Self-signed Certificates

This section describes how to configure the application to interact with services utilising self-signed certificates.

1. Open the build.gradle.kts file of the "core-logic" module.
2. In the "dependencies" block add the following two:

   implementation(libs.ktor.android)
   implementation(libs.ktor.logging)
   

3. Now, you need to create a new Kotlin file ProvideKtorHttpClient.kt and place it into the src\main\java\eu\europa\ec\corelogic\config package.
4. Copy and paste the following code into your newly created ProvideKtorHttpClient.kt file.

   import android.annotation.SuppressLint
   import io.ktor.client.HttpClient
   import io.ktor.client.engine.android.Android
   import io.ktor.client.plugins.logging.Logging
   import java.security.SecureRandom
   import javax.net.ssl.HostnameVerifier
   import javax.net.ssl.SSLContext
   import javax.net.ssl.TrustManager
   import javax.net.ssl.X509TrustManager
   import javax.security.cert.CertificateException
   
   object ProvideKtorHttpClient {
   
       @SuppressLint("TrustAllX509TrustManager", "CustomX509TrustManager")
       fun client(): HttpClient {
           val trustAllCerts = arrayOf<TrustManager>(
               object : X509TrustManager {
                   @Throws(CertificateException::class)
                   override fun checkClientTrusted(
                       chain: Array<java.security.cert.X509Certificate>,
                       authType: String
                   ) {
                   }
   
                   @Throws(CertificateException::class)
                   override fun checkServerTrusted(
                       chain: Array<java.security.cert.X509Certificate>,
                       authType: String
                   ) {
                   }
   
                   override fun getAcceptedIssuers(): Array<java.security.cert.X509Certificate> {
                       return arrayOf()
                   }
               }
           )
   
           return HttpClient(Android) {
               install(Logging)
               engine {
                   requestConfig
                   sslManager = { httpsURLConnection ->
                       httpsURLConnection.sslSocketFactory = SSLContext.getInstance("TLS").apply {
                           init(null, trustAllCerts, SecureRandom())
                       }.socketFactory
                       httpsURLConnection.hostnameVerifier = HostnameVerifier { _, _ -> true }
                   }
               }
           }
       }
   
   }
   

5. Also, add this custom HttpClient to the EUDI Wallet provider function provideEudiWallet located in LogicCoreModule.kt

   @Single
   fun provideEudiWallet(
   context: Context,
   walletCoreConfig: WalletCoreConfig,
   walletCoreLogController: WalletCoreLogController
   ): EudiWallet = EudiWallet(context, walletCoreConfig.config) {
       withLogger(walletCoreLogController)
       // Custom HttpClient
       withKtorHttpClientFactory {
           ProvideKtorHttpClient.client()
       }
   }
   

6. Finally, you need to use the preregistered clientId scheme instead of X509.

Change this:

withClientIdSchemes(
 listOf(ClientIdScheme.X509SanDns)
)
 ```

into something like this:
```Kotlin
withClientIdSchemes(
 listOf(
     ClientIdScheme.Preregistered(
         preregisteredVerifiers =
             listOf(
                 PreregisteredVerifier(
                     clientId = "Verifier",
                     legalName = "Verifier",
                     verifierApi = "https://10.0.2.2"
                 )
             )
         )
     )
)