Skip to content

Add support for FritzBox 6690 #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
kaklakariada wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Add support for FritzBox 6690 #66

kaklakariada wants to merge 7 commits into from

Conversation

@kaklakariada
Copy link
Owner

@kaklakariada kaklakariada commented Dec 31, 2024

Contributed by Manfred

@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 31, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
7.2% Coverage on New Code (required ≥ 80%)
11.0% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 31, 2024
View reviewed changes
src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
final SSLContext sslContext1 = sslContext;
try {
sslContext1.init(keyManagers, trustManagers, secureRandom);
sslContext.init(keyManagers, trustManagers, secureRandom);

Check failure

Code scanning / CodeQL

`TrustManager` that accepts all certificates High

This uses
TrustManager
Loading
, which is defined in
NullTrustManager
Loading
and trusts any certificate.

Copilot Autofix

AI 12 months ago

To fix the problem, we need to replace the NullTrustManager with a TrustManager that only trusts specific self-signed certificates. This involves creating a KeyStore containing the trusted certificates and initializing the TrustManagerFactory with this KeyStore. This way, only the specified certificates will be trusted, and the risk of a machine-in-the-middle attack is mitigated.

  1. Load the self-signed certificate into a KeyStore.
  2. Initialize a TrustManagerFactory with the KeyStore.
  3. Use the TrustManagerFactory to get the TrustManager array.
  4. Initialize the SSLContext with the TrustManager array.
Suggested changeset 1
src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java b/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
--- a/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
+++ b/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
@@ -22,2 +22,7 @@
 import javax.net.ssl.*;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
@@ -42,3 +47,3 @@
         final KeyManager[] keyManagers = null;
-        final TrustManager[] trustManagers = new TrustManager[] { new NullTrustManager() };
+        final TrustManager[] trustManagers = getTrustManagers();
         final SecureRandom secureRandom = new SecureRandom();
@@ -57,2 +62,23 @@
         }
+    }
+    private static TrustManager[] getTrustManagers() {
+        try {
+            // Load the self-signed certificate
+            File certificateFile = new File("path/to/self-signed-certificate");
+            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keyStore.load(null, null);
+            X509Certificate generatedCertificate;
+            try (InputStream cert = new FileInputStream(certificateFile)) {
+                generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
+                        .generateCertificate(cert);
+            }
+            keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
+
+            // Initialize TrustManagerFactory with the KeyStore
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+            return tmf.getTrustManagers();
+        } catch (Exception e) {
+            throw new HttpException("Error initializing trust managers", e);
+        }
     }
EOF
@@ -22,2 +22,7 @@
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

@@ -42,3 +47,3 @@
final KeyManager[] keyManagers = null;
final TrustManager[] trustManagers = new TrustManager[] { new NullTrustManager() };
final TrustManager[] trustManagers = getTrustManagers();
final SecureRandom secureRandom = new SecureRandom();
@@ -57,2 +62,23 @@
}
}
private static TrustManager[] getTrustManagers() {
try {
// Load the self-signed certificate
File certificateFile = new File("path/to/self-signed-certificate");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
X509Certificate generatedCertificate;
try (InputStream cert = new FileInputStream(certificateFile)) {
generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
.generateCertificate(cert);
}
keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);

// Initialize TrustManagerFactory with the KeyStore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
return tmf.getTrustManagers();
} catch (Exception e) {
throw new HttpException("Error initializing trust managers", e);
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
@kaklakariada kaklakariada marked this pull request as draft January 4, 2025 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kaklakariada