Skip to content

Commit

Permalink
Simplify ssl settings initialization
Browse files Browse the repository at this point in the history
  • Loading branch information
@cyb3rko
cyb3rko committed Jun 5, 2024
1 parent 5b7aff0 commit 4fac47f
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 32 deletions.
3 changes: 1 addition & 2 deletions app/src/main/kotlin/com/github/gotify/GotifyApplication.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,8 @@ class GotifyApplication : Application() {
val settings = Settings(this)
if (settings.legacyCert != null) {
Logger.info("Migrating legacy CA cert to new location")
var legacyCert: String? = null
try {
legacyCert = settings.legacyCert
val legacyCert = settings.legacyCert
settings.legacyCert = null
val caCertFile = File(settings.filesDir, CertUtils.CA_CERT_NAME)
FileOutputStream(caCertFile).use {
Expand Down
54 changes: 24 additions & 30 deletions app/src/main/kotlin/com/github/gotify/api/CertUtils.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,40 +49,33 @@ internal object CertUtils {
fun applySslSettings(builder: OkHttpClient.Builder, settings: SSLSettings) {
// Modified from ApiClient.applySslSettings in the client package.
try {
var customManagers = false
var trustManagers: Array<TrustManager>? = null
var keyManagers: Array<KeyManager>? = null
if (settings.caCertPath != null) {
val tempTrustManagers = certToTrustManager(settings.caCertPath)
if (tempTrustManagers.isNotEmpty()) {
trustManagers = tempTrustManagers
customManagers = true
}
}
if (settings.clientCertPath != null) {
val tempKeyManagers = certToKeyManager(
settings.clientCertPath,
settings.clientCertPassword
)
if (tempKeyManagers.isNotEmpty()) {
keyManagers = tempKeyManagers
customManagers = true
}
}
if (!settings.validateSSL) {
trustManagers = arrayOf(trustAll)
val trustManagers = mutableSetOf<TrustManager>()
val keyManagers = mutableSetOf<KeyManager>()
if (settings.validateSSL) {
// Custom SSL validation
settings.caCertPath?.let { trustManagers.addAll(certToTrustManager(it)) }
} else {
// Disable SSL validation
trustManagers.add(trustAll)
builder.hostnameVerifier { _, _ -> true }
}
if (customManagers || !settings.validateSSL) {
val context = SSLContext.getInstance("TLS")
context.init(keyManagers, trustManagers, SecureRandom())
if (trustManagers == null) {
settings.clientCertPath?.let {
keyManagers.addAll(certToKeyManager(it, settings.clientCertPassword))
}
if (trustManagers.isNotEmpty() || keyManagers.isNotEmpty()) {
if (trustManagers.isEmpty()) {
// Fall back to system trust managers
trustManagers = defaultSystemTrustManager()
trustManagers.addAll(defaultSystemTrustManager())
}
val context = SSLContext.getInstance("TLS")
context.init(
keyManagers.toTypedArray(),
trustManagers.toTypedArray(),
SecureRandom()
)
builder.sslSocketFactory(
context.socketFactory,
trustManagers[0] as X509TrustManager
trustManagers.elementAt(0) as X509TrustManager
)
}
} catch (e: Exception) {
Expand Down Expand Up @@ -114,8 +107,9 @@ internal object CertUtils {
require(certPassword != null) { "empty client certificate password" }

val keyStore = KeyStore.getInstance("PKCS12")
val inputStream = FileInputStream(File(certPath))
keyStore.load(inputStream, certPassword.toCharArray())
FileInputStream(File(certPath)).use {
keyStore.load(it, certPassword.toCharArray())
}
val keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm())
keyManagerFactory.init(keyStore, certPassword.toCharArray())
Expand Down

0 comments on commit 4fac47f

Please sign in to comment.