Allow to configure certificates when using HTTP protocol, in case of HTTPS redirection (#284)

CHANGELOG.md

@@ -1,6 +1,9 @@
 # Changelog
 
 ## [Unreleased]
+### Changed
+- Custom TLS certificates can now be configured without enabling HTTPS, to support HTTP to HTTPS redirection
+
 ### Removed
 - Support of Android versions prior to 8.0
 

app/src/main/kotlin/org/equeim/tremotesf/ui/connectionsettingsfragment/ServerEditFragment.kt

@@ -93,14 +93,18 @@ class ServerEditFragment : NavigationFragment(R.layout.server_edit_fragment, 0)
         with(binding) {
             portEdit.filters = arrayOf(IntFilter(Server.portRange))
 
+            httpsHint.isVisible = httpsCheckBox.isChecked
+            httpsCheckBox.setOnCheckedChangeListener { _, isChecked ->
+                httpsHint.isVisible = isChecked
+            }
+
             proxySettingsButton.setOnClickListener {
                 navigate(ServerEditFragmentDirections.toProxySettingsFragment())
             }
 
             certificatedButton.setOnClickListener {
                 navigate(ServerEditFragmentDirections.toCertificatesFragment())
             }
-            httpsCheckBox.setDependentViews(certificatedButton)
 
             authenticationCheckBox.setDependentViews(usernameEditLayout, passwordEditLayout)
 

app/src/main/res/layout/server_edit_fragment.xml

@@ -71,10 +71,23 @@ SPDX-License-Identifier: GPL-3.0-or-later
                         android:inputType="number" />
                 </com.google.android.material.textfield.TextInputLayout>
 
-                <com.google.android.material.textfield.TextInputLayout
+                <CheckBox
+                    android:id="@+id/https_check_box"
                     android:layout_width="match_parent"
                     android:layout_height="wrap_content"
                     android:layout_marginTop="@dimen/linear_layout_vertical_spacing"
+                    android:text="@string/use_https_protocol" />
+
+                <TextView
+                    android:id="@+id/https_hint"
+                    android:layout_width="match_parent"
+                    android:text="@string/https_hint"
+                    android:layout_height="wrap_content" />
+
+                <com.google.android.material.textfield.TextInputLayout
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="@dimen/linear_layout_vertical_spacing_double"
                     android:hint="@string/api_path">
 
                     <com.google.android.material.textfield.TextInputEditText
@@ -93,13 +106,6 @@ SPDX-License-Identifier: GPL-3.0-or-later
                     android:paddingVertical="@dimen/linear_layout_vertical_spacing"
                     android:text="@string/proxy_settings" />
 
-                <CheckBox
-                    android:id="@+id/https_check_box"
-                    android:layout_width="match_parent"
-                    android:layout_height="wrap_content"
-                    android:layout_marginTop="@dimen/linear_layout_vertical_spacing"
-                    android:text="@string/https" />
-
                 <Button
                     android:id="@+id/certificated_button"
                     style="@style/Widget.Material3.Button.OutlinedButton"

app/src/main/res/values-de-rDE/strings.xml

@@ -215,7 +215,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Domain Name oder IP Adresse</string>
     <string name="port">Port</string>
     <string name="api_path">API Pfad</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Zertifikate</string>
     <string name="server_uses_self_signed_certificate">Server nutzt ein selbstsigniertes Zertifikat</string>
     <string name="certificate">Zertifikat im PEM Format</string>

app/src/main/res/values-en/strings.xml

@@ -195,7 +195,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Domain name or IP address</string>
     <string name="port">Port</string>
     <string name="api_path">API path</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificates</string>
     <string name="server_uses_self_signed_certificate">Server uses self-signed certificate</string>
     <string name="certificate">Certificate in PEM format</string>

app/src/main/res/values-es/strings.xml

@@ -223,7 +223,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Nombre de dominio o dirección IP</string>
     <string name="port">Puerto</string>
     <string name="api_path">Ruta API</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificados</string>
     <string name="server_uses_self_signed_certificate">El servidor utiliza un certificado firmado por sí mismo</string>
     <string name="certificate">Certificado en formato PEM</string>

app/src/main/res/values-fr/strings.xml

@@ -216,7 +216,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Nom de domaine ou adresse IP</string>
     <string name="port">Port</string>
     <string name="api_path">chemin d\'API</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificats</string>
     <string name="server_uses_self_signed_certificate">Le serveur utilise un certificat auto-signé</string>
     <string name="certificate">Certificat au format PEM</string>

app/src/main/res/values-it/strings.xml

@@ -206,7 +206,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Nome dominio o indirizzo IP</string>
     <string name="port">Porta</string>
     <string name="api_path">Indirizzo API</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificati</string>
     <string name="server_uses_self_signed_certificate">Il server usa un certificato auto-firmato</string>
     <string name="certificate">Certificato in formato PEM</string>

app/src/main/res/values-nl-rBE/strings.xml

@@ -187,7 +187,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Domeinnaam of IP-adres</string>
     <string name="port">Poort</string>
     <string name="api_path">API-pad</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificaten</string>
     <string name="server_uses_self_signed_certificate">Server gebruikt zelfondertekend certificaat</string>
     <string name="certificate">Certificaat in PEM-formaat</string>

app/src/main/res/values-nl/strings.xml

@@ -187,7 +187,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Domeinnaam of IP-adres</string>
     <string name="port">Poort</string>
     <string name="api_path">API-pad</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificaten</string>
     <string name="server_uses_self_signed_certificate">Server gebruikt zelfondertekend certificaat</string>
     <string name="certificate">Certificaat in PEM-formaat</string>

