-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue #276 - Support for TLS client certificates #1048
Commits on Jan 10, 2024
-
Fully functional TLS client certificate implementation
This adds the new `AdvancedX509KeyManager`, which is used to select, manage, and apply a TLS client certificate to establish a secure connection to a server. It includes an interactive component to allow the user to select the client certificate from the device's store. The implementation is based on [`InteractiveKeyManager` by Stephan Ritscher](https://github.com/stephanritscher/InteractiveKeyManager) and was updated, modified, and integrated into the `nextcloud-android-library` by [Elv1zz](https://github.com/Elv1zz). Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e621f76 - Browse repository at this point
Copy the full SHA e621f76View commit details -
CR: Handling client cert errors in NextcloudClient
During code review it was found that HTTP status 400 was only handled in `WebviewClient` based connections, but most connections are using `NextcloudClient`. So if a connection error occurs, most likely because of an expired certificate, it would not be handled correctly, and we would go on trying to use the expired certificate. So now a asic error handling was added. However, so far I did not find a way to handle this kind of error in `OwnCloudClient` due to missing `Context`. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a5210d8 - Browse repository at this point
Copy the full SHA a5210d8View commit details -
CR: Handling HTTP error in OwnCloudClient
In case server returns an HTTP status code `400` (bad request), we remove the selected TLS client certificate for the corresponding host and port, since it might have expired or be rejected for another reason. For this, the `OwnCloudClient` constructor got an additional `Context` parameter and the class an additional field, since the `Context` is required to construct a new `AdvancedX509KeyManager`. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4a5901d - Browse repository at this point
Copy the full SHA 4a5901dView commit details -
Removing magic number in NextcloudClient
Instead of using the magic number `400` for the HTTP status code which causes us to drop the selected TLS client certificate, the corresponding named constant from `HttpStatus` is used. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dcb3cea - Browse repository at this point
Copy the full SHA dcb3ceaView commit details -
Some replacements of `InteractiveKeyManager` to `AdvancedX509KeyManager` were missed. This was now fixed. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 791c120 - Browse repository at this point
Copy the full SHA 791c120View commit details -
Fixing usage of removeKeys method and making it more robust
While testing the TLS client certificate implementation I found that most `port`/`getPort` implementations returned `-1` when there was no port defined explicitly in the URL (e.g. `https://localhost/` instead of `https://localhost:443/`). This would lead to keys not being correctly removed. To fix this and making the usage of `removeKeys` more robust and simple, the `removeKeys(host, port)` method was made private, and several overloads were added, which accept all ways of representing an URL found in Nextcloud (and one extra way, which is not used (so far) accepting an `java.net.URI`). They all boil down to a `java.net.URL` which also returns `-1` for an implicit port, but provides the `getDefaultPort` for that case, allowing to get the protocols default port. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b764597 - Browse repository at this point
Copy the full SHA b764597View commit details -
To send notifications, we need the corresponding permission, so we have to add it to the `AndroidManifest.xml`. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6114ed4 - Browse repository at this point
Copy the full SHA 6114ed4View commit details -
Check for POST_NOTIFICATIONS permission
Before sending a notification, check if the required permission is granted. If it's not granted, we cannot request it, since we do not have an Actvity as that's the only time we try to send notifications. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4dbea11 - Browse repository at this point
Copy the full SHA 4dbea11View commit details -
Fixing compilation error in unit tests
Forgot to update `NextcloudClient` creation to extended constructor signature, which also requires a `Context` instance. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a80b92c - Browse repository at this point
Copy the full SHA a80b92cView commit details -
Get application context from context
We try to get the application context from the `Context` instance passed to `AdvancedX509KeyManager`. This mainly fixed the `AbstractIT` instrumented test, but should make things more robust for future use. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ebffa49 - Browse repository at this point
Copy the full SHA ebffa49View commit details -
Added documentation to implementation of `ActivityLifecycleCallbacks` interface. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c19c24b - Browse repository at this point
Copy the full SHA c19c24bView commit details -
Codacy: One declaration per line
Use one line for each declaration, it enhances code readability. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 90b7812 - Browse repository at this point
Copy the full SHA 90b7812View commit details -
Codacy: Declare fields at the top of the class
Fields should be declared at the top of the class, before any method declarations, constructors, initializers or inner classes. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 66e0fc0 - Browse repository at this point
Copy the full SHA 66e0fc0View commit details -
Codacy: Try to reduce NPath complexity of method
The method 'matches(AKMAlias)' has an NPath complexity of 540, current threshold is 200. This is an attempt to reduce the method's complexity. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d70d00f - Browse repository at this point
Copy the full SHA d70d00fView commit details -
Codacy: Document empty method bodies
Added a brief documentation to empty method bodies which implement the `ActivityLifecycleCallbacks` interface. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c0f6ab8 - Browse repository at this point
Copy the full SHA c0f6ab8View commit details -
Fixing broken format string where `%` and `$` were mixed up. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a5f024c - Browse repository at this point
Copy the full SHA a5f024cView commit details -
AdvancedX509KeyManager extends X509ExtendedKeyManager
The `AdvancedX509ExtendedKeyManager` now extends the `X509ExtendedKeyManager`, since the documentation recommends to not directly implement the `X509KeyManager` interface, but always extend the `X509ExtendedKeyManager`. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e650a94 - Browse repository at this point
Copy the full SHA e650a94View commit details -
There is no need to keep track of the top most `Activity` anymore, since we can just use any `Context` to start a new `Activity`. So we do not have to implement the `ActivityLifecycleCallbacks` and can drop the expectation of specific `Context` implementations (`Service`, `Activity` or `Application`). Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 684fb13 - Browse repository at this point
Copy the full SHA 684fb13View commit details -
Lint issued some warnings, which were resolved now: - replaced `switch` statement with extended `switch` - explicitly typecasted variable could be replaced with pattern variable - added `<p>` to empty lines in Javadoc comment Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ee50b09 - Browse repository at this point
Copy the full SHA ee50b09View commit details -
By using the `class.getName()` instead of `class.getCanonicalName()` the `TAG` should not become `null`. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a392523 - Browse repository at this point
Copy the full SHA a392523View commit details -
Added unit test for AKMAlias.matches
Added an unit test for the `AKMAlias.matches` method before refactoring it. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6331c76 - Browse repository at this point
Copy the full SHA 6331c76View commit details -
Reduce NPath complexity of AKMAlias.matches
This should reduce NPath complexity of `AKMAlias.matches` method without changing its behavior. This was verified using the previously added unit test that should cover all relevant cases. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6b096b7 - Browse repository at this point
Copy the full SHA 6b096b7View commit details -
Codacy did not like my test in several points: - The function name may not have an underscore (`_`). - Magic number (`123`) should be replaced with a named constant. - File should end with a new line. Signed-off-by: Elv1zz <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 40cb798 - Browse repository at this point
Copy the full SHA 40cb798View commit details