Hi,
thank you very much! I have been looking for a solution to this problem for some time.
certificate chooser broken in Android 10/11
-
When trying to use the Advanced option and certificates, I’m unable to actually choose a certificate with Android 10 and 11
See the following screencastsAndroid 11
davx5-certificate-android11.webmAndroid 10
davx5-certificate-android10.webmThe same works on Android 9
davx5-certificate-android9.webm -
And when there is a certificate installed? The button only calls
KeyChain.choosePrivateKeyAliasas documented here: https://developer.android.com/reference/android/security/KeyChainMaybe they have just removed the possibility to add a certificate from there?
-
Android 10 introduce some changes to this call: https://developer.android.com/work/versions/android-10#keychain_improvements
I guess it’s related to that and when there is no certificate, the popup doesn’t appear at all. Can someone test that?
-
I can confirm that.
If I install a client certificate in advance, the certificate chooser works. -
@rfc2822 said in certificate chooser broken in Android 10/11:
I guess it’s related to that and that when there is no certificate, the popup doesn’t appear at all. Can someone test that?
What’s confusing is, that I get this flash, where a dialog appears to pop up quickly but immediately closes again. That doesn’t look right.
-
Ok thanks… at least it’s still working when there is a certificate. So DAVx5 could maybe show a message like “No certificate installed yet”, if its possible easily. Otherwise I’d leave it as it is.
-
Hm, instead of simply showing a message, would createInstallIntent() be an alternative?
-
@mbiebl , I have checked out this issue, it seems like this dialog is broken if no certificates are installed from API level 29 onwards, below 29 it’s still working and an install dialog is automatically shown.
Calling the createInstallIntent would only open the file browser and nothing more. If there is no certificate stored in the files, this wouldn’t help any further and the user would need optain a certificate anyway from somewhere else.
But on downloading a certificate you are asked to install it anyway, so there is not really a point why a certificate should be downloaded and not installed. Either there is a certificate installed and the user can select it - or there is no certificate installed and the user needs to obtain it somehow.
So I can think of no proper usecase for calling the createInstallIntent there. Do you see any usecase where this could be useful? Otherwise I would also say that a short message is the best way for a user feedback in this case! -
Showing a small toast is certainly better then nothing, thanks @rfc2822
That said, I was wondering if we could get the old certificate chooser dialog back which would let one install a certificate directly. Has this functionality been removed completely?
-
@mbiebl said in certificate chooser broken in Android 10/11:
That said, I was wondering if we could get the old certificate chooser dialog back which would let one install a certificate directly. Has this functionality been removed completely?
I think they have completely moved the functionality to
createInstallIntent.@Patrick-Lang You have suggested https://gitlab.com/bitfireAT/davx5-ose/-/merge_requests/49 – Did you test whether this toast also appears when the selection is cancelled by the user? I wonder where there even is a reliable way to detect when no certificates are available.
-
@mbiebl said in certificate chooser broken in Android 10/11:
That said, I was wondering if we could get the old certificate chooser dialog back which would let one install a certificate directly. Has this functionality been removed completely?
I didn’t find anything that could have brought this chooser back.
However for experimental use I have tried the createInstallIntent(), I pushed the branch so you can check it out, but this branch was not meant to be merged:
https://gitlab.com/bitfireAT/davx5-ose/-/commit/a7883ee4cbcabbb0a9da38990956fa488a655d88@Patrick-Lang You have suggested https://gitlab.com/bitfireAT/davx5-ose/-/merge_requests/49 – Did you test whether this toast also appears when the selection is cancelled by the user? I wonder where there even is a reliable way to detect when no certificates are available.
You are right, this quick check would not check if a certficate is installed, but rather if a certificate was or could be selected. So also when there are certificates but the user refused with “Deny”, the message would appear.
I understand that it’s not super clean, but also not really wrong, the message just appears when the user clicks but then can’t or denies the selection of something. (The key for me is that you actually Deny the access to the certificate, the user would not click on cancel) -
@Patrick-Lang said in certificate chooser broken in Android 10/11:
https://gitlab.com/bitfireAT/davx5-ose/-/commit/a7883ee4cbcabbb0a9da38990956fa488a655d88
The approach with installIntent was now integrated as a Snackbar in the other Feature-Branch:
https://gitlab.com/bitfireAT/davx5-ose/-/commit/3b0b1f8b4298fdb66e5e15310eda45f4ce36cac9
I will delete the one from above now.
-
Thanks @Patrick-Lang
Tbh, I find this sentence in the dialog box a bit confusingYou can add a certificate from your local file storage. Would you like to add a certificate? Please add certificate again once your certificate is installed. -
@mbiebl
As I said this branch was just made for experimental reasons and not meant to be put into the actual version. No further review has been made on this and the branch is already deleted. -
Oh, ok. I thought this was going in the right direction.
Do you intend to rework and submit this as a PR at some point? -
@mbiebl said in certificate chooser broken in Android 10/11:
PR
The installIntent was added in a Snackbar for now, it was already merged into dev-3.x-ose. So basically there is a compromise now where a message is displayed but still the installIntent can be started by the user. I personally wouldn’t see the need for any further improvement there.
