Add ThreadLocal for last server certificate in AdvancedX509TrustManager and update RemoteOperationResult to utilize it for SSL exceptions

zerox80 · zerox80 · commit 21f5f1d3df5d · 2026-04-02T18:47:43.000+02:00
diff --git a/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/network/AdvancedX509TrustManager.java b/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/network/AdvancedX509TrustManager.java
@@ -84,11 +84,16 @@ public void checkClientTrusted(X509Certificate[] certificates, String authType)
         mStandardTrustManager.checkClientTrusted(certificates, authType);
     }
 
+    public static final ThreadLocal<X509Certificate> sLastCert = new ThreadLocal<>();
+
     /**
      * @see javax.net.ssl.X509TrustManager#checkServerTrusted(X509Certificate[],
      * String authType)
      */
     public void checkServerTrusted(X509Certificate[] certificates, String authType) {
+        if (certificates != null && certificates.length > 0) {
+            sLastCert.set(certificates[0]);
+        }
         if (!isKnownServer(certificates[0])) {
             CertificateCombinedException result = new CertificateCombinedException(certificates[0]);
             try {
diff --git a/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/operations/RemoteOperationResult.java b/opencloudComLibrary/src/main/java/eu/opencloud/android/lib/common/operations/RemoteOperationResult.java
@@ -32,6 +32,7 @@
 import eu.opencloud.android.lib.common.accounts.AccountUtils;
 import eu.opencloud.android.lib.common.http.HttpConstants;
 import eu.opencloud.android.lib.common.http.methods.HttpBaseMethod;
+import eu.opencloud.android.lib.common.network.AdvancedX509TrustManager;
 import eu.opencloud.android.lib.common.network.CertificateCombinedException;
 import okhttp3.Headers;
 import org.apache.commons.lang3.exception.ExceptionUtils;
@@ -148,8 +149,10 @@ public RemoteOperationResult(Exception e) {
 
         } else if (e instanceof SSLException || e instanceof RuntimeException) {
             if (e instanceof SSLPeerUnverifiedException) {
+                java.security.cert.X509Certificate lastCert = AdvancedX509TrustManager.sLastCert.get();
+                AdvancedX509TrustManager.sLastCert.remove();
                 CertificateCombinedException sslPeerUnverifiedException =
-                        new CertificateCombinedException(null);
+                        new CertificateCombinedException(lastCert);
                 sslPeerUnverifiedException.setSslPeerUnverifiedException((SSLPeerUnverifiedException) e);
                 sslPeerUnverifiedException.initCause(e);
                 mException = sslPeerUnverifiedException;
