Client certificates: fix occasional HTTP 400 errors (e19ae992) · Commits · e / os / AccountManager

app/src/main/java/at/bitfire/davdroid/HttpClient.kt

+22 −29

Original line number	Diff line number	Diff line
		@@ -118,6 +118,7 @@ class HttpClient private constructor(
		Logger.log.log(Level.SEVERE, "Can't set proxy, ignoring", e)
		}

		// TODO don't instantiate CustomCertManager in .Builder (causes service leaks)
		customCertManager(CustomCertManager(context, true /BuildConfig.customCertsUI/,
		!(settings.getBoolean(Settings.DISTRUST_SYSTEM_CERTIFICATES))))
		}
		@@ -181,7 +182,6 @@ class HttpClient private constructor(

		var keyManager: KeyManager? = null
		certificateAlias?.let { alias ->
		try {
		val context = requireNotNull(context)

		// get provider certificate and private key
		@@ -189,10 +189,6 @@ class HttpClient private constructor(
		val key = KeyChain.getPrivateKey(context, alias) ?: return@let
		logger.fine("Using provider certificate $alias for authentication (chain length: ${certs.size})")

		// create Android KeyStore (performs key operations without revealing secret data to DAVx5)
		val keyStore = KeyStore.getInstance("AndroidKeyStore")
		keyStore.load(null)

		// create KeyManager
		keyManager = object : X509ExtendedKeyManager() {
		override fun getServerAliases(p0: String?, p1: Array<out Principal>?): Array<String>? = null
		@@ -214,9 +210,6 @@ class HttpClient private constructor(
		// HTTP/2 doesn't support client certificates (yet)
		// see https://tools.ietf.org/html/draft-ietf-httpbis-http2-secondary-certs-04
		orig.protocols(listOf(Protocol.HTTP_1_1))
		} catch (e: Exception) {
		logger.log(Level.SEVERE, "Couldn't set up provider certificate authentication", e)
		}
		}

		val sslContext = SSLContext.getInstance("TLS")