From 91ab175ed1971b1be9954842d53324c7b6a6e656 Mon Sep 17 00:00:00 2001
From: Marten Rebane <54431068+martenrebane@users.noreply.github.com>
Date: Mon, 9 Oct 2023 20:04:36 +0300
Subject: [PATCH] Added proxy functionality

---
 app/build.gradle                              |   1 +
 .../main/diagnostics/DiagnosticsView.java     |  59 +++-
 .../main/settings/SettingsDataStore.java      | 115 ++++++++
 .../android/main/settings/SettingsView.java   |  15 +-
 .../settings/proxy/SettingsProxyScreen.java   |  44 +++
 .../settings/proxy/SettingsProxyView.java     | 256 ++++++++++++++++++
 .../signature/update/SignatureAddSource.java  |   9 +-
 .../update/mobileid/MobileIdOnSubscribe.java  |  25 +-
 .../update/smartid/SmartIdOnSubscribe.java    |  28 +-
 app/src/main/res/layout/main_settings.xml     |  29 +-
 .../main/res/layout/main_settings_proxy.xml   | 208 ++++++++++++++
 app/src/main/res/values-et/strings.xml        |   9 +
 app/src/main/res/values-ru/strings.xml        |   9 +
 app/src/main/res/values/ids.xml               |  14 +-
 app/src/main/res/values/strings.xml           |   9 +
 build.gradle                                  |   1 +
 .../ee/ria/DigiDoc/common/ManualProxy.java    |  47 ++++
 .../ee/ria/DigiDoc/common/ProxyConfig.java    |  27 ++
 .../ee/ria/DigiDoc/common/ProxySetting.java   |   7 +
 .../java/ee/ria/DigiDoc/common/ProxyUtil.java |  71 +++++
 .../src/main/res/values/donottranslate.xml    |  10 +
 configuration-lib/build.gradle                |   1 +
 .../configuration/ConfigurationConstants.java |   6 +
 .../configuration/ConfigurationManager.java   |   2 +-
 .../loader/CentralConfigurationClient.java    | 107 ++++++--
 .../loader/CentralConfigurationLoader.java    |   6 +-
 ...tchAndPackageDefaultConfigurationTask.java |   2 +-
 .../mobileid/rest/ServiceGenerator.java       |  29 +-
 .../mobileid/service/MobileSignConstants.java |   6 +
 .../mobileid/service/MobileSignService.java   |  34 ++-
 .../smartid/rest/ServiceGenerator.java        |  27 +-
 .../smartid/service/SmartSignConstants.java   |   6 +
 .../smartid/service/SmartSignService.java     |  33 ++-
 33 files changed, 1187 insertions(+), 65 deletions(-)
 create mode 100644 app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyScreen.java
 create mode 100644 app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyView.java
 create mode 100644 app/src/main/res/layout/main_settings_proxy.xml
 create mode 100644 common-lib/src/main/java/ee/ria/DigiDoc/common/ManualProxy.java
 create mode 100644 common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyConfig.java
 create mode 100644 common-lib/src/main/java/ee/ria/DigiDoc/common/ProxySetting.java
 create mode 100644 common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyUtil.java

diff --git a/app/build.gradle b/app/build.gradle
index 25f25ca41..5d4b3602c 100755
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -95,6 +95,7 @@ dependencies {
     implementation "androidx.cardview:cardview:${androidxCardviewVersion}"
     implementation "androidx.lifecycle:lifecycle-viewmodel:${androidxLifecycleVersion}"
     implementation "androidx.work:work-runtime:${androidxWorkRuntime}"
+    implementation "androidx.security:security-crypto:${androidxSecurityCrypto}"
 
     implementation "com.takisoft.preferencex:preferencex:${preferencexVersion}"
 
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/main/diagnostics/DiagnosticsView.java b/app/src/main/java/ee/ria/DigiDoc/android/main/diagnostics/DiagnosticsView.java
index 97f3504e9..64dcc655e 100644
--- a/app/src/main/java/ee/ria/DigiDoc/android/main/diagnostics/DiagnosticsView.java
+++ b/app/src/main/java/ee/ria/DigiDoc/android/main/diagnostics/DiagnosticsView.java
@@ -35,6 +35,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStreamWriter;
+import java.net.Proxy;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.NoSuchFileException;
 import java.text.Normalizer;
@@ -43,12 +44,14 @@
 import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
+import java.util.concurrent.TimeUnit;
 
 import ee.ria.DigiDoc.BuildConfig;
 import ee.ria.DigiDoc.R;
 import ee.ria.DigiDoc.android.Activity;
 import ee.ria.DigiDoc.android.ApplicationApp;
 import ee.ria.DigiDoc.android.accessibility.AccessibilityUtils;
+import ee.ria.DigiDoc.android.main.settings.SettingsDataStore;
 import ee.ria.DigiDoc.android.utils.ClickableDialogUtil;
 import ee.ria.DigiDoc.android.utils.TSLException;
 import ee.ria.DigiDoc.android.utils.TSLUtil;
@@ -59,6 +62,10 @@
 import ee.ria.DigiDoc.android.utils.navigator.Transaction;
 import ee.ria.DigiDoc.android.utils.widget.ConfirmationDialog;
 import ee.ria.DigiDoc.common.FileUtil;
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxyConfig;
+import ee.ria.DigiDoc.common.ProxySetting;
+import ee.ria.DigiDoc.common.ProxyUtil;
 import ee.ria.DigiDoc.configuration.ConfigurationDateUtil;
 import ee.ria.DigiDoc.configuration.ConfigurationManagerService;
 import ee.ria.DigiDoc.configuration.ConfigurationProvider;
@@ -67,17 +74,22 @@
 import io.reactivex.rxjava3.core.Observable;
 import io.reactivex.rxjava3.disposables.Disposable;
 import io.reactivex.rxjava3.schedulers.Schedulers;
+import okhttp3.Authenticator;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
 import okhttp3.Response;
+import okhttp3.internal.tls.OkHostnameVerifier;
 import timber.log.Timber;
 
 public final class DiagnosticsView extends CoordinatorLayout implements ContentView {
 
