Merge pull request #451 from Countly/hostname_aware

feat: add hostname aware checks

.github/workflows/build_and_test_sdk.yml

@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Install Docker to the Runner
-        run: sudo apt-get install docker
+        run: sudo apt-get install containerd.io
 
       - name: Pull Emulator from the Repo
         run: docker pull ${{ env.EMULATOR_REPO }}

CHANGELOG.md

@@ -1,6 +1,8 @@
 ## XX.XX.XX
 * Improved content size management of content blocks.
+
 * Mitigated an issue where, the action bar was overlapping with the content display.
+* Improved the custom CertificateTrustManager to handle domain-specific configurations by supporting hostname-aware checkServerTrusted calls.
 
 ## 24.7.8
 * Added a config option to content (setZoneTimerInterval) to set content zone timer. (Experimental!)

sdk/src/main/java/ly/count/android/sdk/CertificateTrustManager.java

@@ -1,5 +1,6 @@
 package ly.count.android.sdk;
 
+import android.net.http.X509TrustManagerExtensions;
 import android.util.Base64;
 import java.io.ByteArrayInputStream;
 import java.security.KeyStore;
@@ -54,23 +55,30 @@ public CertificateTrustManager(String[] keys, String[] certs) throws Certificate
         }
     }
 
+    public void checkServerTrusted(X509Certificate[] chain, String authType, String host) throws CertificateException {
+        performCommonChecks(chain, authType, host);
+    }
+
     public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
-        if (chain == null) {
-            throw new IllegalArgumentException("PublicKeyManager: X509Certificate array is null");
-        }
+        performCommonChecks(chain, authType, null);
+    }
 
-        if (!(chain.length > 0)) {
-            throw new IllegalArgumentException("PublicKeyManager: X509Certificate is empty");
+    private void performCommonChecks(X509Certificate[] chain, String authType, String host) throws CertificateException {
+        if (chain == null || chain.length == 0) {
+            throw new IllegalArgumentException("PublicKeyManager: X509Certificate array is null or empty");
         }
 
-        // Perform customary SSL/TLS checks
-        TrustManagerFactory tmf;
         try {
-            tmf = TrustManagerFactory.getInstance("X509");
+            TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
             tmf.init((KeyStore) null);
 
             for (TrustManager trustManager : tmf.getTrustManagers()) {
-                ((X509TrustManager) trustManager).checkServerTrusted(chain, authType);
+                if (host != null && trustManager instanceof X509TrustManager) {
+                    X509TrustManagerExtensions x509TrustManagerExtensions = new X509TrustManagerExtensions((X509TrustManager) trustManager);
+                    x509TrustManagerExtensions.checkServerTrusted(chain, authType, host);
+                } else {
+                    ((X509TrustManager) trustManager).checkServerTrusted(chain, authType);
+                }
             }
         } catch (Exception e) {
             throw new CertificateException(e);