Add support for client certificates

patzly · Sep 6, 2023 · a4e1b29 · a4e1b29
1 parent fbc6432
commit a4e1b29
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 9 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,6 @@
+[submodule "InteractiveKeyManager"]
+	path = InteractiveKeyManager
+	url = https://github.com/stephanritscher/InteractiveKeyManager
+[submodule "MemorizingTrustManager"]
+	path = MemorizingTrustManager
+	url = https://github.com/stephanritscher/MemorizingTrustManager.git
diff --git a/InteractiveKeyManager b/InteractiveKeyManager
diff --git a/MemorizingTrustManager b/MemorizingTrustManager
diff --git a/app/build.gradle b/app/build.gradle
@@ -38,7 +38,7 @@ android {
 
     defaultConfig {
         applicationId "xyz.zedler.patrick.grocy"
-        minSdk 21
+        minSdk 23
         targetSdk 34
         compileSdk 34
         versionCode 50
@@ -96,6 +96,11 @@ dependencies {
     implementation libs.webkit
     implementation libs.lifecycle.viewmodel.savedstate
     implementation libs.lifecycle.viewmodel.ktx
+
+    // Certificate and trust management
+    implementation project(':InteractiveKeyManager')
+    implementation project(':MemorizingTrustManager')
+
     // Navigation framework for easy navigation control using XML
     implementation libs.navigation.fragment
     implementation libs.navigation.ui
@@ -126,4 +131,4 @@ dependencies {
     // https://github.com/journeyapps/zxing-android-embedded#option-2-desugaring-advanced
     // prevents bug https://github.com/patzly/grocy-android/issues/425
     coreLibraryDesugaring libs.desugar
-}
+}
diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro
@@ -60,4 +60,7 @@
 # This was generated automatically by the Android Gradle plugin to hide warnings
 # Only has effected these pre-KitKat two compatibility classes
 -dontwarn com.android.org.conscrypt.SSLParametersImpl
--dontwarn org.apache.harmony.xnet.provider.jsse.SSLParametersImpl
+-dontwarn org.apache.harmony.xnet.provider.jsse.SSLParametersImpl
+
+# This is generated automatically by the Android Gradle plugin.
+-dontwarn lombok.NonNull
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -81,6 +81,14 @@
 
     </activity>
 
+    <!-- InteractiveKeyManager -->
+    <activity
+      android:name="de.ritscher.ssl.SelectKeyStoreActivity"
+      android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar"/>
+    <!-- MemorizingTrustManager -->
+    <activity android:name="de.duenndns.ssl.MemorizingActivity"
+      android:theme="@android:style/Theme.Holo.Light.Dialog.NoActionBar"/>
+
     <service
       android:name="androidx.appcompat.app.AppLocalesMetadataHolderService"
       android:enabled="false"
@@ -119,4 +127,4 @@
 
   </application>
 
-</manifest>
+</manifest>
diff --git a/app/src/main/java/xyz/zedler/patrick/grocy/web/RequestQueueSingleton.java b/app/src/main/java/xyz/zedler/patrick/grocy/web/RequestQueueSingleton.java
@@ -28,14 +28,22 @@
 import com.android.volley.toolbox.BasicNetwork;
 import com.android.volley.toolbox.DiskBasedCache;
 import com.android.volley.toolbox.HurlStack;
+
+import de.duenndns.ssl.MemorizingTrustManager;
+import de.ritscher.ssl.InteractiveKeyManager;
 import java.io.IOException;
 import java.net.InetAddress;
 import java.net.Socket;
 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
 import xyz.zedler.patrick.grocy.Constants.SETTINGS.NETWORK;
 import xyz.zedler.patrick.grocy.Constants.SETTINGS_DEFAULT;
 
@@ -78,7 +86,7 @@ public void newRequestQueue() {
       stack = new ProxyHurlStack(sharedPrefs, useTor);
     } else {
       try {
-        stack = new HurlStack(null, new TLSSocketFactory());
+        stack = new HurlStack(null, new TLSSocketFactory(ctx));
       } catch (NoSuchAlgorithmException | KeyManagementException e) {
         stack = new HurlStack();
       }
@@ -92,9 +100,11 @@ private static class TLSSocketFactory extends SSLSocketFactory {
 
     private final SSLSocketFactory internalSSLSocketFactory;
 
-    public TLSSocketFactory() throws KeyManagementException, NoSuchAlgorithmException {
+    public TLSSocketFactory(Context ctx) throws KeyManagementException, NoSuchAlgorithmException {
       SSLContext context = SSLContext.getInstance("TLS");
-      context.init(null, null, null);
+      KeyManager keyManager = new InteractiveKeyManager(ctx.getApplicationContext());
+      TrustManager mtm = new MemorizingTrustManager(ctx);
+      context.init(new KeyManager[]{keyManager}, new TrustManager[]{mtm}, new SecureRandom());
       internalSSLSocketFactory = context.getSocketFactory();
     }
 

diff --git a/build.gradle b/build.gradle
@@ -21,4 +21,4 @@
 plugins {
     alias(libs.plugins.android.application) apply false
     alias(libs.plugins.navigation.safeargs) apply false
-}
+}
diff --git a/settings.gradle b/settings.gradle
@@ -35,4 +35,6 @@ dependencyResolutionManagement {
 }
 
 rootProject.name = "Grocy Android"
-include ':app'
+include ':app'
+include ':InteractiveKeyManager'
+include ':MemorizingTrustManager'