Allow system & self-signed CA

[KalyaSc]

Hi there :)

First, Thanks for maintaining this project and keeping it alive.

...1) Issue I'm trying to solve with this pull requests

RiMusic's piped integration doesn't allow self-signed CA for self-hosted instances.

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

...2) Proposed solution

Following the guidelines on developer.android.com:

• Add a network security configuration file res/xml/network_security_config.xml with the following configuration:

<base-config cleartextTrafficPermitted="false">
<certificates src="system" />
<certificates src="user" />

• Add android:networkSecurityConfig="@xml/network_security_config" to the application element in the AndroidManifest.xml

...3) Results

After rebuilding a signed APK app with the fossRelease build variant, I could successfully connect to my custom Piped instance with self-signed CA and custom local domain.

---

I know this is probably very niche and doesn't add much to the core application itself, however, this is a nice feature for the self-hosting community enthusiasts ! Domains are cheap nowadays and SSL certificates are easy to maintain with let's encrypt, I get that, but that leaves out the fun, learning process and gives you back control over your own infrastructure. I never expose any self-signed CA to the world and only access all my services via VPN, have my own personal mini-CA with intermediate CA/certificates, OCSP and CRL services.

Beside the warning given by Android Studio concerning user certificates (eavesdropping) this only concerns the communication from my own devices. Also, a lot of critical applications (Bitwarden) have this similar/same configuration and allow self-signed CA/certificates (Findroid, DAVx5, HTTP Shortcuts, jtx Board, LibreTube...)

---

Side notes: I hope this pull request doesn't comes out wrong, I'm not a dev or anyhow related to this complicated/frustrating world. I'm just a passionate tinkerer and playing around with a lot of IT stuff. And OH MY is android studio frustrating... Took me 3hours to make sense of cryptic errors thrown into my face, when the actual error was just a space in my directory path...

If for some reason this isn't a valid pull request just let me know so I can learn from my mistakes !

Thank you.

[fast4x]

ahahahahaha Android Studio frustrated LOL.
Anyway, congratulations for the research and the modification you did.
You touch on a sensitive topic which is security, since RiMusic is a software developed by passionate programmers I find your request clear. You also justified and valorized it because you disabled the traffic in clear, while allowing the connection on self hosted servers.

I only ask you one thing, try to search for a song, album or other in the RiMusic online search and see if everything plays without errors. Give me feedback please.

Thanks to you for your interest.

[fast4x]

Merged

[KalyaSc]

Thank you for merging my pull request !!!

Sorry for the late response, I was banging my head with Android Studio to refactor the application name to get a side by side comparison (took more time than expected, but wasn't an Android studio issue though).

While I was doing my thing for hours, I kept the recompiled version playing in the background and did most of the interaction available in RiMusic:

• Search/play songs/album/artist ✅
• Create new playlist/add song to new playlist ✅
• Open playlist from self-hosted piped instance + add song ✅
• Bookmarking albums/songs ✅
• Changing a few settings ✅
• Enable debug mode ✅
• Backup & restore database ✅
• ....

Couldn't see/observe any issue on my recompiled application, but you probably already know that otherwise this pull request wouldn't be merged :).

If there's something else I can do/provide/test just give me a sign 👍

[fast4x]

Thanks, all works as expected.