refactor(android): distill TLS fingerprint prompt flow

2026-05-18 12:14:46 +00:00 · 2026-05-17 13:19:07 +00:00
parent 848e0486b7
commit 30263f6d35
1 changed files with 12 additions and 25 deletions
--- a/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/NodeRuntime.kt
@@ -1123,44 +1123,31 @@ class NodeRuntime(
        tls.expectedFingerprint
          ?.let(::normalizeGatewayTlsFingerprint)
          ?.takeIf { it.isNotBlank() }
-      if (expectedFingerprint == null) {
-        // First-time TLS: capture fingerprint, ask user to verify out-of-band, then store and connect.
-        _statusText.value = "Verify gateway TLS fingerprint…"
-        scope.launch {
-          val tlsProbe = tlsFingerprintProbe(endpoint.host, endpoint.port)
-          if (!isCurrentConnectAttempt(connectAttemptId)) return@launch
-          val fp =
-            tlsProbe.fingerprintSha256 ?: run {
-              _statusText.value = gatewayTlsProbeFailureMessage(tlsProbe.failure)
-              return@launch
-            }
-          val observedFingerprint =
-            normalizeGatewayTlsFingerprint(fp)
-              .takeIf { it.isNotBlank() }
-              ?: fp
-          _pendingGatewayTrust.value =
-            GatewayTrustPrompt(endpoint = endpoint, fingerprintSha256 = observedFingerprint, auth = auth)
-        }
-        return
-      }
-
      _statusText.value = "Verify gateway TLS fingerprint…"
      scope.launch {
        val tlsProbe = tlsFingerprintProbe(endpoint.host, endpoint.port)
        if (!isCurrentConnectAttempt(connectAttemptId)) return@launch
        val fp =
          tlsProbe.fingerprintSha256 ?: run {
-            connectAfterTlsCheck(endpoint = endpoint, auth = auth, connectAttemptId = connectAttemptId)
+            if (expectedFingerprint == null) {
+              _statusText.value = gatewayTlsProbeFailureMessage(tlsProbe.failure)
+            } else {
+              connectAfterTlsCheck(endpoint = endpoint, auth = auth, connectAttemptId = connectAttemptId)
+            }
            return@launch
          }
-        val observedFingerprint = normalizeGatewayTlsFingerprint(fp)
-        if (observedFingerprint != expectedFingerprint) {
+        val observedFingerprint =
+          normalizeGatewayTlsFingerprint(fp)
+            .takeIf { it.isNotBlank() }
+            ?: fp
+        val previousFingerprint = expectedFingerprint?.takeUnless { it == observedFingerprint }
+        if (expectedFingerprint == null || previousFingerprint != null) {
          _pendingGatewayTrust.value =
            GatewayTrustPrompt(
              endpoint = endpoint,
              fingerprintSha256 = observedFingerprint,
              auth = auth,
-              previousFingerprintSha256 = expectedFingerprint,
+              previousFingerprintSha256 = previousFingerprint,
            )
          return@launch
        }