Package org.eblocker.server.http.service

Class AutoTrustAppService

java.lang.Object

org.eblocker.server.http.service.AutoTrustAppService

All Implemented Interfaces:

SquidWarningService.FailedConnectionsListener

public class AutoTrustAppService
extends Object
implements SquidWarningService.FailedConnectionsListener

Possible improvements: * Never whitelist a domain name for which a pattern blocker URL exists ____+ prevents whitelisting when a popular tracker URL leads to random connection errors ____- if the domain of a blocker URL is rather generic (i.e. amazon.com), ATA will never whitelist it ____? Check the logs how many whitelisting of tracker domains this could prevent * Immediately whitelist (after tracking check) for all cert related errors ___+ grep "Processing " /var/log/eblocker/eblocker-system.log* | grep -v "No error" | grep -v "reset by peer" | grep -v "Broken pipe" | cut -d "[" -f 5 | cut -d "]" -f 1 | sort | uniq ____+ faster whitelisting in case of certificate pinning ____+ Tracker check is still in place, so this does not affect handling of known evil domains ____+ Danger is adding ____+ (hopefully) no additional whitelisting of favorite websites as they don't produce these kinds of errors ____+ (hopefully) no additional whitelisting of tracking domains as they don't produce these kinds of errors and the tracking check would still happen

crtvd:27:X509_V_ERR_CERT_UNTRUSTED ssl:1:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate ssl:1:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown ssl:1:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca ssl:1:error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol ssl:6:error:00000000:lib(0):func(0):reason(0)

____- there seem to be cases where cert-related errors stem from browsing (e.g. datenschutz-zwecklos.de for benne). ____? Check in how many cases this would speed up whitelisting for certificate pinning ____? Check in how many cases this would put favorite websites on the list IN ADDITION

* * When recording successful SSL connections, also record the device ____+ Spotify seems to work fine on iOS but complains about dealer.spotify.com on macOS ____- Blows up the recoding of successful domains ____- Device A cannot benefit from the successful SSL connections on device B

* * Why does My own DTBL work even though it is enabled???

Constructor Summary

Constructors

Constructor	Description
AutoTrustAppService(SquidWarningService squidWarningService, AppModuleService appModuleService, DomainBlockingService domainBlockingService, DeviceService deviceService)

Method Summary

Modifier and Type	Method	Description
boolean	isAutoTrustAppEnabled()
void	onChange(List<FailedConnection> failedConnections)
void	onReset()
void	recordSuccessfulSSL(String domain)
void	setAutoTrustAppEnabled(boolean enabled)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AutoTrustAppService

@Inject
public AutoTrustAppService(SquidWarningService squidWarningService,
 AppModuleService appModuleService,
 DomainBlockingService domainBlockingService,
 DeviceService deviceService)

Method Details

onChange

public void onChange(List<FailedConnection> failedConnections)

Specified by:

onChange in interface SquidWarningService.FailedConnectionsListener

onReset

public void onReset()

Specified by:

onReset in interface SquidWarningService.FailedConnectionsListener

setAutoTrustAppEnabled

public void setAutoTrustAppEnabled(boolean enabled)

isAutoTrustAppEnabled

public boolean isAutoTrustAppEnabled()

recordSuccessfulSSL

public void recordSuccessfulSSL(String domain)