From f8df28311efcd0532e406590355ef98fe32ffbe7 Mon Sep 17 00:00:00 2001
From: tom5079 <7948651+tom5079@users.noreply.github.com>
Date: Sun, 24 Mar 2024 00:21:03 -0700
Subject: [PATCH] Fix Certificate

---
 .../pupil/networking/HitomiHttpClient.kt      |  8 +-
 .../java/xyz/quaver/pupil/networking/SSL.kt   | 80 +++++++++++++++++++
 2 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 app/src/main/java/xyz/quaver/pupil/networking/SSL.kt

diff --git a/app/src/main/java/xyz/quaver/pupil/networking/HitomiHttpClient.kt b/app/src/main/java/xyz/quaver/pupil/networking/HitomiHttpClient.kt
index 95b7a3cc..3c04a125 100644
--- a/app/src/main/java/xyz/quaver/pupil/networking/HitomiHttpClient.kt
+++ b/app/src/main/java/xyz/quaver/pupil/networking/HitomiHttpClient.kt
@@ -52,7 +52,13 @@ private val json = Json {
 }
 
 object HitomiHttpClient {
-    private val httpClient = HttpClient(OkHttp)
+    private val httpClient = HttpClient(OkHttp) {
+        engine {
+            config {
+                sslSocketFactory(SSLSettings.sslContext!!.socketFactory, SSLSettings.trustManager!!)
+            }
+        }
+    }
 
     private var _tagIndexVersion: String? = null
     private suspend fun getTagIndexVersion(): String =
diff --git a/app/src/main/java/xyz/quaver/pupil/networking/SSL.kt b/app/src/main/java/xyz/quaver/pupil/networking/SSL.kt
new file mode 100644
index 00000000..37689c56
--- /dev/null
+++ b/app/src/main/java/xyz/quaver/pupil/networking/SSL.kt
@@ -0,0 +1,80 @@
+package xyz.quaver.pupil.networking
+
+import android.content.res.Resources
+import java.io.ByteArrayInputStream
+import java.security.KeyStore
+import java.security.SecureRandom
+import java.security.cert.CertificateFactory
+import javax.net.ssl.SSLContext
+import javax.net.ssl.TrustManagerFactory
+import javax.net.ssl.X509TrustManager
+
+const val ISRG_ROOT_X1 = """-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----"""
+
+object SSLSettings {
+    val keyStore: KeyStore by lazy {
+        KeyStore.getInstance(KeyStore.getDefaultType()).apply {
+            load(null, null)
+
+            val certificateFactory = CertificateFactory.getInstance("X.509")
+            val certificate = certificateFactory.generateCertificate(ISRG_ROOT_X1.byteInputStream())
+
+            setCertificateEntry("isrgrootx1", certificate)
+
+            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).apply {
+                init(null as KeyStore?)
+                trustManagers.filterIsInstance<X509TrustManager>().forEach { trustManager ->
+                    trustManager.acceptedIssuers.forEach { acceptedIssuer ->
+                        setCertificateEntry(acceptedIssuer.subjectDN.name, acceptedIssuer)
+                    }
+                }
+            }
+        }
+    }
+
+    val trustManagerFactory: TrustManagerFactory? by lazy {
+        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).apply {
+            init(keyStore)
+        }
+    }
+
+    val sslContext: SSLContext? by lazy {
+        SSLContext.getInstance("TLS").apply {
+            init(null, trustManagerFactory?.trustManagers, null)
+        }
+    }
+
+    val trustManager: X509TrustManager? by lazy {
+        trustManagerFactory?.trustManagers?.filterIsInstance<X509TrustManager>()?.firstOrNull()
+    }
+}
\ No newline at end of file