private async Task<HttpResponseMessage> GetServiceConnectionAsync(CancellationTo
                 string hostHeader = signalUrl.HostHeader;
                 Uri uri = new Uri(string.Format("{0}{1}", url, urlFragment));
                 Debug.WriteLine("{0}: Uri {1}", TAG, uri);
-                HttpClient connection = new HttpClient();
+                HttpClient connection = Util.CreateHttpClient();
 
                 var headers = connection.DefaultRequestHeaders;
 
@@ -794,6 +791,8 @@ private SignalUrl GetRandom(SignalUrl[] connections)
         {
             return connections[Util.generateRandomNumber() % connections.Length];
         }
+
+
     }
 
     internal class GcmRegistrationId
diff --git a/libsignal-service-dotnet/util/Util.cs b/libsignal-service-dotnet/util/Util.cs
@@ -1,6 +1,10 @@
 using System;
 using System.IO;
+using System.Linq;
+using System.Net.Http;
+using System.Net.Security;
 using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
 
 namespace libsignalservice.util
 {
@@ -168,6 +172,88 @@ public static long CurrentTimeMillis()
         {
             return (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).Ticks / TimeSpan.TicksPerMillisecond;
         }
+
+        public static HttpClient CreateHttpClient()
+        {
+            HttpClient client;
+            HttpClientHandler handler = new HttpClientHandler();
+            try
+            {
+                handler.ServerCertificateCustomValidationCallback = IsCorrectCertificate;
+                client = new HttpClient(handler);
+            }
+            catch (Exception)
+            {
+                client = new HttpClient();
+            }
+            return client;
+        }
+
+        private static bool IsCorrectCertificate(HttpRequestMessage a, X509Certificate2 b, X509Chain c, SslPolicyErrors d)
+        {
+            return b.RawData.SequenceEqual(Certificate);
+        }
+
+        private static readonly byte[] Certificate = new byte[] {
+            48, 130, 4, 22, 48, 130, 2, 254, 160, 3, 2, 1, 2, 2, 2, 16, 3,
+            48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 5, 5, 0, 48, 129,
+            141, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 19, 48,
+            17, 6, 3, 85, 4, 8, 12, 10, 67, 97, 108, 105, 102, 111, 114, 110,
+            105, 97, 49, 22, 48, 20, 6, 3, 85, 4, 7, 12, 13, 83, 97, 110, 32,
+            70, 114, 97, 110, 99, 105, 115, 99, 111, 49, 29, 48, 27, 6, 3, 85,
+            4, 10, 12, 20, 79, 112, 101, 110, 32, 87, 104, 105, 115, 112, 101,
+            114, 32, 83, 121, 115, 116, 101, 109, 115, 49, 29, 48, 27, 6, 3, 85,
+            4, 11, 12, 20, 79, 112, 101, 110, 32, 87, 104, 105, 115, 112, 101, 114,
+            32, 83, 121, 115, 116, 101, 109, 115, 49, 19, 48, 17, 6, 3, 85, 4, 3,
+            12, 10, 84, 101, 120, 116, 83, 101, 99, 117, 114, 101, 48, 30, 23,
+            13, 49, 51, 48, 52, 48, 55, 48, 48, 48, 48, 48, 48, 90, 23, 13, 50, 52,
+            48, 52, 48, 55, 48, 51, 51, 55, 52, 50, 90, 48, 129, 144, 49, 11, 48, 9, 6, 3,
+            85, 4, 6, 19, 2, 85, 83, 49, 19, 48, 17, 6, 3, 85, 4, 8, 12, 10, 67,
+            97, 108, 105, 102, 111, 114, 110, 105, 97, 49, 29, 48, 27, 6, 3, 85,
+            4, 10, 12, 20, 79, 112, 101, 110, 32, 87, 104, 105, 115, 112, 101, 114,
+            32, 83, 121, 115, 116, 101, 109, 115, 49, 29, 48, 27, 6, 3, 85, 4, 11,
+            12, 20, 79, 112, 101, 110, 32, 87, 104, 105, 115, 112, 101, 114, 32, 83,
+            121, 115, 116, 101, 109, 115, 49, 46, 48, 44, 6, 3, 85, 4, 3, 12, 37, 116,
+            101, 120, 116, 115, 101, 99, 117, 114, 101, 45, 115, 101, 114, 118, 105,
+            99, 101, 46, 119, 104, 105, 115, 112, 101, 114, 115, 121, 115, 116, 101,
