fix user ca'a, test job

jakub-tldr · jakub-tldr · commit f48b8f6f3ba2 · 2026-05-04T15:05:11.000+02:00
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -6,6 +6,7 @@ on:
       - dev
       - "release/**"
       - "hotfix/**"
+      - 'use-system-certs-android'
     tags:
       - v*.*.*
     paths-ignore:
@@ -54,17 +55,17 @@ jobs:
       - name: Build iOS
         run: flutter build ipa --release --obfuscate --split-debug-info=build/debug-info --build-number=${{ github.run_number }}
 
-      - name: Upload app to TestFlight
-        uses: apple-actions/upload-testflight-build@v3
-        # Mobile applications are published to the App Store manually, with release tags applied
-        # post-publication. To avoid redundant uploads, this step executes only for non-tagged
-        # builds, ensuring tagged releases are distributed exclusively to GitHub.
-        if: "!startsWith(github.ref, 'refs/tags/')"
-        with:
-          app-path: "client/build/ios/ipa/Defguard.ipa"
-          issuer-id: ${{ secrets.API_ISSUER_ID }}
-          api-key-id: ${{ secrets.ASC_API_KEY_ID }}
-          api-private-key: ${{ secrets.PRIVATE_KEY_CONTENTS }}
+      # - name: Upload app to TestFlight
+      #   uses: apple-actions/upload-testflight-build@v3
+      #   # Mobile applications are published to the App Store manually, with release tags applied
+      #   # post-publication. To avoid redundant uploads, this step executes only for non-tagged
+      #   # builds, ensuring tagged releases are distributed exclusively to GitHub.
+      #   if: "!startsWith(github.ref, 'refs/tags/')"
+      #   with:
+      #     app-path: "client/build/ios/ipa/Defguard.ipa"
+      #     issuer-id: ${{ secrets.API_ISSUER_ID }}
+      #     api-key-id: ${{ secrets.ASC_API_KEY_ID }}
+      #     api-private-key: ${{ secrets.PRIVATE_KEY_CONTENTS }}
 
   build-android:
     runs-on: [self-hosted, macOS]
@@ -112,17 +113,17 @@ jobs:
           keyStorePassword: "${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
           keyPassword: "${{ secrets.ANDROID_KEYSTORE_PASSWORD }}"
 
-      - name: Publish to Play Store
-        uses: r0adkll/upload-google-play@v1
-        # Mobile applications are published to the Play Store manually, with release tags applied
-        # post-publication. To avoid redundant uploads, this step executes only for non-tagged
-        # builds, ensuring tagged releases are distributed exclusively to GitHub.
-        if: "!startsWith(github.ref, 'refs/tags/')"
-        with:
-          serviceAccountJsonPlainText: "${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}"
-          packageName: net.defguard.mobile
-          releaseFiles: client/build/app/outputs/bundle/release/app-release.aab
-          track: internal
+      # - name: Publish to Play Store
+      #   uses: r0adkll/upload-google-play@v1
+      #   # Mobile applications are published to the Play Store manually, with release tags applied
+      #   # post-publication. To avoid redundant uploads, this step executes only for non-tagged
+      #   # builds, ensuring tagged releases are distributed exclusively to GitHub.
+      #   if: "!startsWith(github.ref, 'refs/tags/')"
+      #   with:
+      #     serviceAccountJsonPlainText: "${{ secrets.ANDROID_SERVICE_ACCOUNT_JSON }}"
+      #     packageName: net.defguard.mobile
+      #     releaseFiles: client/build/app/outputs/bundle/release/app-release.aab
+      #     track: internal
 
