1111package at.bitfire.cert4android
1212
1313import android.annotation.SuppressLint
14- import kotlinx.coroutines.flow.StateFlow
1514import java.security.cert.CertificateException
1615import java.security.cert.X509Certificate
1716import java.util.logging.Logger
@@ -21,16 +20,13 @@ import javax.net.ssl.X509TrustManager
2120/* *
2221 * TrustManager to handle custom certificates.
2322 *
24- * @param trustSystemCerts whether system certificates will be trusted
25- * @param appInForeground - `true`: if needed, directly launches [TrustCertificateActivity] and shows notification (if possible)
26- * - `false`: if needed, shows notification (if possible)
27- * - `null`: non-interactive mode: does not show notification or launch activity
23+ * @param certStore certificate store with (un)trusted certificates
24+ * @param settings settings provider to get settings from
2825 */
2926@SuppressLint(" CustomX509TrustManager" )
3027class CustomCertManager @JvmOverloads constructor(
3128 private val certStore : CertStore ,
32- val trustSystemCerts : Boolean = true ,
33- var appInForeground : StateFlow <Boolean >?
29+ private val settings : SettingsProvider
3430): X509TrustManager {
3531
3632 private val logger
@@ -51,7 +47,13 @@ class CustomCertManager @JvmOverloads constructor(
5147 */
5248 @Throws(CertificateException ::class )
5349 override fun checkServerTrusted (chain : Array <X509Certificate >, authType : String ) {
54- if (! certStore.isTrusted(chain, authType, trustSystemCerts, appInForeground))
50+ if (! certStore.isTrusted(
51+ chain,
52+ authType,
53+ trustSystemCerts = settings.trustSystemCerts(),
54+ appInForeground = settings.appInForeground()
55+ )
56+ )
5557 throw CertificateException (" Certificate chain not trusted" )
5658 }
5759
@@ -75,7 +77,13 @@ class CustomCertManager @JvmOverloads constructor(
7577 // Allow users to explicitly accept certificates that have a bad hostname here
7678 (session.peerCertificates.firstOrNull() as ? X509Certificate )?.let { cert ->
7779 // Check without trusting system certificates so that the user will be asked even for system-trusted certificates
78- if (certStore.isTrusted(arrayOf(cert), " RSA" , false , appInForeground))
80+ if (certStore.isTrusted(
81+ arrayOf(cert),
82+ " RSA" ,
83+ trustSystemCerts = false ,
84+ appInForeground = settings.appInForeground()
85+ )
86+ )
7987 return true
8088 }
8189
0 commit comments