From 760e5f42fff30659b57aaa9e6b5b6470829619ee Mon Sep 17 00:00:00 2001 From: Philipp Heckel Date: Fri, 9 Jan 2026 13:20:48 -0500 Subject: [PATCH] Remove fingerprint --- .../io.heckel.ntfy.db.Database/16.json | 12 ++---- .../java/io/heckel/ntfy/backup/Backuper.kt | 39 ++++++++----------- .../main/java/io/heckel/ntfy/db/Database.kt | 3 +- .../main/java/io/heckel/ntfy/db/Repository.kt | 4 +- .../heckel/ntfy/service/SubscriberService.kt | 7 +--- .../ntfy/ui/TrustedCertificateFragment.kt | 5 +-- app/src/main/res/values/strings.xml | 1 + 7 files changed, 28 insertions(+), 43 deletions(-) diff --git a/app/schemas/io.heckel.ntfy.db.Database/16.json b/app/schemas/io.heckel.ntfy.db.Database/16.json index 782f5e22..8b013f6a 100644 --- a/app/schemas/io.heckel.ntfy.db.Database/16.json +++ b/app/schemas/io.heckel.ntfy.db.Database/16.json @@ -2,7 +2,7 @@ "formatVersion": 1, "database": { "version": 16, - "identityHash": "af6e656e277e4390d3ebbbca1c4bb845", + "identityHash": "3466bc18a5e477081c1cbd2defcb449f", "entities": [ { "tableName": "Subscription", @@ -362,7 +362,7 @@ }, { "tableName": "TrustedCertificate", - "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`baseUrl` TEXT NOT NULL, `fingerprint` TEXT NOT NULL, `pem` TEXT NOT NULL, PRIMARY KEY(`baseUrl`))", + "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`baseUrl` TEXT NOT NULL, `pem` TEXT NOT NULL, PRIMARY KEY(`baseUrl`))", "fields": [ { "fieldPath": "baseUrl", @@ -370,12 +370,6 @@ "affinity": "TEXT", "notNull": true }, - { - "fieldPath": "fingerprint", - "columnName": "fingerprint", - "affinity": "TEXT", - "notNull": true - }, { "fieldPath": "pem", "columnName": "pem", @@ -423,7 +417,7 @@ ], "setupQueries": [ "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)", - "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'af6e656e277e4390d3ebbbca1c4bb845')" + "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '3466bc18a5e477081c1cbd2defcb449f')" ] } } \ No newline at end of file diff --git a/app/src/main/java/io/heckel/ntfy/backup/Backuper.kt b/app/src/main/java/io/heckel/ntfy/backup/Backuper.kt index c80822c6..d3e0cd7e 100644 --- a/app/src/main/java/io/heckel/ntfy/backup/Backuper.kt +++ b/app/src/main/java/io/heckel/ntfy/backup/Backuper.kt @@ -229,9 +229,8 @@ class Backuper(val context: Context) { } certificates.forEach { c -> try { - val cert = CertUtil.parsePemCertificate(c.pem) - val fingerprint = CertUtil.calculateFingerprint(cert) - repository.addTrustedCertificate(c.baseUrl, fingerprint, c.pem) + CertUtil.parsePemCertificate(c.pem) // Validate the certificate + repository.addTrustedCertificate(c.baseUrl, c.pem) } catch (e: Exception) { Log.w(TAG, "Unable to restore trusted certificate for ${c.baseUrl}: ${e.message}. Ignoring.", e) } @@ -303,25 +302,21 @@ class Backuper(val context: Context) { private suspend fun createNotificationList(): List { return repository.getNotifications().map { n -> - val actions = if (n.actions != null) { - n.actions.map { a -> - Action( - id = a.id, - action = a.action, - label = a.label, - clear = a.clear, - url = a.url, - method = a.method, - headers = a.headers, - body = a.body, - intent = a.intent, - extras = a.extras, - progress = a.progress, - error = a.error - ) - } - } else { - null + val actions = n.actions?.map { a -> + Action( + id = a.id, + action = a.action, + label = a.label, + clear = a.clear, + url = a.url, + method = a.method, + headers = a.headers, + body = a.body, + intent = a.intent, + extras = a.extras, + progress = a.progress, + error = a.error + ) } val attachment = if (n.attachment != null) { Attachment( diff --git a/app/src/main/java/io/heckel/ntfy/db/Database.kt b/app/src/main/java/io/heckel/ntfy/db/Database.kt index b28e6ac1..a76c730c 100644 --- a/app/src/main/java/io/heckel/ntfy/db/Database.kt +++ b/app/src/main/java/io/heckel/ntfy/db/Database.kt @@ -191,7 +191,6 @@ data class User( @Entity(tableName = "TrustedCertificate") data class TrustedCertificate( @PrimaryKey @ColumnInfo(name = "baseUrl") val baseUrl: String, - @ColumnInfo(name = "fingerprint") val fingerprint: String, @ColumnInfo(name = "pem") val pem: String ) @@ -387,7 +386,7 @@ abstract class Database : RoomDatabase() { private val MIGRATION_15_16 = object : Migration(15, 16) { override fun migrate(db: SupportSQLiteDatabase) { - db.execSQL("CREATE TABLE TrustedCertificate (baseUrl TEXT NOT NULL, fingerprint TEXT NOT NULL, pem TEXT NOT NULL, PRIMARY KEY(baseUrl))") + db.execSQL("CREATE TABLE TrustedCertificate (baseUrl TEXT NOT NULL, pem TEXT NOT NULL, PRIMARY KEY(baseUrl))") db.execSQL("CREATE TABLE ClientCertificate (baseUrl TEXT NOT NULL, p12Base64 TEXT NOT NULL, password TEXT NOT NULL, PRIMARY KEY(baseUrl))") } } diff --git a/app/src/main/java/io/heckel/ntfy/db/Repository.kt b/app/src/main/java/io/heckel/ntfy/db/Repository.kt index ee6f1d6a..6a7ce048 100644 --- a/app/src/main/java/io/heckel/ntfy/db/Repository.kt +++ b/app/src/main/java/io/heckel/ntfy/db/Repository.kt @@ -203,8 +203,8 @@ class Repository(private val sharedPrefs: SharedPreferences, database: Database) return trustedCertificateDao.get(baseUrl) } - suspend fun addTrustedCertificate(baseUrl: String, fingerprint: String, pem: String) { - trustedCertificateDao.insert(TrustedCertificate(baseUrl, fingerprint, pem)) + suspend fun addTrustedCertificate(baseUrl: String, pem: String) { + trustedCertificateDao.insert(TrustedCertificate(baseUrl, pem)) } suspend fun removeTrustedCertificate(baseUrl: String) { diff --git a/app/src/main/java/io/heckel/ntfy/service/SubscriberService.kt b/app/src/main/java/io/heckel/ntfy/service/SubscriberService.kt index 630ec31a..03bca83d 100644 --- a/app/src/main/java/io/heckel/ntfy/service/SubscriberService.kt +++ b/app/src/main/java/io/heckel/ntfy/service/SubscriberService.kt @@ -202,13 +202,9 @@ class SubscriberService : Service() { */ private suspend fun reallyRefreshConnections(scope: CoroutineScope) { // Group INSTANT subscriptions by base URL, there is only one connection per base URL - val instantSubscriptions = repository.getSubscriptions() - .filter { s -> s.instant } + val instantSubscriptions = repository.getSubscriptions().filter { s -> s.instant } val activeConnectionIds = connections.keys().toList().toSet() val connectionProtocol = repository.getConnectionProtocol() - val trustedCertsHash = repository.getTrustedCertificates() - .joinToString(",") { it.fingerprint } - .hashCode() val desiredConnectionIds = instantSubscriptions // Set .groupBy { s -> s.baseUrl } .map { (baseUrl, subs) -> @@ -221,6 +217,7 @@ class SubscriberService : Service() { .sortedBy { "${it.name}:${it.value}" } .joinToString(",") { "${it.name}:${it.value}" } .hashCode() + val trustedCertsHash = repository.getTrustedCertificate(baseUrl)?.hashCode() ?: 0 val clientCertHash = repository.getClientCertificate(baseUrl)?.hashCode() ?: 0 ConnectionId( baseUrl = baseUrl, diff --git a/app/src/main/java/io/heckel/ntfy/ui/TrustedCertificateFragment.kt b/app/src/main/java/io/heckel/ntfy/ui/TrustedCertificateFragment.kt index 9218d76d..48a57200 100644 --- a/app/src/main/java/io/heckel/ntfy/ui/TrustedCertificateFragment.kt +++ b/app/src/main/java/io/heckel/ntfy/ui/TrustedCertificateFragment.kt @@ -249,7 +249,7 @@ class TrustedCertificateFragment : DialogFragment() { } } catch (e: Exception) { withContext(Dispatchers.Main) { - fingerprintText.text = trustedCert.fingerprint + showError(getString(R.string.trusted_certificate_dialog_error_parse, e.message ?: "Unknown error")) } } } else { @@ -354,9 +354,8 @@ class TrustedCertificateFragment : DialogFragment() { val certificate = cert ?: return val url = baseUrl ?: return lifecycleScope.launch(Dispatchers.IO) { - val fingerprint = CertUtil.calculateFingerprint(certificate) val pem = CertUtil.encodeCertificateToPem(certificate) - repository.addTrustedCertificate(url, fingerprint, pem) + repository.addTrustedCertificate(url, pem) withContext(Dispatchers.Main) { if (mode != Mode.UNKNOWN) { Toast.makeText(context, R.string.trusted_certificate_dialog_added_toast, Toast.LENGTH_SHORT).show() diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 15fa523d..77341f20 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -519,6 +519,7 @@ Warning: This certificate has expired. Warning: This certificate is not yet valid. Invalid URL + Unable to load certificate: %1$s Next Trust Delete