Disable SSL certificate verification for private apps

packages/app/src/app/duck.js

@@ -32,6 +32,7 @@ export const OPEN_PROCESS_MANAGER = 'browserX/app/OPEN_PROCESS_MANAGER';
 export const TOGGLE_PROMPT_DOWNLOAD = 'browserX/app/TOGGLE_PROMPT_DOWNLOAD';
 
 export const SET_APP_METADATA = 'browserX/app/SET_APP_METADATA';
+export const DISABLE_SSL_CERT_VERIFICATION = 'browserX/app/DISABLE_SSL_CERT_VERIFICATION';
 
 // Action creators
 export const ready = () => ({ type: READY });
@@ -133,6 +134,11 @@ export const setAppMetadata = (metadata) => {
   };
 };
 
+export const disableSslCertVerification = (partition) => ({
+  type: DISABLE_SSL_CERT_VERIFICATION,
+  partition,
+});
+
 // Reducer
 export default function app(state = new Map(), action) {
   switch (action.type) {

packages/app/src/app/sagas.js

@@ -36,7 +36,8 @@ import {
   setLoadingScreenVisibility,
   TOGGLE_PROMPT_DOWNLOAD,
   TOGGLE_KBD_SHORTCUTS,
-  TOGGLE_MAXIMIZE
+  TOGGLE_MAXIMIZE,
+  DISABLE_SSL_CERT_VERIFICATION,
 } from './duck';
 import { DELAY } from '../persistence/backend';
 import { getWindowCurrentTabId } from '../windows/get';
@@ -249,6 +250,10 @@ function* sagaHandleOpenProcessManager() {
   yield callService('processManager', 'open', undefined);
 }
 
+function* sagaDisableSslCertVerification({ partition }) {
+  yield callService('defaultSession', 'disableSslCertVerification', partition);
+}
+
 /**
  * Will load the app metadata in the state.
  */
@@ -275,6 +280,7 @@ export default function* main(bxApp) {
     takeEveryWitness(TOGGLE_KBD_SHORTCUTS, sagaToggleKbdShortcutsOverlay),
     takeEveryWitness(CHANGE_APP_FOCUS_STATE, onChangeAppFocusState),
     takeEveryWitness(OPEN_PROCESS_MANAGER, sagaHandleOpenProcessManager),
+    takeEveryWitness(DISABLE_SSL_CERT_VERIFICATION, sagaDisableSslCertVerification),
     // For dev purpose
     takeEveryWitness('STATION_MANUAL_ERR', sagaTriggerError)
   ]);

packages/app/src/applications/Application.tsx

@@ -7,7 +7,6 @@ import { GradientType, withGradient } from '@getstation/theme';
 import ElectronWebview from '../common/components/ElectronWebview';
 import * as classNames from 'classnames';
 import { clipboard } from 'electron';
-import * as remote from '@electron/remote';
 // @ts-ignore no declaration file
 import { fetchFavicon, setFetchFaviconTimeout } from '@getstation/fetch-favicon';
 import Maybe from 'graphql/tsutils/Maybe';
@@ -41,6 +40,8 @@ import {
 } from '../tab-webcontents/duck';
 import { getTabWebcontentsById, getWebcontentsAuthInfo, getWebcontentsAuthState } from '../tab-webcontents/selectors';
 import { updateLoadingState, updateTabBadge, updateTabFavicons, updateTabTitle, updateTabURL } from '../tabs/duck';
+// @ts-ignore no declaration file
+import { disableSslCertVerification } from '../app/duck';
 import { getTabId, getTabLoadingState } from '../tabs/get';
 import { StationTabImmutable } from '../tabs/types';
 import { RecursiveImmutableMap, StationState } from '../types';
@@ -51,6 +52,7 @@ import LazyWebview from './LazyWebview';
 import { withGetApplicationState } from './[email protected]';
 import { getApplicationDescription } from './selectors';
 import { ApplicationImmutable } from './types';
+// @ts-ignore no declaration file
 import { getForeFrontNavigationStateProperty } from './utils';
 
 type WebviewMethod = (webview: ElectronWebview) => void;
@@ -97,6 +99,7 @@ export interface OwnProps {
   loading: boolean,
   manifestURL: Maybe<string>,
   applicationId: string,
+  appstoreApplicationId: string,
 
   applicationName: Maybe<string>,
   applicationIcon: Maybe<string>,
@@ -142,6 +145,7 @@ export interface DispatchProps {
   onChooseAccount: Function,
   onApplicationRemoved: Function,
   updateResetAppModal: Function,
+  disableSslCertVerification: (partition: string) => any,
 }
 
 export interface ComputedProps {
@@ -388,12 +392,10 @@ class ApplicationImpl extends React.PureComponent {
       const webview = this.webView.view;
 
       webview.addEventListener('dom-ready', () => {
-        const webContents = remote.webContents.fromId(webview.getWebContentsId());
-
         webview.addEventListener('did-navigate-in-page', (e: any) => this.handleDidNavigateInPage(e));
         webview.addEventListener('did-navigate', (e: any) => this.handleDidNavigate(e));
         webview.addEventListener('ipc-message', (e: any) => this.handleIPCMessage(e));
-        this.props.onWebcontentsAttached(webContents.id);
+        this.props.onWebcontentsAttached(webview.getWebContentsId());
       });
     }
   }
@@ -403,14 +405,22 @@ class ApplicationImpl extends React.PureComponent {
     const useNativeWindowOpen = !this.props.notUseNativeWindowOpen;
     const tabUrl = tab.get('url', '');
     const {
-      applicationId, applicationName, applicationIcon, themeColor, manifestURL,
+      applicationId, applicationName, applicationIcon,
+      appstoreApplicationId, themeColor, manifestURL,
       askResetApplication, onChooseAccount,
       crashed, errorCode, errorDescription,
       canGoBack, themeGradient, email,
       promptBasicAuth, performBasicAuth, basicAuthInfo,
       useDefaultSession,
     } = this.props;
 
+    const partition = useDefaultSession ? '' : `persist:${applicationId}`;
+
+    // disable SSL check for private applications
+    if (!useDefaultSession && Number(appstoreApplicationId) > 1000000) {
+      this.props.disableSslCertVerification(partition);
+    }
+
     return (
       <div>
         <div
@@ -487,6 +497,7 @@ const Application = compose(
 
       return {
         manifestURL: application.manifestURL(),
+        appstoreApplicationId: application.appstoreApplicationId(),
         applicationId: data.variables.applicationId,
         applicationName: manifestData.name(),
         applicationIcon: manifestData.interpretedIconURL(),
@@ -549,6 +560,7 @@ const Application = compose(
           onChooseAccount: (identityId) => setConfigData(applicationId, { identityId }),
           onApplicationRemoved: uninstallApplication,
           updateResetAppModal: (appFocus) => updateUI('confirmResetApplicationModal', 'isVisible', appFocus),
+          disableSslCertVerification: disableSslCertVerification,
         },
         dispatch
       );

packages/app/src/services/services/session/interface.ts

@@ -13,4 +13,6 @@ export class SessionService extends ServiceBase implements RPC.Interface<Session
   getUserAgent(): Promise<string> {}
   // @ts-ignore
   getCookies(filter: Electron.CookiesGetFilter): Promise<Electron.Cookie[]> {}
+  // @ts-ignore
+  disableSslCertVerification(partition: string) : Promise<void> {}
 }

packages/app/src/services/services/session/main.ts

@@ -26,6 +26,13 @@ export class SessionServiceImpl extends SessionService implements RPC.Interface<
     return session.cookies.get(filter);
   }
 
+  async disableSslCertVerification(partition: string) : Promise<void> {
+    const session = Electron.session.fromPartition(partition);
+    session.setCertificateVerifyProc((_, callback) => {
+      callback(0);
+    });
+  }
+
   private async initSession(options?: SessionOptions): Promise<Electron.Session> {
     if (options && options.partition) {
       return Electron.session.fromPartition(options.partition);