fix(Windows): Revert to using the built-in cert provider

AChep · AChep · commit 5c3975c4fe64 · 2026-01-24T11:42:38.000+02:00
diff --git a/common/src/jvmMain/kotlin/com/artemchep/keyguard/crypto/ssl/TrustManager.kt b/common/src/jvmMain/kotlin/com/artemchep/keyguard/crypto/ssl/TrustManager.kt
@@ -19,6 +19,10 @@ fun OkHttpClient.Builder.installMacOsTrustManager() = installHybridTrustManager
     getMacOsTrustManager()
 }
 
+fun OkHttpClient.Builder.installWindowsTrustManager() = installHybridTrustManager {
+    getWindowsTrustManager()
+}
+
 private inline fun OkHttpClient.Builder.installHybridTrustManager(
     fallback: () -> X509TrustManager = { getDefaultTrustManager() },
     primary: () -> X509TrustManager,
@@ -55,6 +59,16 @@ private fun getMacOsTrustManager() = run {
     appleTm
 }
 
+private fun getWindowsTrustManager() = run {
+    val winFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm())
+    val winKeyStore = KeyStore.getInstance("Windows-MY")
+    winKeyStore.load(null, null)
+    winFactory.init(winKeyStore)
+    val winTm = winFactory.trustManagers
+        .first { it is X509TrustManager } as X509TrustManager
+    winTm
+}
+
 /**
  * A TrustManager that delegates to a primary manager, and falls back
  * to a secondary manager if the primary fails validation.
@@ -65,8 +79,10 @@ private class HybridTrustManager(
 ) : X509TrustManager {
     override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
         try {
+            println("??? BEFORE")
             primary.checkServerTrusted(chain, authType)
         } catch (_: CertificateException) {
+            println("??? CHECK FAILED")
             secondary.checkServerTrusted(chain, authType)
         }
     }
diff --git a/desktopApp/build.gradle.kts b/desktopApp/build.gradle.kts
@@ -101,27 +101,6 @@ compose.desktop {
             jvmArgs(
                 "-Dapple.awt.application.appearance=system",
             )
-
-            // Support system Keychain as trust store:
-            // https://github.com/AChep/keyguard-app/issues/1227
-            val platformJvmArgs = when {
-                Os.isFamily(Os.FAMILY_MAC) -> {
-                    // We resort to runtime trust manager:
-                    // - KeychainStore      is empty.
-                    // - KeychainStore-ROOT does not exist.
-                    arrayOf(
-                    )
-                }
-                Os.isFamily(Os.FAMILY_WINDOWS) -> {
-                    arrayOf(
-                        "-Djavax.net.ssl.trustStore=NONE",
-                        "-Djavax.net.ssl.trustStoreType=Windows-ROOT",
-                    )
-                }
-                else -> arrayOf()
-            }
-            jvmArgs(*platformJvmArgs)
-
             includeAllModules = true
             val formats = listOfNotNull(
                 TargetFormat.Dmg,
