-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add connection security indicator to the top-right corner of the Resp…
…onse View
- Loading branch information
1 parent
a366276
commit 6053274
Showing
18 changed files
with
270 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
...ain/kotlin/com/sunnychung/application/multiplatform/hellohttp/model/ConnectionSecurity.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
package com.sunnychung.application.multiplatform.hellohttp.model | ||
|
||
import com.sunnychung.application.multiplatform.hellohttp.annotation.Persisted | ||
import com.sunnychung.lib.multiplatform.kdatetime.KInstant | ||
import kotlinx.serialization.Serializable | ||
|
||
@Persisted | ||
@Serializable | ||
data class ConnectionSecurity( | ||
val security: ConnectionSecurityType, | ||
val clientCertificatePrincipal: Certificate?, | ||
val peerCertificatePrincipal: Certificate?, | ||
) | ||
|
||
@Persisted | ||
@Serializable | ||
data class Certificate( | ||
val principal: String, | ||
val issuerPrincipal: String, | ||
val notAfter: KInstant, | ||
val notBefore: KInstant, | ||
) | ||
|
||
enum class ConnectionSecurityType { | ||
/** | ||
* Cleartext HTTP | ||
*/ | ||
Unencrypted, | ||
|
||
/** | ||
* TLS without verification | ||
*/ | ||
InsecureEncrypted, | ||
|
||
/** | ||
* TLS with verification. It could be verified with custom trusted certificates. | ||
*/ | ||
VerifiedEncrypted, | ||
|
||
/** | ||
* mTLS with verification | ||
*/ | ||
MutuallyVerifiedEncrypted | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
50 changes: 50 additions & 0 deletions
50
...m/sunnychung/application/multiplatform/hellohttp/network/util/CallDataUserResponseUtil.kt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
package com.sunnychung.application.multiplatform.hellohttp.network.util | ||
|
||
import com.sunnychung.application.multiplatform.hellohttp.model.ConnectionSecurity | ||
import com.sunnychung.application.multiplatform.hellohttp.model.ConnectionSecurityType | ||
import com.sunnychung.application.multiplatform.hellohttp.model.UserResponse | ||
import com.sunnychung.application.multiplatform.hellohttp.network.CallData | ||
import com.sunnychung.lib.multiplatform.kdatetime.KInstant | ||
import java.security.cert.Certificate | ||
import java.security.cert.X509Certificate | ||
import javax.security.auth.x500.X500Principal | ||
|
||
internal object CallDataUserResponseUtil { | ||
internal fun onConnected(out: UserResponse) { | ||
synchronized(out) { | ||
if (out.connectionSecurity == null) { | ||
out.connectionSecurity = ConnectionSecurity( | ||
security = ConnectionSecurityType.Unencrypted, | ||
clientCertificatePrincipal = null, | ||
peerCertificatePrincipal = null | ||
) | ||
} | ||
} | ||
} | ||
|
||
internal fun onTlsUpgraded( | ||
callData: CallData, | ||
localCertificates: Array<Certificate>?, | ||
peerCertificates: Array<Certificate>?, | ||
) { | ||
synchronized(callData.response) { | ||
callData.response.connectionSecurity = ConnectionSecurity( | ||
security = when { | ||
callData.sslConfig.isInsecure == true -> ConnectionSecurityType.InsecureEncrypted | ||
!localCertificates.isNullOrEmpty() && !peerCertificates.isNullOrEmpty() -> ConnectionSecurityType.MutuallyVerifiedEncrypted | ||
!peerCertificates.isNullOrEmpty() -> ConnectionSecurityType.VerifiedEncrypted | ||
else -> ConnectionSecurityType.Unencrypted | ||
}, | ||
clientCertificatePrincipal = (localCertificates?.firstOrNull() as? X509Certificate)?.toPersistableCertificate(), | ||
peerCertificatePrincipal = (peerCertificates?.firstOrNull() as? X509Certificate)?.toPersistableCertificate(), | ||
) | ||
} | ||
} | ||
|
||
private fun X509Certificate.toPersistableCertificate() = com.sunnychung.application.multiplatform.hellohttp.model.Certificate( | ||
principal = subjectX500Principal.getName(X500Principal.RFC1779), | ||
issuerPrincipal = issuerX500Principal.getName(X500Principal.RFC1779), | ||
notAfter = KInstant(notAfter.time), | ||
notBefore = KInstant(notBefore.time), | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.