+    private static final int DEFAULT_TIMEOUT = 5;
+
     private final Navigator navigator;
     private final SimpleDateFormat dateFormat;
     private final Toolbar toolbarView;
     private final ConfirmationDialog diagnosticsRestartConfirmationDialog;
+    private final SettingsDataStore settingsDataStore;
 
     private final ViewDisposables disposables;
 
@@ -96,6 +108,7 @@ public DiagnosticsView(Context context) {
         toolbarView = findViewById(R.id.toolbar);
         View saveDiagnosticsButton = findViewById(R.id.configurationSaveButton);
         navigator = ApplicationApp.component(context).navigator();
+        settingsDataStore = ApplicationApp.component(context).settingsDataStore();
 
         ContentView.addInvisibleElement(getContext(), this);
 
@@ -103,7 +116,7 @@ public DiagnosticsView(Context context) {
                 R.string.main_diagnostics_restart_message, R.id.mainDiagnosticsRestartConfirmationDialog);
 
         SwitchCompat activateLogFileGenerating = findViewById(R.id.mainDiagnosticsLogging);
-        activateLogFileGenerating.setChecked(((Activity) this.getContext()).getSettingsDataStore().getIsLogFileGenerationEnabled());
+        activateLogFileGenerating.setChecked(settingsDataStore.getIsLogFileGenerationEnabled());
         Button saveLogFileButton = findViewById(R.id.mainDiagnosticsSaveLoggingButton);
         saveLogFileButton.setVisibility(
                 (activateLogFileGenerating.isChecked() &&
@@ -134,14 +147,14 @@ public DiagnosticsView(Context context) {
     private void fileLogToggleListener(SwitchCompat activateLogFileGenerating) {
         activateLogFileGenerating.setOnCheckedChangeListener((buttonView, isChecked) -> {
             Activity activityContext = ((Activity) this.getContext());
-            boolean isLogFileGenerationEnabled = activityContext.getSettingsDataStore().getIsLogFileGenerationEnabled();
+            boolean isLogFileGenerationEnabled = settingsDataStore.getIsLogFileGenerationEnabled();
             if (isChecked) {
                 diagnosticsRestartConfirmationDialog.show();
                 ClickableDialogUtil.makeLinksInDialogClickable(diagnosticsRestartConfirmationDialog);
                 diagnosticsRestartConfirmationDialog.positiveButtonClicks()
                         .doOnNext(next -> {
                             diagnosticsRestartConfirmationDialog.dismiss();
-                            activityContext.getSettingsDataStore().setIsLogFileGenerationEnabled(true);
+                            settingsDataStore.setIsLogFileGenerationEnabled(true);
                             activityContext.restartAppWithIntent(activityContext.getIntent(), true);
                         })
                         .subscribe();
@@ -149,12 +162,12 @@ private void fileLogToggleListener(SwitchCompat activateLogFileGenerating) {
                         .doOnNext(next -> {
                             diagnosticsRestartConfirmationDialog.dismiss();
                             activateLogFileGenerating.setChecked(false);
-                            activityContext.getSettingsDataStore().setIsLogFileGenerationEnabled(false);
+                            settingsDataStore.setIsLogFileGenerationEnabled(false);
                         })
                         .subscribe();
             } else {
-                activityContext.getSettingsDataStore().setIsLogFileGenerationEnabled(false);
-                activityContext.getSettingsDataStore().setIsLogFileGenerationRunning(false);
+                settingsDataStore.setIsLogFileGenerationEnabled(false);
+                settingsDataStore.setIsLogFileGenerationRunning(false);
                 if (isLogFileGenerationEnabled) {
                     activityContext.restartAppWithIntent(activityContext.getIntent(), true);
                 }
@@ -354,7 +367,7 @@ private void setData(ConfigurationProvider configurationProvider) {
     }
 
     private void appendTslVersion(TextView tslUrlTextView, String tslUrl) {
-        tslVersionDisposable = getObservableTslVersion(tslUrl )
+        tslVersionDisposable = getObservableTslVersion(tslUrl)
                 .subscribeOn(Schedulers.io())
                 .observeOn(AndroidSchedulers.mainThread())
                 .subscribe(
@@ -363,9 +376,35 @@ private void appendTslVersion(TextView tslUrlTextView, String tslUrl) {
                 );
     }
 
+    private ProxySetting getProxySetting() {
+        return settingsDataStore.getProxySetting();
+    }
+
+    private ManualProxy getManualProxySettings() {
+        return new ManualProxy(
+                settingsDataStore.getProxyHost(),
+                settingsDataStore.getProxyPort(),
+                settingsDataStore.getProxyUsername(),
+                settingsDataStore.getProxyPassword(navigator.activity())
+        );
+    }
+
     private Observable<Integer> getObservableTslVersion(String tslUrl) {
+        ProxySetting proxySetting = getProxySetting();
+        boolean isProxySSLEnabled = settingsDataStore.getIsProxyForSSLEnabled();
+        boolean useHTTPSProxy = ProxyUtil.useHTTPSProxy(isProxySSLEnabled, getManualProxySettings());
+        ProxyConfig proxyConfig = ProxyUtil.getProxy(proxySetting, getManualProxySettings());
+
         return Observable.fromCallable(() -> {
-            OkHttpClient client = new OkHttpClient();
+            OkHttpClient.Builder builder = new OkHttpClient.Builder()
+                    .proxy(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Proxy.NO_PROXY : proxyConfig.proxy())
+                    .proxyAuthenticator(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Authenticator.NONE : proxyConfig.authenticator())
+                    .hostnameVerifier(OkHostnameVerifier.INSTANCE)
+                    .connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
+                    .readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
+                    .callTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
+                    .writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS);
+            OkHttpClient client = builder.build();
             Request request = new Request.Builder().url(tslUrl).build();
             Response response = client.newCall(request).execute();
             if (response.isSuccessful() && response.body() != null) {
@@ -381,7 +420,7 @@ private Observable<Integer> getObservableTslVersion(String tslUrl) {
     }
 
