2023-09-12 10:51:43 -04:00
|
|
|
import 'dart:io';
|
2025-02-20 00:57:32 +05:30
|
|
|
|
2024-04-30 21:36:40 -05:00
|
|
|
import 'package:immich_mobile/entities/store.entity.dart';
|
2023-09-12 10:51:43 -04:00
|
|
|
import 'package:logging/logging.dart';
|
|
|
|
|
|
|
|
class HttpSSLCertOverride extends HttpOverrides {
|
2024-07-26 14:59:02 +01:00
|
|
|
static final Logger _log = Logger("HttpSSLCertOverride");
|
2025-05-08 15:45:11 +02:00
|
|
|
final bool _allowSelfSignedSSLCert;
|
|
|
|
final String? _serverHost;
|
2024-07-26 14:59:02 +01:00
|
|
|
final SSLClientCertStoreVal? _clientCert;
|
|
|
|
late final SecurityContext? _ctxWithCert;
|
|
|
|
|
2025-05-08 15:45:11 +02:00
|
|
|
HttpSSLCertOverride(
|
|
|
|
this._allowSelfSignedSSLCert,
|
|
|
|
this._serverHost,
|
|
|
|
this._clientCert,
|
|
|
|
) {
|
2024-07-26 14:59:02 +01:00
|
|
|
if (_clientCert != null) {
|
|
|
|
_ctxWithCert = SecurityContext(withTrustedRoots: true);
|
|
|
|
if (_ctxWithCert != null) {
|
|
|
|
setClientCert(_ctxWithCert, _clientCert);
|
|
|
|
} else {
|
|
|
|
_log.severe("Failed to create security context with client cert!");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
_ctxWithCert = null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool setClientCert(SecurityContext ctx, SSLClientCertStoreVal cert) {
|
|
|
|
try {
|
|
|
|
_log.info("Setting client certificate");
|
|
|
|
ctx.usePrivateKeyBytes(cert.data, password: cert.password);
|
2024-07-28 17:32:53 -05:00
|
|
|
ctx.useCertificateChainBytes(cert.data, password: cert.password);
|
2024-07-26 14:59:02 +01:00
|
|
|
} catch (e) {
|
|
|
|
_log.severe("Failed to set SSL client cert: $e");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2023-09-12 10:51:43 -04:00
|
|
|
@override
|
|
|
|
HttpClient createHttpClient(SecurityContext? context) {
|
2024-07-26 14:59:02 +01:00
|
|
|
if (context != null) {
|
|
|
|
if (_clientCert != null) {
|
|
|
|
setClientCert(context, _clientCert);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
context = _ctxWithCert;
|
|
|
|
}
|
|
|
|
|
2023-09-12 10:51:43 -04:00
|
|
|
return super.createHttpClient(context)
|
|
|
|
..badCertificateCallback = (X509Certificate cert, String host, int port) {
|
2025-05-08 15:45:11 +02:00
|
|
|
if (_allowSelfSignedSSLCert) {
|
|
|
|
// Conduct server host checks if user is logged in to avoid making
|
|
|
|
// insecure SSL connections to services that are not the immich server.
|
|
|
|
if (_serverHost == null || _serverHost.contains(host)) {
|
|
|
|
return true;
|
|
|
|
}
|
2023-09-12 10:51:43 -04:00
|
|
|
}
|
2025-05-08 15:45:11 +02:00
|
|
|
_log.severe("Invalid SSL certificate for $host:$port");
|
|
|
|
return false;
|
2023-09-12 10:51:43 -04:00
|
|
|
};
|
|
|
|
}
|
|
|
|
}
|