kadu/gotify-android-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify ssl settings initialization

Browse Source
This commit is contained in:
Niko Diamadis
2024-06-05 13:25:23 +02:00
parent 5b7aff0c23
commit 4fac47f3b1
2 changed files with 25 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/src/main/kotlin/com/github/gotify/GotifyApplication.kt
View File

@@ -33,9 +33,8 @@ class GotifyApplication : Application() {
val settings = Settings(this) val settings = Settings(this)
if (settings.legacyCert != null) { if (settings.legacyCert != null) {
Logger.info("Migrating legacy CA cert to new location") Logger.info("Migrating legacy CA cert to new location")
var legacyCert: String? = null
try { try {
legacyCert = settings.legacyCert val legacyCert = settings.legacyCert
settings.legacyCert = null settings.legacyCert = null
val caCertFile = File(settings.filesDir, CertUtils.CA_CERT_NAME) val caCertFile = File(settings.filesDir, CertUtils.CA_CERT_NAME)
FileOutputStream(caCertFile).use { FileOutputStream(caCertFile).use {

54
app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
View File

@@ -49,40 +49,33 @@ internal object CertUtils {
fun applySslSettings(builder: OkHttpClient.Builder, settings: SSLSettings) { fun applySslSettings(builder: OkHttpClient.Builder, settings: SSLSettings) {
// Modified from ApiClient.applySslSettings in the client package. // Modified from ApiClient.applySslSettings in the client package.
try { try {
var customManagers = false val trustManagers = mutableSetOf<TrustManager>()
var trustManagers: Array<TrustManager>? = null val keyManagers = mutableSetOf<KeyManager>()
var keyManagers: Array<KeyManager>? = null if (settings.validateSSL) {
if (settings.caCertPath != null) { // Custom SSL validation
val tempTrustManagers = certToTrustManager(settings.caCertPath) settings.caCertPath?.let { trustManagers.addAll(certToTrustManager(it)) }
if (tempTrustManagers.isNotEmpty()) { } else {
trustManagers = tempTrustManagers // Disable SSL validation
customManagers = true trustManagers.add(trustAll)
}
}
if (settings.clientCertPath != null) {
val tempKeyManagers = certToKeyManager(
settings.clientCertPath,
settings.clientCertPassword
)
if (tempKeyManagers.isNotEmpty()) {
keyManagers = tempKeyManagers
customManagers = true
}
}
if (!settings.validateSSL) {
trustManagers = arrayOf(trustAll)
builder.hostnameVerifier { _, _ -> true } builder.hostnameVerifier { _, _ -> true }
} }
if (customManagers || !settings.validateSSL) { settings.clientCertPath?.let {
val context = SSLContext.getInstance("TLS") keyManagers.addAll(certToKeyManager(it, settings.clientCertPassword))
context.init(keyManagers, trustManagers, SecureRandom()) }
if (trustManagers == null) { if (trustManagers.isNotEmpty() || keyManagers.isNotEmpty()) {
if (trustManagers.isEmpty()) {
// Fall back to system trust managers // Fall back to system trust managers
trustManagers = defaultSystemTrustManager() trustManagers.addAll(defaultSystemTrustManager())
} }
val context = SSLContext.getInstance("TLS")
context.init(
keyManagers.toTypedArray(),
trustManagers.toTypedArray(),
SecureRandom()
)
builder.sslSocketFactory( builder.sslSocketFactory(
context.socketFactory, context.socketFactory,
trustManagers[0] as X509TrustManager trustManagers.elementAt(0) as X509TrustManager
) )
} }
} catch (e: Exception) { } catch (e: Exception) {
@@ -114,8 +107,9 @@ internal object CertUtils {
require(certPassword != null) { "empty client certificate password" } require(certPassword != null) { "empty client certificate password" }
val keyStore = KeyStore.getInstance("PKCS12") val keyStore = KeyStore.getInstance("PKCS12")
val inputStream = FileInputStream(File(certPath)) FileInputStream(File(certPath)).use {
keyStore.load(inputStream, certPassword.toCharArray()) keyStore.load(it, certPassword.toCharArray())
}
val keyManagerFactory = val keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()) KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
keyManagerFactory.init(keyStore, certPassword.toCharArray()) keyManagerFactory.init(keyStore, certPassword.toCharArray())