fix(android): trust private LAN credentials

2026-06-14 17:23:00 +00:00 · 2026-05-28 09:56:49 +05:30
parent 5f3d6cde19
commit 771ddcf184
3 changed files with 5 additions and 9 deletions
--- a/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/gateway/GatewaySession.kt
@@ -632,7 +632,7 @@ class GatewaySession(

    private fun shouldPersistBootstrapHandoffTokens(authSource: GatewayConnectAuthSource): Boolean {
      if (authSource != GatewayConnectAuthSource.BOOTSTRAP_TOKEN) return false
-      if (isLoopbackGatewayHost(endpoint.host)) return true
+      if (isLocalCleartextGatewayHost(endpoint.host)) return true
      return tls != null
    }

@@ -1212,9 +1212,7 @@ class GatewaySession(
    endpoint: GatewayEndpoint,
    tls: GatewayTlsParams?,
  ): Boolean {
-    if (isLoopbackGatewayHost(endpoint.host)) {
-      return true
-    }
+    if (isLocalCleartextGatewayHost(endpoint.host)) return true
    return tls?.expectedFingerprint?.trim()?.isNotEmpty() == true
  }
 }
--- a/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt
+++ b/apps/android/app/src/main/java/ai/openclaw/app/node/ConnectionManager.kt
@@ -44,6 +44,7 @@ class ConnectionManager(
        }

      if (isManual) {
+        if (!manualTlsEnabled && cleartextAllowedHost) return null
        if (!stored.isNullOrBlank()) {
          return GatewayTlsParams(
            required = true,
@@ -52,7 +53,6 @@ class ConnectionManager(
            stableId = stableId,
          )
        }
-        if (!manualTlsEnabled && cleartextAllowedHost) return null
        return GatewayTlsParams(
          required = true,
          expectedFingerprint = null,
--- a/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt
+++ b/apps/android/app/src/test/java/ai/openclaw/app/node/ConnectionManagerTest.kt
@@ -123,7 +123,7 @@ class ConnectionManagerTest {
  }

  @Test
-  fun resolveTlsParamsForEndpoint_manualPrivateLanPreservesStoredPin() {
+  fun resolveTlsParamsForEndpoint_manualPrivateLanCleartextCanOverrideStoredPin() {
    val endpoint = GatewayEndpoint.manual(host = "192.168.1.20", port = 18789)

    val params =
@@ -133,9 +133,7 @@ class ConnectionManagerTest {
        manualTlsEnabled = false,
      )

-    assertEquals(true, params?.required)
-    assertEquals("pinned", params?.expectedFingerprint)
-    assertEquals(false, params?.allowTOFU)
+    assertNull(params)
  }

  @Test