+            109, 115, 46, 111, 114, 103, 48, 130, 1, 34, 48, 13, 6, 9, 42, 134, 72,
+            134, 247, 13, 1, 1, 1, 5, 0, 3, 130, 1, 15, 0, 48, 130, 1, 10, 2, 130, 1,
+            1, 0, 166, 79, 1, 0, 106, 219, 198, 236, 24, 67, 165, 135, 15, 246, 197,
+            4, 62, 43, 74, 237, 58, 210, 78, 249, 153, 122, 41, 209, 114, 84, 151, 200,
+            73, 140, 190, 124, 128, 166, 243, 203, 171, 62, 101, 241, 15, 224, 159, 176,
+            218, 190, 175, 137, 110, 102, 90, 206, 86, 130, 241, 121, 6, 34, 163, 181, 218,
+            198, 206, 52, 148, 172, 10, 226, 76, 209, 110, 137, 154, 157, 173, 156, 33, 110,
+            101, 10, 12, 204, 7, 242, 249, 222, 168, 184, 88, 222, 184, 35, 252, 154, 81, 82,
+            4, 142, 155, 24, 128, 150, 53, 245, 47, 41, 63, 188, 247, 158, 161, 20, 220, 142,
+            179, 199, 130, 28, 195, 172, 25, 111, 43, 161, 1, 213, 114, 169, 211, 150, 107,
+            96, 97, 125, 191, 50, 181, 158, 127, 195, 116, 2, 226, 194, 72, 105, 48, 222, 65,
+            232, 76, 91, 66, 187, 19, 92, 75, 48, 158, 111, 167, 96, 204, 168, 4, 59, 16, 206,
+            74, 204, 34, 6, 174, 183, 82, 149, 159, 172, 7, 52, 164, 127, 73, 131, 14, 49, 33,
+            192, 144, 106, 97, 112, 162, 222, 71, 49, 235, 121, 66, 78, 109, 116, 43, 81, 61,
+            154, 229, 216, 143, 238, 246, 245, 23, 172, 160, 43, 109, 57, 190, 165, 228, 42, 33,
+            24, 119, 156, 109, 7, 51, 159, 84, 118, 82, 51, 200, 105, 82, 191, 231, 113, 55, 73,
+            209, 244, 132, 140, 244, 93, 152, 160, 247, 153, 2, 3, 1, 0, 1, 163, 123, 48, 121,
+            48, 9, 6, 3, 85, 29, 19, 4, 2, 48, 0, 48, 44, 6, 9, 96, 134, 72, 1, 134, 248, 66, 1,
+            13, 4, 31, 22, 29, 79, 112, 101, 110, 83, 83, 76, 32, 71, 101, 110, 101, 114, 97, 116,
+            101, 100, 32, 67, 101, 114, 116, 105, 102, 105, 99, 97, 116, 101, 48, 29, 6, 3, 85,
+            29, 14, 4, 22, 4, 20, 7, 224, 19, 80, 129, 57, 15, 48, 24, 219, 92, 76, 198, 87, 228,
+            128, 221, 241, 229, 152, 48, 31, 6, 3, 85, 29, 35, 4, 24, 48, 22, 128, 20, 1, 139, 24,
+            241, 63, 251, 57, 25, 68, 110, 133, 134, 190, 148, 101, 50, 167, 50, 60, 144, 48, 13,
+            6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 5, 5, 0, 3, 130, 1, 1, 0, 178, 5, 80, 109, 199,
+            7, 199, 157, 127, 97, 232, 142, 78, 92, 88, 91, 249, 18, 133, 99, 136, 4, 71, 7, 40,
+            198, 171, 27, 87, 92, 17, 217, 243, 148, 39, 197, 154, 255, 155, 229, 174, 177, 21,
+            90, 18, 88, 222, 211, 47, 127, 104, 93, 185, 158, 199, 51, 174, 170, 188, 61, 0, 93,
+            223, 129, 97, 143, 146, 248, 83, 179, 59, 63, 14, 154, 183, 5, 7, 133, 230, 234, 174,
+            217, 5, 99, 245, 206, 186, 119, 37, 38, 213, 108, 67, 84, 83, 254, 58, 159, 54, 16,
+            81, 106, 160, 234, 75, 139, 231, 39, 251, 168, 237, 51, 213, 210, 155, 42, 52, 159,
+            150, 232, 123, 236, 147, 37, 194, 71, 109, 92, 163, 23, 10, 223, 209, 253, 157, 252,
+            100, 185, 6, 92, 165, 102, 155, 25, 106, 19, 209, 217, 49, 72, 117, 243, 46, 154, 42,
+            160, 235, 31, 41, 245, 142, 113, 202, 123, 213, 106, 96, 5, 149, 0, 164, 148, 79, 179,
+            205, 203, 91, 98, 57, 29, 184, 232, 149, 158, 85, 57, 230, 128, 13, 215, 213, 196, 117,
+            139, 212, 58, 231, 252, 240, 160, 71, 12, 227, 100, 64, 236, 179, 63, 1, 80, 103, 9,
+            46, 109, 132, 210, 108, 189, 76, 35, 44, 181, 11, 20, 190, 115, 195, 221, 220, 90, 81,
+            139, 39, 151, 230, 27, 91, 185, 127, 22, 186, 159, 55, 99, 185, 75, 250, 189, 227, 102,
+            114, 97, 21, 93, 117, 232 };
     }
 #pragma warning restore CS1591 // Missing XML comment for publicly visible type or member
 }

