mirror of
https://github.com/github/codeql.git
synced 2026-03-24 08:26:51 +01:00
22 lines
823 B
Java
22 lines
823 B
Java
class Bad extends WebViewClient {
|
|
// BAD: All certificates are trusted.
|
|
public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult
|
|
handler.proceed();
|
|
}
|
|
}
|
|
|
|
class Good extends WebViewClient {
|
|
PublicKey myPubKey = ...;
|
|
|
|
// GOOD: Only certificates signed by a certain public key are trusted.
|
|
public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { // $hasResult
|
|
try {
|
|
X509Certificate cert = error.getCertificate().getX509Certificate();
|
|
cert.verify(this.myPubKey);
|
|
handler.proceed();
|
|
}
|
|
catch (CertificateException|NoSuchAlgorithmException|InvalidKeyException|NoSuchProviderException|SignatureException e) {
|
|
handler.cancel();
|
|
}
|
|
}
|
|
} |