fix checkTrustedChallenge [rollback] + host

Signed-off-by: marinofaggiana <marino@marinofaggiana.com>

iOSClient/AppDelegate.swift

@@ -552,9 +552,12 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
         }
         
         // check certificate untrusted (-1202)
-        if CCUtility.getCertificateError(account) {
+        let currentHost = URL(string: self.urlBase)?.host
+        let pushNotificationServerProxyHost = URL(string: NCBrandOptions.shared.pushNotificationServerProxy)?.host
+        if let host = CCUtility.getCertificateError(account), host == currentHost || host == pushNotificationServerProxyHost {
             
-            let alertController = UIAlertController(title: NSLocalizedString("_ssl_certificate_changed_", comment: ""), message: NSLocalizedString("_server_is_trusted_", comment: ""), preferredStyle: .alert)
+            let title = String.localizedStringWithFormat(NSLocalizedString("_ssl_certificate_changed_", comment: ""), host)
+            let alertController = UIAlertController(title: title, message: NSLocalizedString("_server_is_trusted_", comment: ""), preferredStyle: .alert)
                         
             alertController.addAction(UIAlertAction(title: NSLocalizedString("_yes_", comment: ""), style: .default, handler: { action in
                 NCNetworking.shared.writeCertificate(url: self.urlBase)
@@ -570,6 +573,7 @@ class AppDelegate: UIResponder, UIApplicationDelegate, UNUserNotificationCenterD
                 if let navigationController = UIStoryboard(name: "NCViewCertificateDetails", bundle: nil).instantiateInitialViewController() as? UINavigationController {
                     let viewController = navigationController.topViewController as! NCViewCertificateDetails
                     viewController.delegate = self
+                    viewController.host = host
                     self.window?.rootViewController?.present(navigationController, animated: true)
                 }
             }))

iOSClient/Networking/NCNetworking.swift

@@ -210,7 +210,7 @@ import Queuer
                     if !trusted && !trustedV2 {
                         #if !EXTENSION
                         DispatchQueue.main.async {
-                            CCUtility.setCertificateError((UIApplication.shared.delegate as! AppDelegate).account)
+                            CCUtility.setCertificateError((UIApplication.shared.delegate as! AppDelegate).account, host:host)
                         }
                         #endif
                     }

iOSClient/Networking/NCNetworkingE2EE.swift

@@ -327,7 +327,9 @@ import Alamofire
                             
                             } else if errorCode == Int(CFNetworkErrors.cfurlErrorServerCertificateUntrusted.rawValue) {
                             
-                                CCUtility.setCertificateError(metadata.account)
+                                if let host = URL(string: metadata.urlBase)?.host {
+                                    CCUtility.setCertificateError(metadata.account, host: host)
+                                }
                                 NCManageDatabase.shared.setMetadataSession(ocId: metadata.ocId, session: nil, sessionError: errorDescription, sessionTaskIdentifier: 0, status: NCGlobal.shared.metadataStatusUploadError)
                                                     
                             } else {

iOSClient/Security/NCViewCertificateDetails.swift

@@ -39,6 +39,7 @@ class NCViewCertificateDetails: UIViewController  {
     @IBOutlet weak var textView: UITextView!
 
     public var delegate: NCViewCertificateDetailsDelegate?
+    public var host: String?
 
     // MARK: - View Life Cycle
 
@@ -50,7 +51,10 @@ class NCViewCertificateDetails: UIViewController  {
         buttonCancel.title = NSLocalizedString("_close_", comment: "")
         
         let directoryCertificate = CCUtility.getDirectoryCerificates()!
-        let certificatePath = directoryCertificate + "/" + NCGlobal.shared.certificateTmpV2 + ".txt"
+        var certificatePath = directoryCertificate + "/" + NCGlobal.shared.certificateTmpV2 + ".txt"
+        if let host = host {
+            certificatePath = directoryCertificate + "/" + host + ".der"
+        }
         if FileManager.default.fileExists(atPath: certificatePath) {
             do {
                 let text = try String(contentsOfFile: certificatePath, encoding: .utf8)

iOSClient/Supporting Files/en.lproj/Localizable.strings

@@ -736,8 +736,8 @@
 "_unknow_response_server_"              = "Unexpected response from server";
 "_user_authentication_required_"        = "User authentication required";
 "_file_directory_locked_"               = "File or directory locked";
-"_ssl_certificate_untrusted_"           = "The certificate for this server is invalid";
-"_ssl_certificate_changed_"             = "The certificate for this server seems to have changed";
+"_ssl_certificate_untrusted_"           = "The certificate for %@ is invalid";
+"_ssl_certificate_changed_"             = "The certificate for %@ seems to have changed";
 "_internal_server_"                     = "Internal server error";
 "_file_already_exists_"                 = "Could not complete the operation, a file with the same name exists";
 "_file_folder_not_exists_"              = "The source file wasn't found at the specified path";

iOSClient/Utility/CCUtility.h

@@ -146,8 +146,8 @@
 
 + (NSData *)getDatabaseEncryptionKey;
 
-+ (BOOL)getCertificateError:(NSString *)account;
-+ (void)setCertificateError:(NSString *)account;
++ (NSString *)getCertificateError:(NSString *)account;
++ (void)setCertificateError:(NSString *)account host:(NSString *)host;
 + (void)clearCertificateError:(NSString *)account;
 
 + (BOOL)getDisableLocalCacheAfterUpload;

iOSClient/Utility/CCUtility.m

@@ -550,19 +550,13 @@
     [UICKeyChainStore setData:data forKey:@"databaseEncryptionKey" service:NCGlobal.shared.serviceShareKeyChain];
 }
 
-+ (BOOL)getCertificateError:(NSString *)account
++ (NSString *)getCertificateError:(NSString *)account
 {
     NSString *key = [@"certificateError" stringByAppendingString:account];
-    NSString *error = [UICKeyChainStore stringForKey:key service:NCGlobal.shared.serviceShareKeyChain];
-    
-    if (error == nil) {
-        return false;
-    }
-    
-    return true;
+    return [UICKeyChainStore stringForKey:key service:NCGlobal.shared.serviceShareKeyChain];
 }
 
-+ (void)setCertificateError:(NSString *)account
++ (void)setCertificateError:(NSString *)account host:(NSString *)host
 {
     // In background do not write the error
 #if !defined(EXTENSION)
@@ -572,7 +566,7 @@
     }
     NSString *key = [@"certificateError" stringByAppendingString:account];
     
-    [UICKeyChainStore setString:@"true" forKey:key service:NCGlobal.shared.serviceShareKeyChain];
+    [UICKeyChainStore setString:host forKey:key service:NCGlobal.shared.serviceShareKeyChain];
 #else
     return;
 #endif