     private String getRpUuidText() {
-        String rpUuid = ((Activity) this.getContext()).getSettingsDataStore().getUuid();
+        String rpUuid = settingsDataStore.getUuid();
         int uuid = rpUuid == null || rpUuid.isEmpty()
                 ? R.string.main_diagnostics_rpuuid_default
                 : R.string.main_diagnostics_rpuuid_custom;
@@ -389,7 +428,7 @@ private String getRpUuidText() {
     }
 
     private String getTsaUrlText() {
-        return ((Activity) this.getContext()).getSettingsDataStore().getTsaUrl();
+        return settingsDataStore.getTsaUrl();
     }
 
     private void setTslCacheData() {
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsDataStore.java b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsDataStore.java
index ca67c83b3..6baa57570 100644
--- a/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsDataStore.java
+++ b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsDataStore.java
@@ -1,12 +1,20 @@
 package ee.ria.DigiDoc.android.main.settings;
 
+import static ee.ria.DigiDoc.common.ProxySetting.NO_PROXY;
+
 import android.app.Application;
+import android.content.Context;
 import android.content.SharedPreferences;
 import android.content.res.Resources;
+import android.util.Log;
 
 import androidx.annotation.Nullable;
 import androidx.preference.PreferenceManager;
+import androidx.security.crypto.EncryptedSharedPreferences;
+import androidx.security.crypto.MasterKeys;
 
+import java.io.IOException;
+import java.security.GeneralSecurityException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;
@@ -14,16 +22,23 @@
 import javax.inject.Inject;
 
 import ee.ria.DigiDoc.R;
+import ee.ria.DigiDoc.android.utils.ToastUtil;
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxySetting;
+import timber.log.Timber;
 
 public final class SettingsDataStore {
 
     private static final String KEY_LOCALE = "locale";
+    private static final String ENCRYPTED_PREFERENCES_KEY = "encryptedPreferencesStorage";
 
     private final SharedPreferences preferences;
+    private final SharedPreferences encryptedPreferences;
     private final Resources resources;
 
     @Inject SettingsDataStore(Application application) {
         preferences = PreferenceManager.getDefaultSharedPreferences(application);
+        encryptedPreferences = getEncryptedPreferences(application.getApplicationContext());
         this.resources = application.getResources();
     }
 
@@ -277,4 +292,104 @@ public void setIsTsaCertificateViewVisible(boolean isVisible) {
     public boolean getIsTsaCertificateViewVisible() {
         return preferences.getBoolean(resources.getString(R.string.main_settings_tsa_cert_view), false);
     }
+
+    public void setProxySetting(ProxySetting proxySetting) {
+        SharedPreferences.Editor editor = preferences.edit();
+        editor.putString(resources.getString(R.string.main_settings_proxy_setting_key), proxySetting.name());
+        editor.commit();
+    }
+
+    public ProxySetting getProxySetting() {
+        String settingKey = preferences.getString(resources.getString(R.string.main_settings_proxy_setting_key), NO_PROXY.name());
+        try {
+            return ProxySetting.valueOf(settingKey);
+        } catch (IllegalArgumentException iae) {
+            Timber.log(Log.ERROR, iae, "Unable to get proxy setting");
+            return NO_PROXY;
+        }
+    }
+
+    public void setIsProxyForSSLEnabled(boolean isEnabled) {
+        SharedPreferences.Editor editor = preferences.edit();
+        editor.putBoolean(resources.getString(R.string.main_settings_proxy_ssl_enabled_key), isEnabled);
+        editor.commit();
+    }
+
+    public boolean getIsProxyForSSLEnabled() {
+        return preferences.getBoolean(resources.getString(R.string.main_settings_proxy_ssl_enabled_key), true);
+    }
+
+    public void setProxyHost(String host) {
+        SharedPreferences.Editor editor = preferences.edit();
+        editor.putString(resources.getString(R.string.main_settings_proxy_host_key), host);
+        editor.commit();
+    }
+
+    public String getProxyHost() {
+        return preferences.getString(resources.getString(R.string.main_settings_proxy_host_key), "");
+    }
+
+    public void setProxyPort(int port) {
+        SharedPreferences.Editor editor = preferences.edit();
+        editor.putInt(resources.getString(R.string.main_settings_proxy_port_key), port);
+        editor.commit();
+    }
+
+    public int getProxyPort() {
+        return preferences.getInt(resources.getString(R.string.main_settings_proxy_port_key), 80);
+    }
+
+    public void setProxyUsername(String username) {
+        SharedPreferences.Editor editor = preferences.edit();
+        editor.putString(resources.getString(R.string.main_settings_proxy_username_key), username);
+        editor.commit();
+    }
+
+    public String getProxyUsername() {
+        return preferences.getString(resources.getString(R.string.main_settings_proxy_username_key), "");
+    }
+
+    public void setProxyPassword(Context context, String password) {
+        SharedPreferences encryptedPreferences = getEncryptedPreferences(context);
+        if (encryptedPreferences != null) {
+            SharedPreferences.Editor editor = encryptedPreferences.edit();
+            editor.putString(resources.getString(R.string.main_settings_proxy_password_key), password);
+            editor.commit();
+        }
+        Timber.log(Log.ERROR, "Unable to set proxy password");
+    }
+
+    public String getProxyPassword(Context context) {
+        SharedPreferences encryptedPreferences = getEncryptedPreferences(context);
+        if (encryptedPreferences != null) {
+            return encryptedPreferences.getString(resources.getString(R.string.main_settings_proxy_password_key), "");
+        }
+        Timber.log(Log.ERROR, "Unable to get proxy password");
+        return "";
+    }
+
+    public ManualProxy getManualProxySettings(Context context) {
+        return new ManualProxy(getProxyHost(), getProxyPort(),
+                getProxyUsername(), getProxyPassword(context));
+    }
+
+    @Nullable
+    private static SharedPreferences getEncryptedPreferences(Context context) {
+        String masterKey;
+        try {
+            masterKey = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC);
+            return EncryptedSharedPreferences.create(
+                    ENCRYPTED_PREFERENCES_KEY,
+                    masterKey,
+                    context,
+                    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+                    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+            );
+
+        } catch (GeneralSecurityException | IOException e) {
+            Timber.log(Log.ERROR, e, "Unable to get encrypted preferences");
+            ToastUtil.showError(context, R.string.signature_update_mobile_id_error_general_client);
+            return null;
+        }
+    }
 }
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsView.java b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsView.java
index 1642677f0..66cf0ca88 100644
--- a/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsView.java
+++ b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/SettingsView.java
@@ -15,27 +15,24 @@
 import ee.ria.DigiDoc.R;
 import ee.ria.DigiDoc.android.ApplicationApp;
 import ee.ria.DigiDoc.android.main.settings.access.SettingsAccessScreen;
+import ee.ria.DigiDoc.android.main.settings.proxy.SettingsProxyScreen;
 import ee.ria.DigiDoc.android.main.settings.role.SettingsRoleAndAddressScreen;
 import ee.ria.DigiDoc.android.utils.ViewDisposables;
 import ee.ria.DigiDoc.android.utils.navigator.ContentView;
 import ee.ria.DigiDoc.android.utils.navigator.Navigator;
 import ee.ria.DigiDoc.android.utils.navigator.Transaction;
-import io.reactivex.rxjava3.android.schedulers.AndroidSchedulers;
-import io.reactivex.rxjava3.core.Observable;
-import io.reactivex.rxjava3.disposables.Disposable;
-import kotlin.Unit;
 