app/src/main/res/values-pt-rBR/strings.xml

@@ -187,7 +187,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Nome de domínio ou endereço IP</string>
     <string name="port">Porta</string>
     <string name="api_path">Caminho da API</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Certificados</string>
     <string name="server_uses_self_signed_certificate">Servidor usa certificado auto-assinado </string>
     <string name="certificate">Certificado no formato PEM</string>

app/src/main/res/values-ru/strings.xml

@@ -231,7 +231,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Доменное имя или IP-адрес</string>
     <string name="port">Порт</string>
     <string name="api_path">Путь API</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Сертификаты</string>
     <string name="server_uses_self_signed_certificate">Сервер использует самоподписанный сертификат</string>
     <string name="certificate">Сертификат в PEM-формате</string>

app/src/main/res/values-tr/strings.xml

@@ -192,7 +192,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Alan adı veya IP adresi</string>
     <string name="port">Bağlantı noktası</string>
     <string name="api_path">API yolu</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Sertifikalar</string>
     <string name="server_uses_self_signed_certificate">Sunucu kendinden imzalı sertifika kullanıyor</string>
     <string name="certificate">PEM biçiminde sertifika</string>

app/src/main/res/values-vi-rVN/strings.xml

@@ -140,7 +140,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Tên miền hoặc địa chỉ IP</string>
     <string name="port">Cổng</string>
     <string name="api_path">Đường dẫn API</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">Các chứng chỉ</string>
     <string name="server_uses_self_signed_certificate">Máy chủ sử dụng chứng chỉ tự ký</string>
     <string name="certificate">Chứng chỉ ở định dạng PEM</string>

app/src/main/res/values-zh-rCN/strings.xml

@@ -200,7 +200,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">域名或IP地址</string>
     <string name="port">端口</string>
     <string name="api_path">API路径</string>
-    <string name="https">HTTPS</string>
+
     <string name="certificates">证书</string>
     <string name="server_uses_self_signed_certificate">服务端使用自签名证书</string>
     <string name="certificate">PEM格式的证书</string>

app/src/main/res/values/strings.xml

@@ -226,7 +226,8 @@ SPDX-License-Identifier: GPL-3.0-or-later
     <string name="address_edit_hint">Domain name or IP address</string>
     <string name="port">Port</string>
     <string name="api_path">API path</string>
-    <string name="https">HTTPS</string>
+    <string name="use_https_protocol">Use HTTPS protocol</string>
+    <string name="https_hint">Make sure that server listening on this port expects HTTPS connections. If you are using HTTP to HTTPS redirection you need to uncheck this</string>
     <string name="certificates">Certificates</string>
     <string name="server_uses_self_signed_certificate">Server uses self-signed certificate</string>
     <string name="certificate">Certificate in PEM format</string>

gradle-plugin/src/main/kotlin/org/equeim/tremotesf/gradle/GradlePlugin.kt

@@ -59,7 +59,6 @@ class GradlePlugin : Plugin<Project> {
 
     private fun ApplicationExtension.configureApplicationProject(libs: VersionCatalog) {
         defaultConfig.targetSdk = libs.targetSdk
-        packaging.jniLibs.useLegacyPackaging = false
     }
 
     private fun KotlinJvmOptions.configureKotlin() {

rpc/src/main/kotlin/org/equeim/tremotesf/rpc/ConnectionConfiguration.kt

@@ -36,21 +36,19 @@ internal fun createConnectionConfiguration(server: Server): ConnectionConfigurat
             )
         })
     var clientCertificates: List<Certificate> = emptyList()
-    if (server.httpsEnabled) {
-        val clientCertificate = if (server.clientCertificateEnabled) server.clientCertificate.takeIf { it.isNotBlank() } else null
-        val serverCertificate = if (server.selfSignedCertificateEnabled) server.selfSignedCertificate.takeIf { it.isNotBlank() } else null
+    val clientCertificate = if (server.clientCertificateEnabled) server.clientCertificate.takeIf { it.isNotBlank() } else null
+    val serverCertificate = if (server.selfSignedCertificateEnabled) server.selfSignedCertificate.takeIf { it.isNotBlank() } else null
+    if (clientCertificate != null || serverCertificate != null) {
         val configuration = createTlsConfiguration(
             clientCertificatesString = clientCertificate,
             selfSignedCertificatesString = serverCertificate,
             serverHostname = url.host,
         )
-        if (configuration != null) {
-            builder.sslSocketFactory(configuration.sslSocketFactory, configuration.trustManager)
-            configuration.hostnameVerifier?.let {
-                builder.hostnameVerifier(it)
-            }
-            clientCertificates = configuration.clientCertificates
+        builder.sslSocketFactory(configuration.sslSocketFactory, configuration.trustManager)
+        configuration.hostnameVerifier?.let {
+            builder.hostnameVerifier(it)
         }
+        clientCertificates = configuration.clientCertificates
     }
     return ConnectionConfiguration(
         httpClient = builder.build(),

rpc/src/main/kotlin/org/equeim/tremotesf/rpc/TlsConfiguration.kt

@@ -35,10 +35,9 @@ internal fun createTlsConfiguration(
     clientCertificatesString: String?,
     selfSignedCertificatesString: String?,
     serverHostname: String,
-): TlsConfiguration? {
-    // We need to set up ISRG Root X1 certificate for Android < 7.1
+): TlsConfiguration {
     if (clientCertificatesString == null && selfSignedCertificatesString == null) {
-        return null
+        throw IllegalArgumentException("Either clientCertificatesString or selfSignedCertificatesString must be provided")
     }
     return try {
         val certificateFactory = CertificateFactory.getInstance("X.509")