From 662210b168ee04f40c6dc019cdb8747771e5532e Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Fri, 21 Jun 2024 13:35:50 +0530
Subject: [PATCH 1/3] [auth] Potential fix for invalid handshake error

---
 auth/lib/core/network.dart         | 15 +++++++
 auth/lib/core/win_http_client.dart | 63 ++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 auth/lib/core/win_http_client.dart

diff --git a/auth/lib/core/network.dart b/auth/lib/core/network.dart
index c14c9e758b..0efa09fb5d 100644
--- a/auth/lib/core/network.dart
+++ b/auth/lib/core/network.dart
@@ -1,8 +1,10 @@
 import 'dart:io';
 
 import 'package:dio/dio.dart';
+import 'package:dio/io.dart';
 import 'package:ente_auth/core/configuration.dart';
 import 'package:ente_auth/core/event_bus.dart';
+import 'package:ente_auth/core/win_http_client.dart';
 import 'package:ente_auth/events/endpoint_updated_event.dart';
 import 'package:ente_auth/utils/package_info_util.dart';
 import 'package:ente_auth/utils/platform_util.dart';
@@ -50,6 +52,19 @@ class Network {
         },
       ),
     );
+    if (Platform.isWindows) {
+      final customHttpClient = windowsHttpClient();
+      _enteDio.httpClientAdapter = IOHttpClientAdapter(
+        createHttpClient: () {
+          return customHttpClient;
+        },
+      );
+      _dio.httpClientAdapter = IOHttpClientAdapter(
+        createHttpClient: () {
+          return customHttpClient;
+        },
+      );
+    }
     _setupInterceptors(endpoint);
 
     Bus.instance.on<EndpointUpdatedEvent>().listen((event) {
diff --git a/auth/lib/core/win_http_client.dart b/auth/lib/core/win_http_client.dart
new file mode 100644
index 0000000000..a193af1174
--- /dev/null
+++ b/auth/lib/core/win_http_client.dart
@@ -0,0 +1,63 @@
+import 'dart:convert';
+import 'dart:io';
+
+/*
+Reference from
+https://github.com/realm/realm-dart/blob/main/packages/realm_dart/lib/src/handles/native/default_client.dart
+https://github.com/realm/realm-dart/pull/1378
+ */
+HttpClient windowsHttpClient() {
+  const isrgRootX1CertPEM = // The root certificate used by lets encrypt
+      '''
+subject=CN=ISRG Root X1,O=Internet Security Research Group,C=US
+issuer=CN=DST Root CA X3,O=Digital Signature Trust Co.
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----''';
+
+  if (Platform.isWindows) {
+    final context = SecurityContext(withTrustedRoots: true);
+    try {
+      context.setTrustedCertificatesBytes(
+        const AsciiEncoder().convert(isrgRootX1CertPEM),
+      );
+      return HttpClient(context: context);
+    } on TlsException catch (e) {
+      // certificate is already trusted. Nothing to do here
+      if (e.osError?.message.contains("CERT_ALREADY_IN_HASH_TABLE") != true) {
+        rethrow;
+      } else {
+        return HttpClient();
+      }
+    }
+  }
+  throw UnsupportedError("This platform is not supported");
+}

From 2e53dcca0027cca0530539966a24eded668f0ce3 Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Sat, 22 Jun 2024 16:47:53 +0530
Subject: [PATCH 2/3] Add logs

---
 auth/lib/core/win_http_client.dart | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/auth/lib/core/win_http_client.dart b/auth/lib/core/win_http_client.dart
index a193af1174..61072d47a0 100644
--- a/auth/lib/core/win_http_client.dart
+++ b/auth/lib/core/win_http_client.dart
@@ -1,6 +1,8 @@
 import 'dart:convert';
 import 'dart:io';
 
+import 'package:flutter/foundation.dart';
+
 /*
 Reference from
 https://github.com/realm/realm-dart/blob/main/packages/realm_dart/lib/src/handles/native/default_client.dart
@@ -49,8 +51,11 @@ Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
       context.setTrustedCertificatesBytes(
         const AsciiEncoder().convert(isrgRootX1CertPEM),
       );
+      debugPrint("Certificate added to trusted certificates");
       return HttpClient(context: context);
     } on TlsException catch (e) {
+      debugPrint(
+          "Error adding certificate to trusted certificates: ${e.osError?.message}");
       // certificate is already trusted. Nothing to do here
       if (e.osError?.message.contains("CERT_ALREADY_IN_HASH_TABLE") != true) {
         rethrow;

From 316a5e72091d786791aab6baae9b612d1cea508e Mon Sep 17 00:00:00 2001
From: Neeraj Gupta <254676+ua741@users.noreply.github.com>
Date: Sat, 22 Jun 2024 16:48:16 +0530
Subject: [PATCH 3/3] [auth] Bump version

---
 auth/pubspec.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth/pubspec.yaml b/auth/pubspec.yaml
index ba335b6960..fceca0c112 100644
--- a/auth/pubspec.yaml
+++ b/auth/pubspec.yaml
@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 3.0.14+314
+version: 3.0.15+315
 publish_to: none
 
 environment: