fix(deps): update dependency org.matrix.rustcomponents:sdk-android to v26.03.19 (#6411)
* fix(deps): update dependency org.matrix.rustcomponents:sdk-android to v26.03.18 * Fix API breaks * Add compatibility with rustls (#6367) A new `rustls-platform-verifier-android` library has to be added to the project, it'll be called from Rust to get access to the certificates on Android. Originally, this was supposed to be added as a local maven repo pointing to the rust crate that publishes the AAR, but that's just plain terrible (more details [here](https://github.com/rustls/rustls-platform-verifier#android). Instead, what we can do is use a script that uses `cargo-download` to download the latest crate or a specified version, unzip it and add the `aar` file to the `:libraries:matrix:impl` module. * Try fixing Sonar with local AAR files * Remove `UserCertificatesProvider`: this is no longer needed after integrating rustls * Added some docs for rustls and its `platform-verifier` library * Upgrade SDK to `26.03.19`: this version contains a workaround that allows the app to use the same TLS verifier as before, fixing the Let's Encrypt issues we saw with some homeservers (like element.io) --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Jorge Martín <jorgem@element.io>
This commit is contained in:
renovate[bot]
@@ -20,5 +20,6 @@ sealed class QrLoginException : Exception() {
|
||||
data object OtherDeviceNotSignedIn : QrLoginException()
|
||||
data object CheckCodeAlreadySent : QrLoginException()
|
||||
data object CheckCodeCannotBeSent : QrLoginException()
|
||||
data object UnsupportedQrCodeType : QrLoginException()
|
||||
data object Unknown : QrLoginException()
|
||||
}
|
||||
|
||||
@@ -23,6 +23,11 @@ sealed class ErrorType(message: String) : Exception(message) {
|
||||
*/
|
||||
class UnsupportedProtocol(message: String) : ErrorType(message)
|
||||
|
||||
/**
|
||||
* The QR code type is not supported by the client.
|
||||
*/
|
||||
class UnsupportedQrCodeType(message: String) : ErrorType(message)
|
||||
|
||||
/**
|
||||
* Secrets backup not set up properly.
|
||||
*/
|
||||
|
||||
@@ -28,6 +28,8 @@ dependencies {
|
||||
} else {
|
||||
debugImplementation(libs.matrix.sdk)
|
||||
}
|
||||
implementation(files("libs/rustls-platform-verifier-android.aar"))
|
||||
|
||||
implementation(projects.appconfig)
|
||||
implementation(projects.libraries.androidutils)
|
||||
implementation(projects.libraries.di)
|
||||
|
||||
BIN
libraries/matrix/impl/libs/rustls-platform-verifier-android.aar
Normal file
BIN
libraries/matrix/impl/libs/rustls-platform-verifier-android.aar
Normal file
Binary file not shown.
@@ -0,0 +1 @@
|
||||
Updated rustls-platform-verifier-android.aar using `rustls-platform-verifier-0.1.1.aar`
|
||||
@@ -17,7 +17,6 @@ import io.element.android.libraries.di.annotations.AppCoroutineScope
|
||||
import io.element.android.libraries.featureflag.api.FeatureFlagService
|
||||
import io.element.android.libraries.featureflag.api.FeatureFlags
|
||||
import io.element.android.libraries.matrix.impl.analytics.UtdTracker
|
||||
import io.element.android.libraries.matrix.impl.certificates.UserCertificatesProvider
|
||||
import io.element.android.libraries.matrix.impl.paths.SessionPaths
|
||||
import io.element.android.libraries.matrix.impl.paths.getSessionPaths
|
||||
import io.element.android.libraries.matrix.impl.proxy.ProxyProvider
|
||||
@@ -57,7 +56,6 @@ class RustMatrixClientFactory(
|
||||
private val coroutineDispatchers: CoroutineDispatchers,
|
||||
private val sessionStore: SessionStore,
|
||||
private val userAgentProvider: UserAgentProvider,
|
||||
private val userCertificatesProvider: UserCertificatesProvider,
|
||||
private val proxyProvider: ProxyProvider,
|
||||
private val clock: SystemClock,
|
||||
private val analyticsService: AnalyticsService,
|
||||
@@ -143,7 +141,6 @@ class RustMatrixClientFactory(
|
||||
}
|
||||
.setSessionDelegate(sessionDelegate)
|
||||
.userAgent(userAgentProvider.provide())
|
||||
.addRootCertificates(userCertificatesProvider.provides())
|
||||
.autoEnableBackups(true)
|
||||
.autoEnableCrossSigning(true)
|
||||
.roomKeyRecipientStrategy(
|
||||
|
||||
@@ -13,19 +13,16 @@ import dev.zacsweers.metro.ContributesBinding
|
||||
import io.element.android.libraries.core.extensions.runCatchingExceptions
|
||||
import io.element.android.libraries.matrix.api.auth.HomeServerLoginCompatibilityChecker
|
||||
import io.element.android.libraries.matrix.impl.ClientBuilderProvider
|
||||
import io.element.android.libraries.matrix.impl.certificates.UserCertificatesProvider
|
||||
import timber.log.Timber
|
||||
|
||||
@ContributesBinding(AppScope::class)
|
||||
class RustHomeServerLoginCompatibilityChecker(
|
||||
private val clientBuilderProvider: ClientBuilderProvider,
|
||||
private val userCertificatesProvider: UserCertificatesProvider,
|
||||
) : HomeServerLoginCompatibilityChecker {
|
||||
override suspend fun check(url: String): Result<Boolean> = runCatchingExceptions {
|
||||
clientBuilderProvider.provide()
|
||||
.inMemoryStore()
|
||||
.serverNameOrHomeserverUrl(url)
|
||||
.addRootCertificates(userCertificatesProvider.provides())
|
||||
.build()
|
||||
.use {
|
||||
it.homeserverLoginDetails()
|
||||
|
||||
@@ -46,5 +46,6 @@ object QrErrorMapper {
|
||||
is RustHumanQrLoginException.SlidingSyncNotAvailable -> QrLoginException.SlidingSyncNotAvailable
|
||||
is RustHumanQrLoginException.CheckCodeAlreadySent -> QrLoginException.CheckCodeAlreadySent
|
||||
is RustHumanQrLoginException.CheckCodeCannotBeSent -> QrLoginException.CheckCodeCannotBeSent
|
||||
is RustHumanQrLoginException.UnsupportedQrCodeType -> QrLoginException.UnsupportedQrCodeType
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,77 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2025 Element Creations Ltd.
|
||||
* Copyright 2024, 2025 New Vector Ltd.
|
||||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
|
||||
* Please see LICENSE files in the repository root for full details.
|
||||
*/
|
||||
|
||||
package io.element.android.libraries.matrix.impl.certificates
|
||||
|
||||
import dev.zacsweers.metro.AppScope
|
||||
import dev.zacsweers.metro.ContributesBinding
|
||||
import timber.log.Timber
|
||||
import java.security.KeyStore
|
||||
import java.security.KeyStoreException
|
||||
|
||||
@ContributesBinding(AppScope::class)
|
||||
class DefaultUserCertificatesProvider : UserCertificatesProvider {
|
||||
/**
|
||||
* Get additional user-installed certificates from the `AndroidCAStore` `Keystore`.
|
||||
*
|
||||
* The Rust HTTP client doesn't include user-installed certificates in its internal certificate
|
||||
* store. This means that whatever the user installs will be ignored.
|
||||
*
|
||||
* While most users don't need user-installed certificates some special deployments or debugging
|
||||
* setups using a proxy might want to use them.
|
||||
*
|
||||
* @return A list of byte arrays where each byte array is a single user-installed certificate
|
||||
* in encoded form.
|
||||
*/
|
||||
override fun provides(): List<ByteArray> {
|
||||
// At least for API 34 the `AndroidCAStore` `Keystore` type contained user certificates as well.
|
||||
// I have not found this to be documented anywhere.
|
||||
val keyStore: KeyStore = try {
|
||||
KeyStore.getInstance("AndroidCAStore")
|
||||
} catch (e: KeyStoreException) {
|
||||
Timber.w(e, "Failed to get AndroidCAStore keystore")
|
||||
return emptyList()
|
||||
}
|
||||
val aliases = try {
|
||||
keyStore.load(null)
|
||||
keyStore.aliases()
|
||||
} catch (e: Exception) {
|
||||
Timber.w(e, "Failed to load and get aliases AndroidCAStore keystore")
|
||||
return emptyList()
|
||||
}
|
||||
return aliases.toList()
|
||||
.filter { alias ->
|
||||
// The certificate alias always contains the prefix `system` or
|
||||
// `user` and the MD5 subject hash separated by a colon.
