Skip to content

Add support for FritzBox 6690#66

Draft
kaklakariada wants to merge 7 commits intomainfrom
changes-manfred
Draft

Add support for FritzBox 6690#66
kaklakariada wants to merge 7 commits intomainfrom
changes-manfred

Conversation

@kaklakariada
Copy link
Copy Markdown
Owner

@kaklakariada kaklakariada commented Dec 31, 2024

Contributed by Manfred

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Dec 31, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
7.2% Coverage on New Code (required ≥ 80%)
11.0% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

github-advanced-security[bot]
github-advanced-security AI found potential problems Dec 31, 2024
View reviewed changes
Comment thread src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
final SSLContext sslContext1 = sslContext;
try {
sslContext1.init(keyManagers, trustManagers, secureRandom);
sslContext.init(keyManagers, trustManagers, secureRandom);

Check failure

Code scanning / CodeQL

`TrustManager` that accepts all certificates

This uses [TrustManager](1), which is defined in [NullTrustManager](2) and trusts any certificate.

Copilot Autofix

AI over 1 year ago

To fix the problem, we need to replace the NullTrustManager with a TrustManager that only trusts specific self-signed certificates. This involves creating a KeyStore containing the trusted certificates and initializing the TrustManagerFactory with this KeyStore. This way, only the specified certificates will be trusted, and the risk of a machine-in-the-middle attack is mitigated.

  1. Load the self-signed certificate into a KeyStore.
  2. Initialize a TrustManagerFactory with the KeyStore.
  3. Use the TrustManagerFactory to get the TrustManager array.
  4. Initialize the SSLContext with the TrustManager array.
Suggested changeset 1
src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java b/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
--- a/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
+++ b/src/main/java/com/github/kaklakariada/fritzbox/http/TrustSelfSignedCertificates.java
@@ -22,2 +22,7 @@
 import javax.net.ssl.*;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
@@ -42,3 +47,3 @@
         final KeyManager[] keyManagers = null;
-        final TrustManager[] trustManagers = new TrustManager[] { new NullTrustManager() };
+        final TrustManager[] trustManagers = getTrustManagers();
         final SecureRandom secureRandom = new SecureRandom();
@@ -57,2 +62,23 @@
         }
+    }
+    private static TrustManager[] getTrustManagers() {
+        try {
+            // Load the self-signed certificate
+            File certificateFile = new File("path/to/self-signed-certificate");
+            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keyStore.load(null, null);
+            X509Certificate generatedCertificate;
+            try (InputStream cert = new FileInputStream(certificateFile)) {
+                generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
+                        .generateCertificate(cert);
+            }
+            keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);
+
+            // Initialize TrustManagerFactory with the KeyStore
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(keyStore);
+            return tmf.getTrustManagers();
+        } catch (Exception e) {
+            throw new HttpException("Error initializing trust managers", e);
+        }
     }
EOF
@@ -22,2 +22,7 @@
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

@@ -42,3 +47,3 @@
final KeyManager[] keyManagers = null;
final TrustManager[] trustManagers = new TrustManager[] { new NullTrustManager() };
final TrustManager[] trustManagers = getTrustManagers();
final SecureRandom secureRandom = new SecureRandom();
@@ -57,2 +62,23 @@
}
}
private static TrustManager[] getTrustManagers() {
try {
// Load the self-signed certificate
File certificateFile = new File("path/to/self-signed-certificate");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
X509Certificate generatedCertificate;
try (InputStream cert = new FileInputStream(certificateFile)) {
generatedCertificate = (X509Certificate) CertificateFactory.getInstance("X509")
.generateCertificate(cert);
}
keyStore.setCertificateEntry(certificateFile.getName(), generatedCertificate);

// Initialize TrustManagerFactory with the KeyStore
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
return tmf.getTrustManagers();
} catch (Exception e) {
throw new HttpException("Error initializing trust managers", e);
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
@kaklakariada kaklakariada marked this pull request as draft January 4, 2025 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kaklakariada @github-advanced-security