mirror of
https://github.com/immich-app/immich.git
synced 2025-07-09 09:12:57 +02:00
feat(mobile): Adding setting in mobile app to TLS client certificate (#10860)
* feat(mobile): Adding setting in mobile app to import TLS client certificate and private key * Formating dart source code to pass dart format test * Adding missed required trailing commas to pass dart static analysis * update lock file * variable names --------- Co-authored-by: Yun Jiang <yjiang@roku.com> Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
This commit is contained in:
parent
62ac9bb7cd
commit
ea5d6780f2
8 changed files with 321 additions and 16 deletions
mobile/lib/utils
|
@ -4,12 +4,49 @@ import 'package:immich_mobile/entities/store.entity.dart';
|
|||
import 'package:logging/logging.dart';
|
||||
|
||||
class HttpSSLCertOverride extends HttpOverrides {
|
||||
static final Logger _log = Logger("HttpSSLCertOverride");
|
||||
final SSLClientCertStoreVal? _clientCert;
|
||||
late final SecurityContext? _ctxWithCert;
|
||||
|
||||
HttpSSLCertOverride() : _clientCert = SSLClientCertStoreVal.load() {
|
||||
if (_clientCert != null) {
|
||||
_ctxWithCert = SecurityContext(withTrustedRoots: true);
|
||||
if (_ctxWithCert != null) {
|
||||
setClientCert(_ctxWithCert, _clientCert);
|
||||
} else {
|
||||
_log.severe("Failed to create security context with client cert!");
|
||||
}
|
||||
} else {
|
||||
_ctxWithCert = null;
|
||||
}
|
||||
}
|
||||
|
||||
static bool setClientCert(SecurityContext ctx, SSLClientCertStoreVal cert) {
|
||||
try {
|
||||
_log.info("Setting client certificate");
|
||||
ctx.usePrivateKeyBytes(cert.data, password: cert.password);
|
||||
if (!Platform.isIOS) {
|
||||
ctx.useCertificateChainBytes(cert.data, password: cert.password);
|
||||
}
|
||||
} catch (e) {
|
||||
_log.severe("Failed to set SSL client cert: $e");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@override
|
||||
HttpClient createHttpClient(SecurityContext? context) {
|
||||
if (context != null) {
|
||||
if (_clientCert != null) {
|
||||
setClientCert(context, _clientCert);
|
||||
}
|
||||
} else {
|
||||
context = _ctxWithCert;
|
||||
}
|
||||
|
||||
return super.createHttpClient(context)
|
||||
..badCertificateCallback = (X509Certificate cert, String host, int port) {
|
||||
var log = Logger("HttpSSLCertOverride");
|
||||
|
||||
AppSettingsEnum setting = AppSettingsEnum.allowSelfSignedSSLCert;
|
||||
|
||||
// Check if user has allowed self signed SSL certificates.
|
||||
|
@ -28,7 +65,7 @@ class HttpSSLCertOverride extends HttpOverrides {
|
|||
}
|
||||
|
||||
if (!selfSignedCertsAllowed) {
|
||||
log.severe("Invalid SSL certificate for $host:$port");
|
||||
_log.severe("Invalid SSL certificate for $host:$port");
|
||||
}
|
||||
|
||||
return selfSignedCertsAllowed;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue