Add support for client certificates

patzly · Sep 1, 2023 · 79453ce · 79453ce
1 parent 957c7f1
commit 79453ce
Show file tree

Hide file tree

Showing 9 changed files with 40 additions and 9 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,6 @@
+[submodule "InteractiveKeyManager"]
+	path = InteractiveKeyManager
+	url = https://github.com/stephanritscher/InteractiveKeyManager
+[submodule "MemorizingTrustManager"]
+	path = MemorizingTrustManager
+	url = https://github.com/stephanritscher/MemorizingTrustManager.git
diff --git a/InteractiveKeyManager b/InteractiveKeyManager
diff --git a/MemorizingTrustManager b/MemorizingTrustManager
diff --git a/app/build.gradle b/app/build.gradle
@@ -38,7 +38,7 @@ android {
 
     defaultConfig {
         applicationId "xyz.zedler.patrick.grocy"
-        minSdk 21
+        minSdk 23
         targetSdk 34
         compileSdk 34
         versionCode 49
@@ -89,6 +89,8 @@ android {
 }
 
 dependencies {
+    implementation project(':InteractiveKeyManager')
+    implementation project(':MemorizingTrustManager')
     // Fix for Kotlin build error from some AndroidX dependencies
     implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.0") {
         because("kotlin-stdlib-jdk8 is now a part of kotlin-stdlib")
@@ -144,4 +146,4 @@ dependencies {
     // prevents bug https://github.com/patzly/grocy-android/issues/425
     //noinspection GradleDependency
     coreLibraryDesugaring 'com.android.tools:desugar_jdk_libs:2.0.3'
-}
+}
diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro
@@ -60,4 +60,7 @@
 # This was generated automatically by the Android Gradle plugin to hide warnings
 # Only has effected these pre-KitKat two compatibility classes
 -dontwarn com.android.org.conscrypt.SSLParametersImpl
--dontwarn org.apache.harmony.xnet.provider.jsse.SSLParametersImpl
+-dontwarn org.apache.harmony.xnet.provider.jsse.SSLParametersImpl
+
+# This is generated automatically by the Android Gradle plugin.
+-dontwarn lombok.NonNull
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -85,6 +85,14 @@
       android:theme="@style/Theme.Grocy.WebDialog">
     </activity>
 
+    <!-- InteractiveKeyManager -->
+    <activity
+      android:name="de.ritscher.ssl.SelectKeyStoreActivity"
+      android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar"/>
+    <!-- MemorizingTrustManager -->
+    <activity android:name="de.duenndns.ssl.MemorizingActivity"
+      android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar"/>
+
     <service
       android:name="androidx.appcompat.app.AppLocalesMetadataHolderService"
       android:enabled="false"

diff --git a/app/src/main/java/xyz/zedler/patrick/grocy/web/RequestQueueSingleton.java b/app/src/main/java/xyz/zedler/patrick/grocy/web/RequestQueueSingleton.java
@@ -28,14 +28,22 @@
 import com.android.volley.toolbox.BasicNetwork;
 import com.android.volley.toolbox.DiskBasedCache;
 import com.android.volley.toolbox.HurlStack;
+
+import de.duenndns.ssl.MemorizingTrustManager;
+import de.ritscher.ssl.InteractiveKeyManager;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
 import xyz.zedler.patrick.grocy.Constants.SETTINGS.NETWORK;
 import xyz.zedler.patrick.grocy.Constants.SETTINGS_DEFAULT;
 
@@ -78,7 +86,7 @@ public void newRequestQueue() {
       stack = new ProxyHurlStack(sharedPrefs, useTor);
     } else {
       try {
-        stack = new HurlStack(null, new TLSSocketFactory());
+        stack = new HurlStack(null, new TLSSocketFactory(ctx));
       } catch (NoSuchAlgorithmException | KeyManagementException e) {
         stack = new HurlStack();
       }
@@ -92,9 +100,11 @@ private static class TLSSocketFactory extends SSLSocketFactory {
 
     private final SSLSocketFactory internalSSLSocketFactory;
 
-    public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
+    public TLSSocketFactory(Context ctx) throws KeyManagementException, NoSuchAlgorithmException {
       SSLContext context = SSLContext.getInstance("TLS");
-      context.init(null, null, null);
+      KeyManager keyManager = new InteractiveKeyManager(ctx.getApplicationContext());
+      TrustManager mtm = new MemorizingTrustManager(ctx);
+      context.init(new KeyManager[]{keyManager}, new TrustManager[]{mtm}, new SecureRandom());
       internalSSLSocketFactory = context.getSocketFactory();
     }
 

diff --git a/build.gradle b/build.gradle
@@ -23,15 +23,13 @@ allprojects {
     repositories {
         google()
         mavenCentral()
-        maven { url "https://a8c-libs.s3.amazonaws.com/android" }
     }
 }
 
 buildscript {
     repositories {
         google()
         mavenCentral()
-        maven { url "https://a8c-libs.s3.amazonaws.com/android" }
     }
     dependencies {
         classpath 'com.android.tools.build:gradle:8.1.0'

diff --git a/settings.gradle b/settings.gradle
@@ -18,4 +18,6 @@
  */
 
 include ':app'
-rootProject.name = "Grocy Android"
+include ':InteractiveKeyManager'
+include ':MemorizingTrustManager'
+rootProject.name = "Grocy Android"