Commit 817e33a
fix: pre-initialize mTLS flag from in-memory key state to handle TLS session resumption in Wear OS onboarding
When setting up a Wear OS device the mTLS certificate-selection screen
was silently skipped if TLS session resumption occurred, causing the
watch to register without a client certificate and the server to return
HTTP 400.
Root cause: isTLSClientAuthNeeded in TLSWebViewClient is only set inside
onReceivedClientCertRequest. When the onboarding WebView reuses the main
app's existing TLS session (abbreviated handshake), the server never
issues a new CertificateRequest so the callback never fires — even with
ssl_session_tickets disabled on the server, because Android's Chromium
network stack maintains its own in-process TLS session cache.
Fix: add TLSWebViewClient.preInitializeTLSClientAuthState() which checks
whether a private key is already loaded in KeyChainRepository (non-null
getPrivateKey()). A non-null key means the phone is currently connected
to an mTLS-protected instance, so isTLSClientAuthNeeded is pre-set to
true before the WebView starts loading. If the app was force-stopped
first, in-memory state is cleared and no TLS session can be resumed, so
onReceivedClientCertRequest fires naturally on the fresh handshake.
ConnectionViewModel.init calls preInitializeTLSClientAuthState() before
emitting the auth URL so the navigation layer sees the correct value.
Also adds two unit tests to ConnectionViewModelTest covering the
in-memory key present and absent cases.1 parent f3e1cfa commit 817e33a
File tree
3 files changed
+64
-0
lines changed- app/src
- main/kotlin/io/homeassistant/companion/android
- onboarding/connection
- util
- test/kotlin/io/homeassistant/companion/android/onboarding/connection
3 files changed
+64
-0
lines changedLines changed: 6 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
116 | 116 | | |
117 | 117 | | |
118 | 118 | | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
119 | 125 | | |
120 | 126 | | |
121 | 127 | | |
| |||
Lines changed: 30 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
42 | 72 | | |
43 | 73 | | |
44 | 74 | | |
| |||
Lines changed: 28 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
417 | 417 | | |
418 | 418 | | |
419 | 419 | | |
| 420 | + | |
| 421 | + | |
| 422 | + | |
| 423 | + | |
| 424 | + | |
| 425 | + | |
| 426 | + | |
| 427 | + | |
| 428 | + | |
| 429 | + | |
| 430 | + | |
| 431 | + | |
| 432 | + | |
| 433 | + | |
| 434 | + | |
| 435 | + | |
| 436 | + | |
| 437 | + | |
| 438 | + | |
| 439 | + | |
| 440 | + | |
| 441 | + | |
| 442 | + | |
| 443 | + | |
| 444 | + | |
| 445 | + | |
| 446 | + | |
| 447 | + | |
420 | 448 | | |
0 commit comments