Original file line number	Diff line number	Diff line change
`@@ -496,7 +496,7 @@ private async Task DownloadAttachment(CancellationToken token, string url, Strea`
`496`	`496`	`{`
`497`	`497`	`try`
`498`	`498`	`{`
`499`		`- HttpClient connection = new HttpClient();`
	`499`	`+ HttpClient connection = Util.CreateHttpClient();`
`500`	`500`	`var headers = connection.DefaultRequestHeaders;`
`501`	`501`	`Debug.WriteLine("downloading " + url);`
`502`	`502`	`HttpRequestMessage req = new HttpRequestMessage(HttpMethod.Get, url);`
`@@ -546,7 +546,7 @@ private async Task<byte[]> UploadAttachment(CancellationToken token, string meth`
`546`	`546`	`};`
`547`	`547`	`request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/octet-stream");`
`548`	`548`	`request.Headers.ConnectionClose = true;`
`549`		`- HttpClient client = new HttpClient();`
	`549`	`+ HttpClient client = Util.CreateHttpClient();`
`550`	`550`	`HttpResponseMessage response = await client.SendAsync(request, token);`
`551`	`551`	`if (response.StatusCode != HttpStatusCode.OK)`
`552`	`552`	`{`
`@@ -707,10 +707,7 @@ private async Task<string> MakeServiceRequestAsync(CancellationToken token, stri`
`707`	`707`	`return responseBody;`
`708`	`708`	`}`
`709`	`709`
`710`		`- private bool Func(HttpRequestMessage a, X509Certificate2 b, X509Chain c, SslPolicyErrors d)`
`711`		`- {`
`712`		`- return true;`
`713`		`- }`
	`710`	`+`
`714`	`711`
`715`	`712`	`private async Task<HttpResponseMessage> GetServiceConnectionAsync(CancellationToken token, string urlFragment, string method, string body)`
`716`	`713`	`{`
`@@ -721,7 +718,7 @@ private async Task<HttpResponseMessage> GetServiceConnectionAsync(CancellationTo`
`721`	`718`	`string hostHeader = signalUrl.HostHeader;`
`722`	`719`	`Uri uri = new Uri(string.Format("{0}{1}", url, urlFragment));`
`723`	`720`	`Debug.WriteLine("{0}: Uri {1}", TAG, uri);`
`724`		`- HttpClient connection = new HttpClient();`
	`721`	`+ HttpClient connection = Util.CreateHttpClient();`
`725`	`722`
`726`	`723`	`var headers = connection.DefaultRequestHeaders;`
`727`	`724`
`@@ -794,6 +791,8 @@ private SignalUrl GetRandom(SignalUrl[] connections)`
`794`	`791`	`{`
`795`	`792`	`return connections[Util.generateRandomNumber() % connections.Length];`
`796`	`793`	`}`
	`794`	`+`
	`795`	`+`
`797`	`796`	`}`
`798`	`797`
`799`	`798`	`internal class GcmRegistrationId`