|
||||
//
|
||||
// The subject hash can be calculated using openssl as such:
|
||||
// openssl x509 -subject_hash_old -noout -in mycert.cer
|
||||
//
|
||||
// Again, I have not found this to be documented somewhere.
|
||||
alias.startsWith("user")
|
||||
}
|
||||
.mapNotNull { alias ->
|
||||
try {
|
||||
keyStore.getEntry(alias, null)
|
||||
} catch (e: Exception) {
|
||||
Timber.w(e, "Failed to get entry for alias $alias")
|
||||
null
|
||||
}
|
||||
}
|
||||
.filterIsInstance<KeyStore.TrustedCertificateEntry>()
|
||||
.map { trustedCertificateEntry ->
|
||||
trustedCertificateEntry.trustedCertificate.encoded
|
||||
}
|
||||
.also {
|
||||
// Let's at least log the number of user-installed certificates we found,
|
||||
// since the alias isn't particularly useful nor does the issuer seem to
|
||||
// be easily available.
|
||||
Timber.i("Found ${it.size} additional user-provided certificates.")
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2025 Element Creations Ltd.
|
||||
* Copyright 2024, 2025 New Vector Ltd.
|
||||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
|
||||
* Please see LICENSE files in the repository root for full details.
|
||||
*/
|
||||
|
||||
package io.element.android.libraries.matrix.impl.certificates
|
||||
|
||||
interface UserCertificatesProvider {
|
||||
fun provides(): List<ByteArray>
|
||||
}
|
||||
@@ -22,4 +22,5 @@ internal fun HumanQrGrantLoginException.map() = when (this) {
|
||||
is HumanQrGrantLoginException.OtherDeviceAlreadySignedIn -> ErrorType.OtherDeviceAlreadySignedIn(message.orEmpty())
|
||||
is HumanQrGrantLoginException.Unknown -> ErrorType.Unknown(message.orEmpty())
|
||||
is HumanQrGrantLoginException.UnsupportedProtocol -> ErrorType.UnsupportedProtocol(message.orEmpty())
|
||||
is HumanQrGrantLoginException.UnsupportedQrCodeType -> ErrorType.UnsupportedQrCodeType(message.orEmpty())
|
||||
}
|
||||
|
||||
@@ -10,16 +10,19 @@ package io.element.android.libraries.matrix.impl.platform
|
||||
|
||||
import dev.zacsweers.metro.AppScope
|
||||
import dev.zacsweers.metro.ContributesBinding
|
||||
import io.element.android.libraries.core.meta.BuildMeta
|
||||
import io.element.android.libraries.matrix.api.platform.InitPlatformService
|
||||
import io.element.android.libraries.matrix.api.tracing.TracingConfiguration
|
||||
import io.element.android.libraries.matrix.impl.tracing.map
|
||||
import org.matrix.rustcomponents.sdk.initPlatform
|
||||
|
||||
@ContributesBinding(AppScope::class)
|
||||
class RustInitPlatformService : InitPlatformService {
|
||||
class RustInitPlatformService(
|
||||
private val buildMeta: BuildMeta,
|
||||
) : InitPlatformService {
|
||||
override fun init(tracingConfiguration: TracingConfiguration) {
|
||||
initPlatform(
|
||||
config = tracingConfiguration.map(),
|
||||
config = tracingConfiguration.map(buildMeta),
|
||||
useLightweightTokioRuntime = false
|
||||
)
|
||||
}
|
||||
|
||||
@@ -65,9 +65,8 @@ internal fun RoomListInterface.entriesFlow(
|
||||
trySendBlocking(roomEntriesUpdate)
|
||||
}
|
||||
}
|
||||
val result = entriesWithDynamicAdaptersWith(
|
||||
val result = entriesWithDynamicAdapters(
|
||||
pageSize = pageSize.toUInt(),
|
||||
enableLatestEventSorter = true,
|
||||
listener = listener,
|
||||
)
|
||||
val controller = result.controller()
|
||||
|
||||
@@ -107,6 +107,10 @@ class TimelineEventContentMapper(
|
||||
threadInfo = extractThreadInfo(it.content),
|
||||
)
|
||||
}
|
||||
is MsgLikeKind.LiveLocation -> {
|
||||
// Live location messages are a special kind of message that we want to treat as unknown content for now
|
||||
UnknownContent
|
||||
}
|
||||
is MsgLikeKind.Other -> UnknownContent
|
||||
}
|
||||
}
|
||||
@@ -134,9 +138,6 @@ class TimelineEventContentMapper(
|
||||
}
|
||||
is TimelineItemContent.CallInvite -> LegacyCallInviteContent
|
||||
is TimelineItemContent.RtcNotification -> CallNotifyContent
|
||||
is TimelineItemContent.LiveLocation -> {
|
||||
UnknownContent
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,6 +17,7 @@ import io.element.android.libraries.matrix.api.tracing.LogLevel
|
||||
import io.element.android.libraries.matrix.api.tracing.TracingConfiguration
|
||||
import io.element.android.libraries.matrix.api.tracing.TracingService
|
||||
import io.element.android.libraries.matrix.api.tracing.WriteToFilesConfiguration
|
||||
import org.matrix.rustcomponents.sdk.SentryConfig
|
||||
import org.matrix.rustcomponents.sdk.TracingFileConfiguration
|
||||
import org.matrix.rustcomponents.sdk.reloadTracingFileWriter
|
||||
import timber.log.Timber
|
||||
@@ -59,11 +60,17 @@ private fun WriteToFilesConfiguration.toTracingFileConfiguration(): TracingFileC
|
||||
}
|
||||
}
|
||||
|
||||
fun TracingConfiguration.map(): org.matrix.rustcomponents.sdk.TracingConfiguration = org.matrix.rustcomponents.sdk.TracingConfiguration(
|
||||
fun TracingConfiguration.map(buildMeta: BuildMeta): org.matrix.rustcomponents.sdk.TracingConfiguration = org.matrix.rustcomponents.sdk.TracingConfiguration(
|
||||
writeToStdoutOrSystem = writesToLogcat,
|
||||
logLevel = logLevel.toRustLogLevel(),
|
||||
extraTargets = extraTargets,
|
||||
traceLogPacks = traceLogPacks.map(),
|
||||
writeToFiles = writesToFilesConfiguration.toTracingFileConfiguration(),
|
||||
sentryDsn = sdkSentryDsn,
|
||||
sentryConfig = sdkSentryDsn?.let {
|
||||
SentryConfig(
|
||||
dsn = it,
|
||||
appVersion = buildMeta.versionName,
|
||||
appPlatform = "Android",
|
||||
)
|
||||
}
|
||||
)
|
||||
|
||||
@@ -12,7 +12,6 @@ import com.google.common.truth.Truth.assertThat
|
||||
import io.element.android.libraries.featureflag.test.FakeFeatureFlagService
|
||||
import io.element.android.libraries.matrix.api.core.SessionId
|
||||
import io.element.android.libraries.matrix.impl.auth.FakeProxyProvider
|
||||
import io.element.android.libraries.matrix.impl.auth.FakeUserCertificatesProvider
|
||||
import io.element.android.libraries.matrix.impl.room.FakeTimelineEventFilterFactory
|
||||
import io.element.android.libraries.matrix.impl.storage.FakeSqliteStoreBuilderProvider
|
||||
import io.element.android.libraries.network.useragent.SimpleUserAgentProvider
|
||||
@@ -58,7 +57,6 @@ fun TestScope.createRustMatrixClientFactory(
|
||||
coroutineDispatchers = testCoroutineDispatchers(),
|
||||
sessionStore = sessionStore,
|
||||
userAgentProvider = SimpleUserAgentProvider(),
|
||||
userCertificatesProvider = FakeUserCertificatesProvider(),
|
||||
proxyProvider = FakeProxyProvider(),
|
||||
clock = FakeSystemClock(),
|
||||
analyticsService = FakeAnalyticsService(),
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2025 Element Creations Ltd.
|
||||
* Copyright 2024, 2025 New Vector Ltd.
|
||||
*
|
||||
* SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial.
|
||||
* Please see LICENSE files in the repository root for full details.
|
||||
*/
|
||||
|
||||
package io.element.android.libraries.matrix.impl.auth
|
||||
|
||||
import io.element.android.libraries.matrix.impl.certificates.UserCertificatesProvider
|
||||
|
||||
class FakeUserCertificatesProvider : UserCertificatesProvider {
|
||||
override fun provides(): List<ByteArray> {
|
||||
return emptyList()
|
||||
}
|
||||
}
|
||||
@@ -49,6 +49,5 @@ class RustHomeserverLoginCompatibilityCheckerTest {
|
||||
FakeFfiClient(homeserverLoginDetailsResult = result)
|
||||
}
|
||||
},
|
||||
userCertificatesProvider = FakeUserCertificatesProvider(),
|
||||
)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user