From 0512c283e87e60db5e75ee079e3497eeb8799ff6 Mon Sep 17 00:00:00 2001 From: Jayesh Nirve Date: Sat, 18 Jun 2022 01:47:41 +0530 Subject: [PATCH] fix: pass isrg cert to http client --- lib/config/isrg_x1.dart | 32 ++++++++++++++++++ lib/utils/client_manager.dart | 55 +++++++++++++++++-------------- lib/utils/custom_http_client.dart | 30 +++++++++++++++++ lib/widgets/matrix.dart | 2 +- pubspec.lock | 4 +-- 5 files changed, 95 insertions(+), 28 deletions(-) create mode 100644 lib/config/isrg_x1.dart create mode 100644 lib/utils/custom_http_client.dart diff --git a/lib/config/isrg_x1.dart b/lib/config/isrg_x1.dart new file mode 100644 index 00000000..6a6d0ac2 --- /dev/null +++ b/lib/config/isrg_x1.dart @@ -0,0 +1,32 @@ +// ignore: constant_identifier_names +const String ISRG_X1 = """-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE-----"""; diff --git a/lib/utils/client_manager.dart b/lib/utils/client_manager.dart index 44047d9a..a042e6ee 100644 --- a/lib/utils/client_manager.dart +++ b/lib/utils/client_manager.dart @@ -7,6 +7,7 @@ import 'package:matrix/encryption/utils/key_verification.dart'; import 'package:matrix/matrix.dart'; import 'package:path_provider/path_provider.dart'; +import 'package:fluffychat/utils/custom_http_client.dart'; import 'package:fluffychat/utils/custom_image_resizer.dart'; import 'package:fluffychat/utils/matrix_sdk_extensions.dart/flutter_hive_collections_database.dart'; import 'package:fluffychat/utils/platform_infos.dart'; @@ -82,29 +83,33 @@ abstract class ClientManager { await Store().setItem(clientNamespace, jsonEncode(clientNamesList)); } - static Client createClient(String clientName) => Client( - clientName, - verificationMethods: { - KeyVerificationMethod.numbers, - if (kIsWeb || PlatformInfos.isMobile || PlatformInfos.isLinux) - KeyVerificationMethod.emoji, - }, - importantStateEvents: { - // To make room emotes work - 'im.ponies.room_emotes', - // To check which story room we can post in - EventTypes.RoomPowerLevels, - }, - databaseBuilder: FlutterHiveCollectionsDatabase.databaseBuilder, - legacyDatabaseBuilder: FlutterFluffyBoxDatabase.databaseBuilder, - supportedLoginTypes: { - AuthenticationTypes.password, - if (PlatformInfos.isMobile || - PlatformInfos.isWeb || - PlatformInfos.isMacOS) - AuthenticationTypes.sso - }, - compute: compute, - customImageResizer: PlatformInfos.isMobile ? customImageResizer : null, - ); + static Client createClient(String clientName) { + final _client = CustomHttpClient.createHTTPClient(); + return Client( + clientName, + httpClient: _client, + verificationMethods: { + KeyVerificationMethod.numbers, + if (kIsWeb || PlatformInfos.isMobile || PlatformInfos.isLinux) + KeyVerificationMethod.emoji, + }, + importantStateEvents: { + // To make room emotes work + 'im.ponies.room_emotes', + // To check which story room we can post in + EventTypes.RoomPowerLevels, + }, + databaseBuilder: FlutterHiveCollectionsDatabase.databaseBuilder, + legacyDatabaseBuilder: FlutterFluffyBoxDatabase.databaseBuilder, + supportedLoginTypes: { + AuthenticationTypes.password, + if (PlatformInfos.isMobile || + PlatformInfos.isWeb || + PlatformInfos.isMacOS) + AuthenticationTypes.sso + }, + compute: compute, + customImageResizer: PlatformInfos.isMobile ? customImageResizer : null, + ); + } } diff --git a/lib/utils/custom_http_client.dart b/lib/utils/custom_http_client.dart new file mode 100644 index 00000000..479e5edb --- /dev/null +++ b/lib/utils/custom_http_client.dart @@ -0,0 +1,30 @@ +import 'dart:convert'; +import 'dart:io'; + +import 'package:http/http.dart' as http; +import 'package:http/io_client.dart'; + +import 'package:fluffychat/config/isrg_x1.dart'; + +class CustomHttpClient { + static HttpClient customHttpClient(String? cert) { + final context = SecurityContext.defaultContext; + + try { + if (cert != null) { + final bytes = utf8.encode(cert); + context.setTrustedCertificatesBytes(bytes); + } + } on TlsException catch (e) { + if (e.osError != null && + e.osError!.message.contains('CERT_ALREADY_IN_HASH_TABLE')) { + } else { + rethrow; + } + } + + return HttpClient(context: context); + } + + static http.Client createHTTPClient() => IOClient(customHttpClient(ISRG_X1)); +} diff --git a/lib/widgets/matrix.dart b/lib/widgets/matrix.dart index 8be503d0..0d208bbb 100644 --- a/lib/widgets/matrix.dart +++ b/lib/widgets/matrix.dart @@ -519,7 +519,7 @@ class MatrixState extends State with WidgetsBindingObserver { onLoginStateChanged.values.map((s) => s.cancel()); onOwnPresence.values.map((s) => s.cancel()); onNotification.values.map((s) => s.cancel()); - + client.httpClient.close(); onFocusSub?.cancel(); onBlurSub?.cancel(); _backgroundPush?.onLogin?.cancel(); diff --git a/pubspec.lock b/pubspec.lock index 66fdbbbe..e5986b1b 100644 --- a/pubspec.lock +++ b/pubspec.lock @@ -939,7 +939,7 @@ packages: description: path: "." ref: null-safety - resolved-ref: "a3d4020911860ff091d90638ab708604b71d2c5a" + resolved-ref: a3d4020911860ff091d90638ab708604b71d2c5a url: "https://github.com/TheOneWithTheBraid/keyboard_shortcuts.git" source: git version: "0.1.4" @@ -1947,7 +1947,7 @@ packages: name: visibility_detector url: "https://pub.dartlang.org" source: hosted - version: "0.2.2" + version: "0.3.3" vm_service: dependency: transitive description: