🎟️ Tracking

• GitHub Discussion: Add mTLS Support Discussion
• Feature Request: Implementing mTLS in the Bitwarden apps

📔 Objective

This PR implements client certificate authentication (mTLS) support for iOS app when connecting to self-hosted Bitwarden environments that require client certificates.

Key Features:

• PKCS#12 (.p12/.pfx) certificate import with password support
• Secure certificate storage independent of user login
• mTLS HTTP client integration for server authentication
• Certificate management UI integrated into self-hosted server configuration
• Comprehensive error handling and user feedback

Technical Implementation:

• ClientCertificateConfiguration model for certificate data and metadata
• ClientCertificateService for secure certificate management operations
• CertificateHTTPClient with URLSession delegate for mTLS authentication
• Global certificate storage using existing app settings infrastructure
• SwiftUI interface for certificate import, display, and removal

This enables users to authenticate with self-hosted Bitwarden servers that require client certificates for enhanced security.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags) - N/A: Feature is opt-in via certificate import
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements - N/A: No deployment changes needed
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

Key Areas for Review:

• 🔐 Security implementation of certificate storage and mTLS authentication
• 🎨 UI/UX integration with existing self-hosted configuration flow
• 📝 Error handling for various certificate import scenarios
• ⚡ Performance impact of certificate validation and HTTP client changes
• 🧪 Test coverage for certificate management workflows

Files to Focus On:

• ClientCertificateService.swift - Core certificate management logic
• CertificateHTTPClient.swift - mTLS HTTP client implementation
• SelfHostedView.swift - UI integration and user experience
• StateService.swift & AppSettingsStore.swift - Secure storage implementation

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes