Add self-signed trust for webview

2023-10-13 23:24:53 -07:00 · 2023-10-13 23:24:53 -07:00 · 69c2e482bc
parent b0c5927d9b
commit 69c2e482bc
3 changed files with 30 additions and 8 deletions
--- a/app/src/main/java/gallery/memories/MainActivity.kt
+++ b/app/src/main/java/gallery/memories/MainActivity.kt
@ -4,6 +4,7 @@ import android.annotation.SuppressLint
 import android.content.Intent
 import android.graphics.Color
 import android.net.Uri
+import android.net.http.SslError
 import android.os.Build
 import android.os.Bundle
 import android.util.Log
@ -11,6 +12,7 @@ import android.view.KeyEvent
 import android.view.View
 import android.view.WindowInsetsController
 import android.webkit.CookieManager
+import android.webkit.SslErrorHandler
 import android.webkit.WebResourceRequest
 import android.webkit.WebResourceResponse
 import android.webkit.WebView
@ -29,6 +31,7 @@ import androidx.media3.exoplayer.source.ProgressiveMediaSource
 import gallery.memories.databinding.ActivityMainBinding
 import java.util.concurrent.Executors

+
@UnstableApi
 class MainActivity : AppCompatActivity() {
    companion object {
@ -149,6 +152,19 @@ class MainActivity : AppCompatActivity() {
                    nativex.handleRequest(request)
                } else null
            }
+
+            override fun onReceivedSslError(
+                view: WebView?,
+                handler: SslErrorHandler?,
+                error: SslError?
+            ) {
+                if (nativex.http.isTrustingAllCertificates) {
+                    handler?.proceed()
+                } else {
+                    nativex.toast("Failed to load due to SSL error: ${error?.primaryError}", true)
+                    super.onReceivedSslError(view, handler, error)
+                }
+            }
        }

        // Pass through touch events
--- a/app/src/main/java/gallery/memories/service/AccountService.kt
+++ b/app/src/main/java/gallery/memories/service/AccountService.kt
@ -17,7 +17,6 @@ class AccountService(private val mCtx: MainActivity, private val mHttp: HttpServ
    }

    private val store = SecureStorage(mCtx)
-    private var mTrustAll = false

    /**
     * Make the first request to log in
@ -26,7 +25,6 @@ class AccountService(private val mCtx: MainActivity, private val mHttp: HttpServ
     */
    fun login(url: String, trustAll: Boolean) {
        try {
-            mTrustAll = trustAll
            mHttp.build(url, trustAll)

            val res = mHttp.getApiDescription()
@ -189,7 +187,7 @@ class AccountService(private val mCtx: MainActivity, private val mHttp: HttpServ
    fun storeCredentials(url: String, user: String, password: String) {
        store.saveCredentials(Credential(
            url = url,
-            trustAll = mTrustAll,
+            trustAll = mHttp.isTrustingAllCertificates,
            username = user,
            token = password,
        ))
--- a/app/src/main/java/gallery/memories/service/HttpService.kt
+++ b/app/src/main/java/gallery/memories/service/HttpService.kt
@ -25,7 +25,14 @@ class HttpService {

    private var client = OkHttpClient()
    private var authHeader: String? = null
-    private var baseUrl: String? = null
+    private var mBaseUrl: String? = null
+    private var mTrustAll = false
+
+    /**
+     * Check if all certificates are trusted
+     */
+    val isTrustingAllCertificates: Boolean
+        get() = mTrustAll

    /**
     * Check if the HTTP service is logged in
@ -40,7 +47,8 @@ class HttpService {
     * @param trustAll Whether to trust all certificates
     */
    fun build(url: String?, trustAll: Boolean) {
-        baseUrl = url
+        mBaseUrl = url
+        mTrustAll = trustAll
        client = if (trustAll) {
            val trustAllCerts = arrayOf<TrustManager>(
                object : X509TrustManager {
@ -97,8 +105,8 @@ class HttpService {
     */
    fun loadWebView(webView: WebView, subpath: String? = null): String? {
        // Load app interface if authenticated
-        if (authHeader != null && baseUrl != null) {
-            var url = baseUrl
+        if (authHeader != null && mBaseUrl != null) {
+            var url = mBaseUrl
            if (subpath != null) url += subpath

            // Get host name
@ -174,7 +182,7 @@ class HttpService {
    /** Build a GET request */
    private fun buildGet(path: String, auth: Boolean = true): Request {
        val builder = Request.Builder()
-            .url(baseUrl + path)
+            .url(mBaseUrl + path)
            .header("User-Agent", "Memories")
            .get()