kadu/gotify-android-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify ssl settings initialization

Browse Source
This commit is contained in:
Niko Diamadis
2024-06-05 13:25:23 +02:00
parent 5b7aff0c23
commit 4fac47f3b1
2 changed files with 25 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/src/main/kotlin/com/github/gotify/GotifyApplication.kt
View File

@@ -33,9 +33,8 @@ class GotifyApplication : Application() {
val settings = Settings(this)
if (settings.legacyCert != null) {
Logger.info("Migrating legacy CA cert to new location")
var legacyCert: String? = null
try {
legacyCert = settings.legacyCert
val legacyCert = settings.legacyCert
settings.legacyCert = null
val caCertFile = File(settings.filesDir, CertUtils.CA_CERT_NAME)
FileOutputStream(caCertFile).use {

56
app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
View File

@@ -49,40 +49,33 @@ internal object CertUtils {
fun applySslSettings(builder: OkHttpClient.Builder, settings: SSLSettings) {
// Modified from ApiClient.applySslSettings in the client package.
try {
var customManagers = false
var trustManagers: Array<TrustManager>? = null
var keyManagers: Array<KeyManager>? = null
if (settings.caCertPath != null) {
val tempTrustManagers = certToTrustManager(settings.caCertPath)
if (tempTrustManagers.isNotEmpty()) {
trustManagers = tempTrustManagers
customManagers = true
}
}
if (settings.clientCertPath != null) {
val tempKeyManagers = certToKeyManager(
settings.clientCertPath,
settings.clientCertPassword
)
if (tempKeyManagers.isNotEmpty()) {
keyManagers = tempKeyManagers
customManagers = true
}
}
if (!settings.validateSSL) {
trustManagers = arrayOf(trustAll)
val trustManagers = mutableSetOf<TrustManager>()
val keyManagers = mutableSetOf<KeyManager>()
if (settings.validateSSL) {
// Custom SSL validation
settings.caCertPath?.let { trustManagers.addAll(certToTrustManager(it)) }
} else {
// Disable SSL validation
trustManagers.add(trustAll)
builder.hostnameVerifier { _, _ -> true }
}
if (customManagers || !settings.validateSSL) {
val context = SSLContext.getInstance("TLS")
context.init(keyManagers, trustManagers, SecureRandom())
if (trustManagers == null) {
// Fall back to system trust managers
trustManagers = defaultSystemTrustManager()
settings.clientCertPath?.let {
keyManagers.addAll(certToKeyManager(it, settings.clientCertPassword))
}
if (trustManagers.isNotEmpty() || keyManagers.isNotEmpty()) {
if (trustManagers.isEmpty()) {
// Fall back to system trust managers
trustManagers.addAll(defaultSystemTrustManager())
}
val context = SSLContext.getInstance("TLS")
context.init(
keyManagers.toTypedArray(),
trustManagers.toTypedArray(),
SecureRandom()
)
builder.sslSocketFactory(
context.socketFactory,
trustManagers[0] as X509TrustManager
trustManagers.elementAt(0) as X509TrustManager
)
}
} catch (e: Exception) {
@@ -114,8 +107,9 @@ internal object CertUtils {
require(certPassword != null) { "empty client certificate password" }
val keyStore = KeyStore.getInstance("PKCS12")
val inputStream = FileInputStream(File(certPath))
keyStore.load(inputStream, certPassword.toCharArray())
FileInputStream(File(certPath)).use {
keyStore.load(it, certPassword.toCharArray())
}
val keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
keyManagerFactory.init(keyStore, certPassword.toCharArray())