 public final class SettingsView extends CoordinatorLayout implements ContentView  {
 
     private final Toolbar toolbarView;
+    private final Button accessCategory;
+    private final Button proxyCategory;
+    private final Button roleAndAddressCategory;
 
     private final Navigator navigator;
 
     private final ViewDisposables disposables;
 
-    private final Button accessCategory;
-    private final Button roleAndAddressCategory;
-
     public SettingsView(Context context) {
         this(context, null);
     }
@@ -53,6 +50,7 @@ public SettingsView(Context context, AttributeSet attrs, int defStyleAttr) {
         disposables = new ViewDisposables();
 
         accessCategory = findViewById(R.id.mainSettingsAccessCategory);
+        proxyCategory = findViewById(R.id.mainSettingsProxyCategory);
         roleAndAddressCategory = findViewById(R.id.mainSettingsRoleAndAddressCategory);
 
         toolbarView.setTitle(R.string.main_settings_title);
@@ -73,6 +71,9 @@ public void onAttachedToWindow() {
         disposables.add(clicks(accessCategory).subscribe(o ->
                 navigator.execute(
                         Transaction.push(SettingsAccessScreen.create()))));
+        disposables.add(clicks(proxyCategory).subscribe(o ->
+                navigator.execute(
+                        Transaction.push(SettingsProxyScreen.create()))));
         disposables.add(clicks(roleAndAddressCategory).subscribe(o ->
                 navigator.execute(
                         Transaction.push(SettingsRoleAndAddressScreen.create()))));
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyScreen.java b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyScreen.java
new file mode 100644
index 000000000..8bbec174c
--- /dev/null
+++ b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyScreen.java
@@ -0,0 +1,44 @@
+package ee.ria.DigiDoc.android.main.settings.proxy;
+
+import android.content.Context;
+import android.view.View;
+
+import androidx.annotation.NonNull;
+import androidx.fragment.app.Fragment;
+import androidx.fragment.app.FragmentActivity;
+import androidx.fragment.app.FragmentManager;
+
+import ee.ria.DigiDoc.R;
+import ee.ria.DigiDoc.android.utils.navigator.conductor.ConductorScreen;
+
+public final class SettingsProxyScreen extends ConductorScreen {
+
+    public static SettingsProxyScreen create() {
+        return new SettingsProxyScreen();
+    }
+
+    @SuppressWarnings("WeakerAccess")
+    public SettingsProxyScreen() {
+        super(R.id.mainSettingsProxyScreen);
+    }
+
+    @Override
+    protected View view(Context context) {
+        return new SettingsProxyView(context);
+    }
+
+    @Override
+    protected void onDestroyView(@NonNull View view) {
+        FragmentActivity activity = (FragmentActivity) getActivity();
+        if (activity != null) {
+            FragmentManager fragmentManager = activity.getSupportFragmentManager();
+            Fragment fragment = fragmentManager.findFragmentById(R.id.mainSettingsFragment);
+            if (fragment != null) {
+                fragmentManager.beginTransaction()
+                        .remove(fragment)
+                        .commitAllowingStateLoss();
+            }
+        }
+        super.onDestroyView(view);
+    }
+}
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyView.java b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyView.java
new file mode 100644
index 000000000..0a61cad8a
--- /dev/null
+++ b/app/src/main/java/ee/ria/DigiDoc/android/main/settings/proxy/SettingsProxyView.java
@@ -0,0 +1,256 @@
+package ee.ria.DigiDoc.android.main.settings.proxy;
+
+import static com.jakewharton.rxbinding4.widget.RxRadioGroup.checkedChanges;
+import static com.jakewharton.rxbinding4.widget.RxTextView.textChanges;
+import static com.jakewharton.rxbinding4.widget.RxToolbar.navigationClicks;
+import static ee.ria.DigiDoc.android.main.settings.util.SettingsUtil.getToolbarViewTitle;
+import static ee.ria.DigiDoc.common.ProxySetting.MANUAL_PROXY;
+import static ee.ria.DigiDoc.common.ProxySetting.NO_PROXY;
+import static ee.ria.DigiDoc.common.ProxySetting.SYSTEM_PROXY;
+
+import android.content.Context;
+import android.util.AttributeSet;
+import android.util.Log;
+import android.widget.CheckBox;
+import android.widget.RadioButton;
+import android.widget.RadioGroup;
+import android.widget.TextView;
+import android.widget.Toolbar;
+
+import androidx.coordinatorlayout.widget.CoordinatorLayout;
+
+import com.google.android.material.textfield.TextInputEditText;
+import com.google.android.material.textfield.TextInputLayout;
+import com.jakewharton.rxbinding4.widget.RxCompoundButton;
+
+import ee.ria.DigiDoc.R;
+import ee.ria.DigiDoc.android.ApplicationApp;
+import ee.ria.DigiDoc.android.main.settings.SettingsDataStore;
+import ee.ria.DigiDoc.android.utils.ViewDisposables;
+import ee.ria.DigiDoc.android.utils.navigator.Navigator;
+import ee.ria.DigiDoc.android.utils.navigator.Transaction;
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxySetting;
+import timber.log.Timber;
+
+public final class SettingsProxyView extends CoordinatorLayout {
+
+    private final Toolbar toolbarView;
+
+    private final Navigator navigator;
+    private final SettingsDataStore settingsDataStore;
+
+    private final ViewDisposables disposables;
+
+    private final RadioGroup proxyGroup;
+    private final RadioButton noProxy;
+    private final RadioButton systemProxy;
+    private final RadioButton manualProxy;
+    private final CheckBox allowSSLConnections;
+
+    private final TextInputEditText host;
+    private final TextInputEditText port;
+    private final TextInputEditText username;
+    private final TextInputEditText password;
+
+    private final TextInputLayout portLayout;
+
+    private final ManualProxy manualProxySettings;
+
+    public SettingsProxyView(Context context) {
+        this(context, null);
+    }
+
+    public SettingsProxyView(Context context, AttributeSet attrs) {
+        this(context, attrs, 0);
+    }
+
+    public SettingsProxyView(Context context, AttributeSet attrs, int defStyleAttr) {
+        super(context, attrs, defStyleAttr);
+        inflate(context, R.layout.main_settings_proxy, this);
+        toolbarView = findViewById(R.id.toolbar);
+        TextView toolbarTitleView = getToolbarViewTitle(toolbarView);
+        navigator = ApplicationApp.component(context).navigator();
+        settingsDataStore = ApplicationApp.component(context).settingsDataStore();
+        disposables = new ViewDisposables();
+
+        proxyGroup = findViewById(R.id.mainSettingsProxyGroup);
+        noProxy = findViewById(R.id.mainSettingsProxyNoProxy);
+        systemProxy = findViewById(R.id.mainSettingsProxyUseSystem);
+        manualProxy = findViewById(R.id.mainSettingsProxyManual);
+        allowSSLConnections = findViewById(R.id.mainSettingsProxyAllowSSL);
+
+        host = findViewById(R.id.mainSettingsProxyHost);
+        port = findViewById(R.id.mainSettingsProxyPort);
+        username = findViewById(R.id.mainSettingsProxyUsername);
+        password = findViewById(R.id.mainSettingsProxyPassword);
+
+        portLayout = findViewById(R.id.mainSettingsProxyPortLayout);
+
+        manualProxySettings = getManualProxySettings();
+
+        toolbarView.setTitle(R.string.main_settings_proxy_button);
+        toolbarView.setNavigationIcon(androidx.appcompat.R.drawable.abc_ic_ab_back_material);
+        toolbarView.setNavigationContentDescription(R.string.back);
+
+        if (toolbarTitleView != null) {
+            toolbarTitleView.setContentDescription("\u202F");
+        }
+
+        checkActiveProxySetting(settingsDataStore);
+        checkManualProxySettings(settingsDataStore, manualProxySettings);
+        checkIsSSLForProxyEnabled(settingsDataStore);
+    }
+
+    @Override
+    public void onAttachedToWindow() {
+        super.onAttachedToWindow();
+        disposables.attach();
+        disposables.add(navigationClicks(toolbarView).subscribe(o ->
+                navigator.execute(Transaction.pop())));
+        disposables.add(textChanges(port)
+                .map(CharSequence::toString)
+                .subscribe(this::validatePortNumber));
+        disposables.add(checkedChanges(proxyGroup).subscribe(setting ->
+                setProxySetting(settingsDataStore, setting)));
+        disposables.add(RxCompoundButton.checkedChanges(allowSSLConnections).subscribe(isEnabled ->
+                setIsSSLForProxyEnabled(settingsDataStore, isEnabled)));
+    }
+
+    @Override
+    public void onDetachedFromWindow() {
+        if (settingsDataStore != null) {
+            ProxySetting currentProxySetting = settingsDataStore.getProxySetting();
+            if (currentProxySetting.equals(MANUAL_PROXY)) {
+                manualProxySettings.setHost(host.getEditableText().toString());
+                String portNumber = port.getEditableText().toString();
+                try {
+                    manualProxySettings.setPort(
+                            portNumber.isEmpty() || !isValidPortNumber(portNumber) ? 80 :
+                                    Integer.parseInt(port.getEditableText().toString()));
+                } catch (NumberFormatException nfe) {
+                    Timber.log(Log.ERROR, nfe, "Unable to get the port number");
+                    manualProxySettings.setPort(80);
+                }
+                manualProxySettings.setUsername(username.getEditableText().toString());
+                manualProxySettings.setPassword(password.getEditableText().toString());
+                setManualProxySettings(settingsDataStore, manualProxySettings);
+            } else {
+                clearProxySettings(settingsDataStore);
+            }
+        }
+
+        disposables.detach();
+        super.onDetachedFromWindow();
+    }
+
+    private void checkActiveProxySetting(SettingsDataStore settingsDataStore) {
+        if (settingsDataStore != null) {
+            ProxySetting currentProxySetting = settingsDataStore.getProxySetting();
+            switch (currentProxySetting) {
+                case NO_PROXY -> {
+                    noProxy.setChecked(true);
+                    isManualProxyEnabled(false);
+                }
+                case SYSTEM_PROXY -> {
+                    systemProxy.setChecked(true);
+                    isManualProxyEnabled(false);
+                }
+                case MANUAL_PROXY -> {
+                    manualProxy.setChecked(true);
+                    isManualProxyEnabled(true);
+                }
+            }
+        }
+    }
+
+    private void setProxySetting(SettingsDataStore settingsDataStore, int buttonId) {
+        if (settingsDataStore != null) {
+            if (noProxy.getId() == buttonId) {
+                settingsDataStore.setProxySetting(NO_PROXY);
+            } else if (systemProxy.getId() == buttonId) {
+                settingsDataStore.setProxySetting(SYSTEM_PROXY);
+            } else if (manualProxy.getId() == buttonId) {
+                settingsDataStore.setProxySetting(MANUAL_PROXY);
+            }
+
+            checkActiveProxySetting(settingsDataStore);
+        }
+    }
+
+    private ManualProxy getManualProxySettings() {
+        return new ManualProxy(
+                settingsDataStore.getProxyHost(),
+                settingsDataStore.getProxyPort(),
+                settingsDataStore.getProxyUsername(),
+                settingsDataStore.getProxyPassword(navigator.activity())
+        );
+    }
+
+    private void checkManualProxySettings(SettingsDataStore settingsDataStore, ManualProxy manualProxy) {
+        if (settingsDataStore != null) {
+            host.setText(manualProxy.getHost());
+            port.setText(String.valueOf(manualProxy.getPort()));
+            username.setText(manualProxy.getUsername());
+            password.setText(manualProxy.getPassword());
+        }
+    }
+
+    private void setManualProxySettings(SettingsDataStore settingsDataStore, ManualProxy manualProxy) {
