changeset 3245:2a0a16b906ac

plugin android: use `certifi` SSL root certicates
author Goffi <goffi@goffi.org>
date Wed, 01 Apr 2020 22:28:50 +0200
parents b10d207f95f9
children 5ba0b1cdd45b
files sat/plugins/plugin_misc_android.py
diffstat 1 files changed, 27 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/sat/plugins/plugin_misc_android.py	Wed Apr 01 16:17:09 2020 +0200
+++ b/sat/plugins/plugin_misc_android.py	Wed Apr 01 22:28:50 2020 +0200
@@ -21,12 +21,7 @@
 import os.path
 import json
 from pathlib import Path
-from sat.core.i18n import _, D_
-from sat.core.constants import Const as C
-from sat.core.log import getLogger
-from sat.core import exceptions
-from sat.tools.common import async_process
-from sat.memory import params
+from zope.interface import implementer
 from twisted.names import client as dns_client
 from twisted.python.procutils import which
 from twisted.internet import defer
@@ -34,6 +29,14 @@
 from twisted.internet import protocol
 from twisted.internet import abstract
 from twisted.internet import error as int_error
+from twisted.internet import _sslverify
+from sat.core.i18n import _, D_
+from sat.core.constants import Const as C
+from sat.core.log import getLogger
+from sat.core import exceptions
+from sat.tools.common import async_process
+from sat.memory import params
+
 
 log = getLogger(__name__)
 
@@ -54,6 +57,7 @@
 
 
 import re
+import certifi
 from plyer import vibrator
 from android import api_version
 from plyer.platforms.android import activity
@@ -111,6 +115,19 @@
 INTENT_EXTRA_ACTION = AndroidString("org.salut-a-toi.IntentAction")
 
 
+@implementer(_sslverify.IOpenSSLTrustRoot)
+class AndroidTrustPaths:
+
+    def _addCACertsToContext(self, context):
+        # twisted doesn't have access to Android root certificates
+        # we use certifi to work around that (same thing is done in Kivy)
+        context.load_verify_locations(certifi.where())
+
+
+def platformTrust():
+    return AndroidTrustPaths()
+
+
 class Notification(AndroidNotification):
     # We extend plyer's AndroidNotification instead of creating directly with jnius
     # because it already handles issues like backward compatibility, and we just want to
@@ -275,6 +292,10 @@
         self.notif_player.setAudioStreamType(AudioManager.STREAM_NOTIFICATION)
         self.notif_player.prepare()
 
+        # SSL fix
+        _sslverify.platformTrust = platformTrust
+        log.info("SSL Android patch applied")
+
         # DNS fix
         defer.ensureDeferred(self.updateResolver())