final clean and implement same behavior on android

Author: vricosti

android/src/main/java/com/asterinet/react/tcpsocket/SSLCertificateHelper.java

@@ -81,7 +81,6 @@ static SSLServerSocketFactory createServerSocketFactory(Context context, @NonNul
     }
 
     static boolean hasIdentity(ReadableMap options) {
-        boolean hasId = false;
         try {
             final String keystoreName = options.hasKey("androidKeyStore") ?
                     options.getString("androidKeyStore") : KeyStore.getDefaultType();
@@ -92,13 +91,11 @@ static boolean hasIdentity(ReadableMap options) {
                 return false;
             }
 
-            // Get keystore instance
             KeyStore keyStore = KeyStore.getInstance(keystoreName);
             keyStore.load(null, null);
 
             // Check if key entry exists with its certificate chain
-            hasId = keyStore.isKeyEntry(keyAlias);
-            return hasId;
+            return keyStore.isKeyEntry(keyAlias);
         } catch (Exception e) {
             return false;
         }
@@ -151,37 +148,45 @@ static SSLSocketFactory createCustomTrustedSocketFactory(
             final KeystoreInfo keystoreInfo) throws IOException, GeneralSecurityException {
 
         SSLSocketFactory ssf = null;
-        if (optionResCert != null && optionResKey != null) {
-            final String keyStoreName = keystoreInfo.getKeystoreName().isEmpty() ?
+
+        KeyStore keyStore  = null;
+        final String keyStoreName = keystoreInfo.getKeystoreName().isEmpty() ?
                     KeyStore.getDefaultType() :
                     keystoreInfo.getKeystoreName();
-            KeyStore keyStore = KeyStore.getInstance(keyStoreName);
-            keyStore.load(null, null);
+        String keyAlias = keystoreInfo.getKeyAlias();
 
-            // Check if cert and key if already registered inside our keystore
-            // If one is missing we insert again
-            boolean hasCertInStore = keyStore.isCertificateEntry(keystoreInfo.getCertAlias());
-            boolean hasKeyInStore = keyStore.isKeyEntry(keystoreInfo.getKeyAlias());
-            if (!hasCertInStore || !hasKeyInStore) {
-                InputStream certInput = getResolvableinputStream(context, optionResCert);
-                Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(certInput);
-                keyStore.setCertificateEntry(keystoreInfo.getCertAlias(), cert);
-
-                InputStream keyInput = getResolvableinputStream(context, optionResKey);
-                PrivateKey privateKey = getPrivateKeyFromPEM(keyInput);
-                keyStore.setKeyEntry(keystoreInfo.getKeyAlias(), privateKey, null, new Certificate[]{cert});
+        // if user provides keyAlias without key it means an identity(cert+key) has already been
+        // inserted in keychain.
+        if (keyAlias != null && !keyAlias.isEmpty() && optionResKey == null) {
+            keyStore = KeyStore.getInstance(keyStoreName);
+            keyStore.load(null, null);
+            if (!keyStore.isKeyEntry(keyAlias)) {
+                keyStore = null;
             }
+        } else if (optionResCert != null && optionResKey != null) {
+            
+            keyStore = KeyStore.getInstance(keyStoreName);
+            keyStore.load(null, null);
 
-            boolean hasCaInStore = keyStore.isCertificateEntry(keystoreInfo.getCaAlias());
-            if (optionResCa != null && !hasCaInStore) {
+            InputStream certInput = getResolvableinputStream(context, optionResCert);
+            Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(certInput);
+            keyStore.setCertificateEntry(keystoreInfo.getCertAlias(), cert);
+
+            InputStream keyInput = getResolvableinputStream(context, optionResKey);
+            PrivateKey privateKey = getPrivateKeyFromPEM(keyInput);
+            keyStore.setKeyEntry(keystoreInfo.getKeyAlias(), privateKey, null, new Certificate[]{cert});
+
+            if (optionResCa != null) {
                 InputStream caInput = getResolvableinputStream(context, optionResCa);
                 // Generate the CA Certificate from the raw resource file
                 Certificate ca = CertificateFactory.getInstance("X.509").generateCertificate(caInput);
                 caInput.close();
                 // Load the key store using the CA
                 keyStore.setCertificateEntry(keystoreInfo.getCaAlias(), ca);
             }
-
+        } 
+        
+        if (keyStore != null) {
             // Initialize the KeyManagerFactory with this cert
             KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
             keyManagerFactory.init(keyStore, new char[0]);
@@ -190,15 +195,14 @@ static SSLSocketFactory createCustomTrustedSocketFactory(
             SSLContext sslContext = SSLContext.getInstance("TLS");
             sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{new BlindTrustManager()}, null);
             return sslContext.getSocketFactory();
-
         } else {
             // Keep old behavior
             InputStream caInput = getResolvableinputStream(context, optionResCa);
             // Generate the CA Certificate from the raw resource file
             Certificate ca = CertificateFactory.getInstance("X.509").generateCertificate(caInput);
             caInput.close();
             // Load the key store using the CA
-            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
             keyStore.load(null, null);
             keyStore.setCertificateEntry("ca", ca);
 