+        if (settingsDataStore != null) {
+            settingsDataStore.setProxyHost(manualProxy.getHost());
+            settingsDataStore.setProxyPort(manualProxy.getPort());
+            settingsDataStore.setProxyUsername(manualProxy.getUsername());
+            settingsDataStore.setProxyPassword(navigator.activity(), manualProxy.getPassword());
+        }
+    }
+
+    private void checkIsSSLForProxyEnabled(SettingsDataStore settingsDataStore) {
+        if (settingsDataStore != null) {
+            boolean isSSLForProxyEnabled = settingsDataStore.getIsProxyForSSLEnabled();
+            allowSSLConnections.setChecked(isSSLForProxyEnabled);
+        }
+    }
+
+    private void setIsSSLForProxyEnabled(SettingsDataStore settingsDataStore, boolean isEnabled) {
+        if (settingsDataStore != null) {
+            settingsDataStore.setIsProxyForSSLEnabled(isEnabled);
+        }
+    }
+
+    private void clearProxySettings(SettingsDataStore settingsDataStore) {
+        manualProxySettings.setHost("");
+        manualProxySettings.setPort(80);
+        manualProxySettings.setUsername("");
+        manualProxySettings.setPassword("");
+        setManualProxySettings(settingsDataStore, manualProxySettings);
+    }
+
+    private void isManualProxyEnabled(boolean isEnabled) {
+        host.setEnabled(isEnabled);
+        port.setEnabled(isEnabled);
+        username.setEnabled(isEnabled);
+        password.setEnabled(isEnabled);
+        allowSSLConnections.setEnabled(isEnabled);
+    }
+
+    private void validatePortNumber(String portNumber) {
+        if (!portNumber.isEmpty()) {
+            if (!isValidPortNumber(portNumber)) {
+                portLayout.setError("Min 1, max 65535");
+            } else {
+                portLayout.setError(null);
+            }
+        }
+    }
+
+    private static boolean isValidPortNumber(String portNumber) {
+        try {
+            int number = Integer.parseInt(portNumber);
+            return number >= 1 && number <= 65535;
+        } catch (NumberFormatException e) {
+            Timber.log(Log.ERROR, e, String.format("Invalid number: %s", portNumber));
+            return false;
+        }
+    }
+}
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/SignatureAddSource.java b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/SignatureAddSource.java
index 4f1ecf562..de0a833d9 100644
--- a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/SignatureAddSource.java
+++ b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/SignatureAddSource.java
@@ -101,7 +101,9 @@ Observable<? extends SignatureAddResponse> sign(File containerFile,
                             Observable.create(new MobileIdOnSubscribe(navigator, container,
                                             localeService.applicationLocale(),
                                     settingsDataStore.getUuid(), mobileIdRequest.personalCode(),
-                                    mobileIdRequest.phoneNo(), roleData)))
+                                    mobileIdRequest.phoneNo(), settingsDataStore.getIsProxyForSSLEnabled(),
+                                    settingsDataStore.getProxySetting(),
+                                    settingsDataStore.getManualProxySettings(navigator.activity()), roleData)))
                     .switchMap(response -> {
                         String signature = response.signature();
                         Button mobileIdCancelButton = navigator.activity().findViewById(R.id.signatureUpdateMobileIdCancelButton);
@@ -137,7 +139,10 @@ Observable<? extends SignatureAddResponse> sign(File containerFile,
                     .flatMapObservable(container ->
                             Observable.create(new SmartIdOnSubscribe(navigator, container,
                                     localeService.applicationLocale(), settingsDataStore.getUuid(),
-                                    smartIdRequest.personalCode(), smartIdRequest.country(), roleData)))
+                                    smartIdRequest.personalCode(), smartIdRequest.country(),
+                                    settingsDataStore.getIsProxyForSSLEnabled(),
+                                    settingsDataStore.getProxySetting(),
+                                    settingsDataStore.getManualProxySettings(navigator.activity()), roleData)))
                     .switchMap(response -> {
                         SessionStatusResponse.ProcessStatus processStatus = response.status();
                         Button smartIdCancelButton = navigator.activity().findViewById(R.id.signatureUpdateSmartIdCancelButton);
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/mobileid/MobileIdOnSubscribe.java b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/mobileid/MobileIdOnSubscribe.java
index b4de58e77..d8387fd6e 100644
--- a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/mobileid/MobileIdOnSubscribe.java
+++ b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/mobileid/MobileIdOnSubscribe.java
@@ -7,8 +7,14 @@
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.CREATE_SIGNATURE_CHALLENGE;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.CREATE_SIGNATURE_REQUEST;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.CREATE_SIGNATURE_STATUS;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_HOST;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_PASSWORD;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_PORT;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_USERNAME;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MID_BROADCAST_ACTION;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MID_BROADCAST_TYPE_KEY;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.PROXY_IS_SSL_ENABLED;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.PROXY_SETTING;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.SERVICE_FAULT;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.SIGNING_ROLE_DATA;
 
