feat(mobile): Adding setting in mobile app to TLS client certificate ()

* feat(mobile): Adding setting in mobile app to import TLS client certificate and private key

* Formating dart source code to pass dart format test

* Adding missed required trailing commas to pass dart static analysis

* update lock file

* variable names

---------

Co-authored-by: Yun Jiang <yjiang@roku.com>
Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
This commit is contained in:
Yun Jiang 2024-07-26 14:59:02 +01:00 committed by GitHub
parent 62ac9bb7cd
commit ea5d6780f2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 321 additions and 16 deletions

View file

@ -4,12 +4,49 @@ import 'package:immich_mobile/entities/store.entity.dart';
import 'package:logging/logging.dart';
class HttpSSLCertOverride extends HttpOverrides {
static final Logger _log = Logger("HttpSSLCertOverride");
final SSLClientCertStoreVal? _clientCert;
late final SecurityContext? _ctxWithCert;
HttpSSLCertOverride() : _clientCert = SSLClientCertStoreVal.load() {
if (_clientCert != null) {
_ctxWithCert = SecurityContext(withTrustedRoots: true);
if (_ctxWithCert != null) {
setClientCert(_ctxWithCert, _clientCert);
} else {
_log.severe("Failed to create security context with client cert!");
}
} else {
_ctxWithCert = null;
}
}
static bool setClientCert(SecurityContext ctx, SSLClientCertStoreVal cert) {
try {
_log.info("Setting client certificate");
ctx.usePrivateKeyBytes(cert.data, password: cert.password);
if (!Platform.isIOS) {
ctx.useCertificateChainBytes(cert.data, password: cert.password);
}
} catch (e) {
_log.severe("Failed to set SSL client cert: $e");
return false;
}
return true;
}
@override
HttpClient createHttpClient(SecurityContext? context) {
if (context != null) {
if (_clientCert != null) {
setClientCert(context, _clientCert);
}
} else {
context = _ctxWithCert;
}
return super.createHttpClient(context)
..badCertificateCallback = (X509Certificate cert, String host, int port) {
var log = Logger("HttpSSLCertOverride");
AppSettingsEnum setting = AppSettingsEnum.allowSelfSignedSSLCert;
// Check if user has allowed self signed SSL certificates.
@ -28,7 +65,7 @@ class HttpSSLCertOverride extends HttpOverrides {
}
if (!selfSignedCertsAllowed) {
log.severe("Invalid SSL certificate for $host:$port");
_log.severe("Invalid SSL certificate for $host:$port");
}
return selfSignedCertsAllowed;