From 3a523b84532c1f3ed1ee0e8bc798084f40f8ab5c Mon Sep 17 00:00:00 2001
From: "kiber.io" <git@kiber.io>
Date: Tue, 19 Mar 2024 15:02:27 +0300
Subject: [PATCH] Support X509ExtendedTrustManager for sdk >= 24

---
 app/src/main/java/just/trust/me/Main.java | 59 +++++++++++++++++++++--
 1 file changed, 55 insertions(+), 4 deletions(-)

diff --git a/app/src/main/java/just/trust/me/Main.java b/app/src/main/java/just/trust/me/Main.java
index 749b6eb..d44cd01 100644
--- a/app/src/main/java/just/trust/me/Main.java
+++ b/app/src/main/java/just/trust/me/Main.java
@@ -1,9 +1,12 @@
 package just.trust.me;
 
+import android.annotation.TargetApi;
 import android.content.Context;
 import android.net.http.SslError;
 import android.net.http.X509TrustManagerExtensions;
+import android.os.Build;
 import android.util.Log;
+import android.util.Pair;
 import android.webkit.SslErrorHandler;
 import android.webkit.WebView;
 
@@ -35,9 +38,11 @@
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509ExtendedTrustManager;
 import javax.net.ssl.X509TrustManager;
 
 import de.robv.android.xposed.IXposedHookLoadPackage;
@@ -138,7 +143,7 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                                 keymanagers = (KeyManager[]) callStaticMethod(SSLSocketFactory.class, "createKeyManagers", keystore, keystorePassword);
                             }
 
-                            trustmanagers = new TrustManager[]{new ImSureItsLegitTrustManager()};
+                            trustmanagers = new TrustManager[]{getTrustManager()};
 
                             setObjectField(param.thisObject, "sslcontext", SSLContext.getInstance(algorithm));
                             callMethod(getObjectField(param.thisObject, "sslcontext"), "init", keymanagers, trustmanagers, random);
@@ -183,7 +188,7 @@ protected void afterHookedMethod(MethodHookParam param) throws Throwable {
                         return;
                 }
 
-                param.setResult(new TrustManager[]{new ImSureItsLegitTrustManager()});
+                param.setResult(new TrustManager[]{getTrustManager()});
             }
         });
 
@@ -232,7 +237,7 @@ protected Object replaceHookedMethod(MethodHookParam param) throws Throwable {
             protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
 
                 param.args[0] = null;
-                param.args[1] = new TrustManager[]{new ImSureItsLegitTrustManager()};
+                param.args[1] = new TrustManager[]{getTrustManager()};
                 param.args[2] = null;
 
             }
@@ -345,7 +350,7 @@ public boolean hasDefaultHTTPClient() {
     private javax.net.ssl.SSLSocketFactory getEmptySSLFactory() {
         try {
             SSLContext sslContext = SSLContext.getInstance("TLS");
-            sslContext.init(null, new TrustManager[]{new ImSureItsLegitTrustManager()}, null);
+            sslContext.init(null, new TrustManager[]{getTrustManager()}, null);
             return sslContext.getSocketFactory();
         } catch (NoSuchAlgorithmException | KeyManagementException e) {
             return null;
@@ -566,6 +571,44 @@ void processHttpClientAndroidLib(ClassLoader classLoader) {
         }
     }
 
+    @TargetApi(Build.VERSION_CODES.N)
+    private class ImSureItsLegitExtendedTrustManager extends X509ExtendedTrustManager {
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[0];
+        }
+    }
+
     private class ImSureItsLegitTrustManager implements X509TrustManager {
         @Override
         public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
@@ -586,6 +629,14 @@ public X509Certificate[] getAcceptedIssuers() {
         }
     }
 
+    private X509TrustManager getTrustManager() {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+            return new ImSureItsLegitExtendedTrustManager();
+        } else {
+            return new ImSureItsLegitTrustManager();
+        }
+    }
+
     private class ImSureItsLegitHostnameVerifier implements HostnameVerifier {
 
         @Override