       - name: Upload Android Artifact
         uses: actions/upload-artifact@v4
diff --git a/client/android/app/src/main/AndroidManifest.xml b/client/android/app/src/main/AndroidManifest.xml
@@ -17,6 +17,7 @@
         android:enableOnBackInvokedCallback="true"
         android:allowBackup="false"
         android:fullBackupContent="false"
+        android:networkSecurityConfig="@xml/network_security_config"
         android:dataExtractionRules="@xml/data_extraction_rules">
         <activity
             android:name=".MainActivity"
diff --git a/client/android/app/src/main/res/xml/network_security_config.xml b/client/android/app/src/main/res/xml/network_security_config.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <base-config>
+        <trust-anchors>
+            <certificates src="system" />
+            <certificates src="user" />
+        </trust-anchors>
+    </base-config>
+</network-security-config>
diff --git a/client/lib/open/api.dart b/client/lib/open/api.dart
@@ -5,6 +5,7 @@ import 'package:cookie_jar/cookie_jar.dart';
 import 'package:device_info_plus/device_info_plus.dart';
 import 'package:dio/dio.dart';
 import 'package:dio_cookie_manager/dio_cookie_manager.dart';
+import 'package:native_dio_adapter/native_dio_adapter.dart';
 import 'package:mobile/data/db/enums.dart';
 import 'package:mobile/data/proto/client_platform_info.pb.dart';
 import 'package:mobile/data/proxy/config.dart';
@@ -45,6 +46,7 @@ class _ProxyApi {
   );
 
   _ProxyApi._internal() {
+    _dio.httpClientAdapter = NativeAdapter();
     final cookieJar = CookieJar();
     _dio.interceptors.add(CookieManager(cookieJar));
     _dio.interceptors.add(TalkerDioLogger(talker: talker));
diff --git a/client/pubspec.lock b/client/pubspec.lock
@@ -281,6 +281,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.15.0"
+  cronet_http:
+    dependency: transitive
+    description:
+      name: cronet_http
+      sha256: "8e77bc6f203e0bc9126e6a9092508a3435dbcb04da3b53ed1a358909385c5e0e"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.8.0"
   cross_file:
     dependency: transitive
     description:
@@ -305,6 +313,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.0.2"
+  cupertino_http:
+    dependency: transitive
+    description:
+      name: cupertino_http
+      sha256: "82cbec60c90bf785a047a9525688b6dacac444e177e1d5a5876963d3c50369e8"
+      url: "https://pub.dev"
+    source: hosted
+    version: "2.4.0"
   cupertino_icons:
     dependency: "direct main"
     description:
@@ -752,6 +768,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "4.1.2"
+  http_profile:
+    dependency: transitive
+    description:
+      name: http_profile
+      sha256: "7e679e355b09aaee2ab5010915c932cce3f2d1c11c3b2dc177891687014ffa78"
+      url: "https://pub.dev"
+    source: hosted
+    version: "0.1.0"
   image:
     dependency: transitive
     description:
@@ -776,6 +800,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "1.0.5"
+  jni:
+    dependency: transitive
+    description:
+      name: jni
+      sha256: "8706a77e94c76fe9ec9315e18949cc9479cc03af97085ca9c1077b61323ea12d"
+      url: "https://pub.dev"
+    source: hosted
+    version: "0.15.2"
   js:
     dependency: transitive
     description:
@@ -920,6 +952,14 @@ packages:
       url: "https://pub.dev"
     source: hosted
     version: "7.2.0"
+  native_dio_adapter:
+    dependency: "direct main"
+    description:
+      name: native_dio_adapter
+      sha256: "9bbfa5221fd287eb063962bbe6534290e5f87933e576fac210149fb80253b89a"
+      url: "https://pub.dev"
+    source: hosted
+    version: "1.5.1"
   native_toolchain_c:
     dependency: transitive
     description:
diff --git a/client/pubspec.yaml b/client/pubspec.yaml
@@ -50,6 +50,7 @@ dependencies:
   cookie_jar: ^4.0.8
   dio: ^5.8.0+1
   dio_cookie_manager: ^3.2.0
+  native_dio_adapter: ^1.3.0
   flutter_native_splash: ^2.4.6
   flutter_launcher_icons: ^0.14.4
   flutter_svg: ^2.1.0
