Skip to content

Commit 4fac47f

Browse files
cyb3rkocyb3rko
committed
Simplify ssl settings initialization
1 parent 5b7aff0 commit 4fac47f

File tree

2 files changed

+25
-32
lines changed

2 files changed

+25
-32
lines changed

app/src/main/kotlin/com/github/gotify/GotifyApplication.kt

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,8 @@ class GotifyApplication : Application() {
3333
val settings = Settings(this)
3434
if (settings.legacyCert != null) {
3535
Logger.info("Migrating legacy CA cert to new location")
36-
var legacyCert: String? = null
3736
try {
38-
legacyCert = settings.legacyCert
37+
val legacyCert = settings.legacyCert
3938
settings.legacyCert = null
4039
val caCertFile = File(settings.filesDir, CertUtils.CA_CERT_NAME)
4140
FileOutputStream(caCertFile).use {

app/src/main/kotlin/com/github/gotify/api/CertUtils.kt

Lines changed: 24 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -49,40 +49,33 @@ internal object CertUtils {
4949
fun applySslSettings(builder: OkHttpClient.Builder, settings: SSLSettings) {
5050
// Modified from ApiClient.applySslSettings in the client package.
5151
try {
52-
var customManagers = false
53-
var trustManagers: Array<TrustManager>? = null
54-
var keyManagers: Array<KeyManager>? = null
55-
if (settings.caCertPath != null) {
56-
val tempTrustManagers = certToTrustManager(settings.caCertPath)
57-
if (tempTrustManagers.isNotEmpty()) {
58-
trustManagers = tempTrustManagers
59-
customManagers = true
60-
}
61-
}
62-
if (settings.clientCertPath != null) {
63-
val tempKeyManagers = certToKeyManager(
64-
settings.clientCertPath,
65-
settings.clientCertPassword
66-
)
67-
if (tempKeyManagers.isNotEmpty()) {
68-
keyManagers = tempKeyManagers
69-
customManagers = true
70-
}
71-
}
72-
if (!settings.validateSSL) {
73-
trustManagers = arrayOf(trustAll)
52+
val trustManagers = mutableSetOf<TrustManager>()
53+
val keyManagers = mutableSetOf<KeyManager>()
54+
if (settings.validateSSL) {
55+
// Custom SSL validation
56+
settings.caCertPath?.let { trustManagers.addAll(certToTrustManager(it)) }
57+
} else {
58+
// Disable SSL validation
59+
trustManagers.add(trustAll)
7460
builder.hostnameVerifier { _, _ -> true }
7561
}
76-
if (customManagers || !settings.validateSSL) {
77-
val context = SSLContext.getInstance("TLS")
78-
context.init(keyManagers, trustManagers, SecureRandom())
79-
if (trustManagers == null) {
62+
settings.clientCertPath?.let {
63+
keyManagers.addAll(certToKeyManager(it, settings.clientCertPassword))
64+
}
65+
if (trustManagers.isNotEmpty() || keyManagers.isNotEmpty()) {
66+
if (trustManagers.isEmpty()) {
8067
// Fall back to system trust managers
81-
trustManagers = defaultSystemTrustManager()
68+
trustManagers.addAll(defaultSystemTrustManager())
8269
}
70+
val context = SSLContext.getInstance("TLS")
71+
context.init(
72+
keyManagers.toTypedArray(),
73+
trustManagers.toTypedArray(),
74+
SecureRandom()
75+
)
8376
builder.sslSocketFactory(
8477
context.socketFactory,
85-
trustManagers[0] as X509TrustManager
78+
trustManagers.elementAt(0) as X509TrustManager
8679
)
8780
}
8881
} catch (e: Exception) {
@@ -114,8 +107,9 @@ internal object CertUtils {
114107
require(certPassword != null) { "empty client certificate password" }
115108

116109
val keyStore = KeyStore.getInstance("PKCS12")
117-
val inputStream = FileInputStream(File(certPath))
118-
keyStore.load(inputStream, certPassword.toCharArray())
110+
FileInputStream(File(certPath)).use {
111+
keyStore.load(it, certPassword.toCharArray())
112+
}
119113
val keyManagerFactory =
120114
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
121115
keyManagerFactory.init(keyStore, certPassword.toCharArray())

0 commit comments

Comments
 (0)