android/src/main/java/com/asterinet/react/tcpsocket/TcpSocketClient.java

@@ -87,9 +87,13 @@ private boolean containsKey(ReadableArray array, String key) {
         }
         return false;
     }
+
     private ResolvableOption getResolvableOption(ReadableMap tlsOptions, String key) {
         if (tlsOptions.hasKey(key)) {
             String value = tlsOptions.getString(key);
+            if (value == null || value.isEmpty()) {
+                return null;
+            }
             ReadableArray resolvedKeys = tlsOptions.hasKey("resolvedKeys") ? tlsOptions.getArray("resolvedKeys") : null;
             boolean needsResolution = resolvedKeys != null && containsKey(resolvedKeys, key);
             return new ResolvableOption(value, needsResolution);
@@ -110,7 +114,8 @@ private SSLSocketFactory getSSLSocketFactory(Context context, ReadableMap tlsOpt
         final KeystoreInfo keystoreInfo = new KeystoreInfo(keystoreName, caAlias, certAlias, keyAlias);
 
         if (tlsOptions.hasKey("rejectUnauthorized") && !tlsOptions.getBoolean("rejectUnauthorized")) {
-            if (customTlsKey != null && customTlsCert != null ) {
+            if ((customTlsKey != null && customTlsCert != null) ||
+                    (keyAlias != null && !keyAlias.isEmpty() && customTlsKey == null) ) {
                 ssf = SSLCertificateHelper.createCustomTrustedSocketFactory(
                         context,
                         customTlsCa,

ios/TcpSocketClient.m

@@ -229,11 +229,6 @@ - (void)startTLS:(NSDictionary *)tlsOptions {
         //RCTLogWarn(@"startTLS: Attempting client certificate authentication");
         NSString *pemCert = [resolvableCert resolve];
         NSString *pemKey = [resolvableKey resolve];
-
-//        RCTLogWarn(
-//                   @"startTLS: Resolved PEM cert exists: %@, PEM key exists: %@",
-//                   pemCert ? @"YES" : @"NO", pemKey ? @"YES" : @"NO");
-
         if (pemCert && pemKey) {
             myIdent = [self createIdentityWithCert:pemCert
                                         privateKey:pemKey
@@ -705,8 +700,6 @@ - (NSData *)extractRSAKeyFromPKCS8:(NSData *)pkcs8Data error:(NSError **)error {
 - (SecIdentityRef)createIdentityWithCert:(NSString *)pemCert
                               privateKey:(NSString *)pemKey
                                 settings:(NSDictionary *)settings {
-    RCTLogWarn(@"createIdentity: Starting identity creation");
-
     OSStatus status = -1;
     SecIdentityRef identity = NULL;
 
@@ -751,8 +744,7 @@ - (SecIdentityRef)createIdentityWithCert:(NSString *)pemCert
 
     NSDictionary *privateKeyAttributes = @{
         (__bridge id)kSecAttrKeyType : (__bridge id)kSecAttrKeyTypeRSA,
-        (__bridge id)kSecAttrKeyClass : (__bridge id)kSecAttrKeyClassPrivate,
-        //(__bridge id)kSecReturnPersistentRef : @YES
+        (__bridge id)kSecAttrKeyClass : (__bridge id)kSecAttrKeyClassPrivate
     };
     CFErrorRef error = NULL;
     SecKeyRef privateKey = SecKeyCreateWithData(
@@ -768,7 +760,6 @@ - (SecIdentityRef)createIdentityWithCert:(NSString *)pemCert
 
     NSDictionary *deleteKeyQuery = @{
         (__bridge id)kSecClass : (__bridge id)kSecClassKey,
-        //(__bridge id)kSecAttrKeyType : (__bridge id)kSecAttrKeyTypeRSA,
         (__bridge id)kSecAttrLabel: keyAlias
     };
     status = SecItemDelete((__bridge CFDictionaryRef)deleteKeyQuery);
@@ -798,8 +789,6 @@ - (SecIdentityRef)createIdentityWithCert:(NSString *)pemCert
     if (status != errSecSuccess || !identity) {
         RCTLogWarn(@"createIdentity: Failed to find identity, status: %d",
                    (int)status);
-    } else {
-        RCTLogWarn(@"createIdentity: Successfully found identity");
     }
 
     // Clean up

lib/types/Socket.d.ts

@@ -119,9 +119,8 @@ export default class Socket extends EventEmitter<SocketEvents & ReadableEvents,
     setTimeout(timeout: number, callback?: (() => void) | undefined): Socket;
     /**
      * @private
-     * @param {number} [timeout]
      */
-    private _activateTimer;
+    private _resetTimeout;
     /**
      * @private
      */