Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e19ae992 authored by Ricki Hirner's avatar Ricki Hirner
Browse files

Client certificates: fix occasional HTTP 400 errors

* don't catch and ignore exceptions when adding client certificates for authentication
* remove useless KeyStore usage
parent ef631657
Loading
Loading
Loading
Loading
+22 −29
Original line number Diff line number Diff line
@@ -118,6 +118,7 @@ class HttpClient private constructor(
                    Logger.log.log(Level.SEVERE, "Can't set proxy, ignoring", e)
                }

                // TODO don't instantiate CustomCertManager in .Builder (causes service leaks)
                customCertManager(CustomCertManager(context, true /*BuildConfig.customCertsUI*/,
                        !(settings.getBoolean(Settings.DISTRUST_SYSTEM_CERTIFICATES))))
            }
@@ -181,7 +182,6 @@ class HttpClient private constructor(

            var keyManager: KeyManager? = null
            certificateAlias?.let { alias ->
                try {
                val context = requireNotNull(context)

                // get provider certificate and private key
@@ -189,10 +189,6 @@ class HttpClient private constructor(
                val key = KeyChain.getPrivateKey(context, alias) ?: return@let
                logger.fine("Using provider certificate $alias for authentication (chain length: ${certs.size})")

                    // create Android KeyStore (performs key operations without revealing secret data to DAVx5)
                    val keyStore = KeyStore.getInstance("AndroidKeyStore")
                    keyStore.load(null)

                // create KeyManager
                keyManager = object : X509ExtendedKeyManager() {
                    override fun getServerAliases(p0: String?, p1: Array<out Principal>?): Array<String>? = null
@@ -214,9 +210,6 @@ class HttpClient private constructor(
                // HTTP/2 doesn't support client certificates (yet)
                // see https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-04
                orig.protocols(listOf(Protocol.HTTP_1_1))
                } catch (e: Exception) {
                    logger.log(Level.SEVERE, "Couldn't set up provider certificate authentication", e)
                }
            }

            val sslContext = SSLContext.getInstance("TLS")