@@ -36,6 +42,8 @@
 import ee.ria.DigiDoc.android.ApplicationApp;
 import ee.ria.DigiDoc.android.model.mobileid.MobileIdMessageException;
 import ee.ria.DigiDoc.android.utils.navigator.Navigator;
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxySetting;
 import ee.ria.DigiDoc.common.RoleData;
 import ee.ria.DigiDoc.configuration.ConfigurationProvider;
 import ee.ria.DigiDoc.mobileid.dto.request.MobileCreateSignatureRequest;
@@ -56,12 +64,16 @@ public final class MobileIdOnSubscribe implements ObservableOnSubscribe<MobileId
     private final String uuid;
     private final String personalCode;
     private final String phoneNo;
+    private final boolean isProxySSLEnabled;
+    private final ProxySetting proxySetting;
+    private final ManualProxy manualProxySettings;
     @Nullable private final RoleData roleData;
-
     private static final String SIGNING_TAG = "MobileId";
 
     public MobileIdOnSubscribe(Navigator navigator, SignedContainer container, Locale locale,
-                               String uuid, String personalCode, String phoneNo, @Nullable RoleData roleData) {
+                               String uuid, String personalCode, String phoneNo,
+                               boolean isProxySSLEnabled, ProxySetting proxySetting,
+                               ManualProxy manualProxySettings, @Nullable RoleData roleData) {
         this.navigator = navigator;
         this.container = container;
         this.locale = locale;
@@ -69,6 +81,9 @@ public MobileIdOnSubscribe(Navigator navigator, SignedContainer container, Local
         this.uuid = uuid;
         this.personalCode = personalCode;
         this.phoneNo = phoneNo;
+        this.isProxySSLEnabled = isProxySSLEnabled;
+        this.proxySetting = proxySetting;
+        this.manualProxySettings = manualProxySettings;
         this.roleData = roleData;
     }
 
@@ -140,6 +155,12 @@ public void onReceive(Context context, Intent intent) {
                 .putString(CREATE_SIGNATURE_REQUEST, toJson(request))
                 .putString(ACCESS_TOKEN_PASS, SignLib.accessTokenPass())
                 .putString(ACCESS_TOKEN_PATH, SignLib.accessTokenPath())
+                .putString(PROXY_SETTING, proxySetting.name())
+                .putString(MANUAL_PROXY_HOST, manualProxySettings.getHost())
+                .putInt(MANUAL_PROXY_PORT, manualProxySettings.getPort())
+                .putString(MANUAL_PROXY_USERNAME, manualProxySettings.getUsername())
+                .putString(MANUAL_PROXY_PASSWORD, manualProxySettings.getPassword())
+                .putBoolean(PROXY_IS_SSL_ENABLED, isProxySSLEnabled)
                 .putString(SIGNING_ROLE_DATA, RoleData.toJson(roleData))
                 .build();
 
diff --git a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/smartid/SmartIdOnSubscribe.java b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/smartid/SmartIdOnSubscribe.java
index c35fd22d8..70be06583 100644
--- a/app/src/main/java/ee/ria/DigiDoc/android/signature/update/smartid/SmartIdOnSubscribe.java
+++ b/app/src/main/java/ee/ria/DigiDoc/android/signature/update/smartid/SmartIdOnSubscribe.java
@@ -27,6 +27,12 @@
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.CREATE_SIGNATURE_DEVICE;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.CREATE_SIGNATURE_REQUEST;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.CREATE_SIGNATURE_STATUS;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_HOST;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_PASSWORD;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_PORT;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_USERNAME;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.PROXY_IS_SSL_ENABLED;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.PROXY_SETTING;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.SERVICE_FAULT;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.SID_BROADCAST_ACTION;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.SID_BROADCAST_TYPE_KEY;
@@ -64,8 +70,10 @@
 import ee.ria.DigiDoc.android.ApplicationApp;
 import ee.ria.DigiDoc.android.model.smartid.SmartIdMessageException;
 import ee.ria.DigiDoc.android.utils.navigator.Navigator;
+import ee.ria.DigiDoc.common.ManualProxy;
 import ee.ria.DigiDoc.common.NotificationUtil;
 import ee.ria.DigiDoc.common.PowerUtil;
+import ee.ria.DigiDoc.common.ProxySetting;
 import ee.ria.DigiDoc.common.RoleData;
 import ee.ria.DigiDoc.configuration.ConfigurationProvider;
 import ee.ria.DigiDoc.sign.SignedContainer;
@@ -88,13 +96,16 @@ public final class SmartIdOnSubscribe implements ObservableOnSubscribe<SmartIdRe
     private final String uuid;
     private final String personalCode;
     private final String country;
-
-    @Nullable RoleData roleData;    
-
+    private final boolean isProxySSLEnabled;
+    private final ProxySetting proxySetting;
+    private final ManualProxy manualProxySettings;
+    @Nullable private final RoleData roleData;
     private static final String SIGNING_TAG = "SmartId";
 
     public SmartIdOnSubscribe(Navigator navigator, SignedContainer container, Locale locale,
-                              String uuid, String personalCode, String country, @Nullable RoleData roleData) {
+                              String uuid, String personalCode, String country,
+                              boolean isProxySSLEnabled, ProxySetting proxySetting,
+                              ManualProxy manualProxySettings, @Nullable RoleData roleData) {
         this.navigator = navigator;
         this.container = container;
         this.broadcastManager = LocalBroadcastManager.getInstance(navigator.activity());
@@ -102,6 +113,9 @@ public SmartIdOnSubscribe(Navigator navigator, SignedContainer container, Locale
         this.uuid = uuid;
         this.personalCode = personalCode;
         this.country = country;
+        this.isProxySSLEnabled = isProxySSLEnabled;
+        this.proxySetting = proxySetting;
+        this.manualProxySettings = manualProxySettings;
         this.roleData = roleData;
     }
 
@@ -195,6 +209,12 @@ public void onReceive(Context context, Intent intent) {
         UUID uuid = UUID.randomUUID();
         Data inputData = new Data.Builder()
                 .putString(CREATE_SIGNATURE_REQUEST, toJson(request))
+                .putString(PROXY_SETTING, proxySetting.name())
+                .putString(MANUAL_PROXY_HOST, manualProxySettings.getHost())
+                .putInt(MANUAL_PROXY_PORT, manualProxySettings.getPort())
+                .putString(MANUAL_PROXY_USERNAME, manualProxySettings.getUsername())
+                .putString(MANUAL_PROXY_PASSWORD, manualProxySettings.getPassword())
+                .putBoolean(PROXY_IS_SSL_ENABLED, isProxySSLEnabled)
                 .putString(SIGNING_ROLE_DATA, RoleData.toJson(roleData))
                 .build();
 
diff --git a/app/src/main/res/layout/main_settings.xml b/app/src/main/res/layout/main_settings.xml
index d32065a4a..478a7942b 100644
--- a/app/src/main/res/layout/main_settings.xml
+++ b/app/src/main/res/layout/main_settings.xml
@@ -66,6 +66,34 @@
 
             </LinearLayout>
 
+            <LinearLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:orientation="horizontal"
+                android:layout_marginTop="@dimen/material_baseline_grid_2.5x"
+                android:layout_marginBottom="@dimen/material_baseline_grid_2.5x">
+
+                <Button
+                    android:id="@id/mainSettingsProxyCategory"
+                    style="@style/MaterialTypography.Regular.Body2"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:drawableStart="@drawable/ic_icon_access_padded"
+                    android:drawableEnd="@drawable/ic_baseline_keyboard_arrow_right_24"
+                    android:textColor="@color/material_color_black"
+                    android:textSize="@dimen/material_baseline_grid_2x"
+                    android:textAllCaps="false"
+                    android:drawableTint="@color/material_color_black"
+                    android:background="@null"
+                    android:padding="0dp"
+                    android:layout_margin="0dp"
+                    android:minHeight="0dp"
+                    android:minWidth="0dp"
+                    android:gravity="center_vertical"
+                    android:contentDescription="@string/main_settings_proxy_button"
+                    android:text="@string/main_settings_proxy_button" />
+            </LinearLayout>
+
             <LinearLayout
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
@@ -92,7 +120,6 @@
                     android:gravity="center_vertical"
                     android:contentDescription="@string/main_settings_role_and_address_button"
                     android:text="@string/main_settings_role_and_address_button" />
-
             </LinearLayout>
 
         </LinearLayout>
diff --git a/app/src/main/res/layout/main_settings_proxy.xml b/app/src/main/res/layout/main_settings_proxy.xml
new file mode 100644
index 000000000..9377e3f6e
--- /dev/null
+++ b/app/src/main/res/layout/main_settings_proxy.xml
@@ -0,0 +1,208 @@
+<?xml version="1.0" encoding="utf-8"?>
+<merge xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:app="http://schemas.android.com/apk/res-auto"
+    xmlns:tools="http://schemas.android.com/tools"
+    tools:parentTag="androidx.coordinatorlayout.widget.CoordinatorLayout"
+    tools:layout_width="match_parent"
+    tools:layout_height="match_parent">
+
+    <com.google.android.material.appbar.AppBarLayout
+        android:id="@id/appBar"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content">
+
+        <android.widget.Toolbar
+            android:id="@id/toolbar"
+            android:theme="@style/ThemeOverlay.Application.ActionBar"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:accessibilityPaneTitle="@string/main_settings_proxy_button"
+            app:navigationIcon="?attr/homeAsUpIndicator"
+            app:navigationContentDescription="@string/back"
+            app:title="@string/main_settings_proxy_button" />
+
+    </com.google.android.material.appbar.AppBarLayout>
+
+    <ScrollView
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:paddingStart="@dimen/material_content_edge_margin_horizontal"
+        android:paddingEnd="@dimen/material_content_edge_margin_horizontal"
+        android:orientation="vertical"
+        android:gravity="center_vertical"
+        app:layout_behavior="@string/appbar_scrolling_view_behavior">
+
+        <LinearLayout
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:orientation="vertical">
+
+            <RadioGroup
+                android:id="@id/mainSettingsProxyGroup"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:orientation="vertical" >
+
+                <RadioButton
+                    android:id="@id/mainSettingsProxyNoProxy"
+                    android:layout_width="match_parent"
+                    android:layout_height="match_parent"
+                    android:layout_weight="1"
+                    android:textSize="@dimen/material_baseline_grid_2x"
+                    android:padding="14dp"
+                    android:text="@string/main_settings_proxy_no_proxy" />
+
+                <RadioButton
+                    android:id="@id/mainSettingsProxyUseSystem"
+                    android:layout_width="match_parent"
+                    android:layout_height="match_parent"
+                    android:layout_weight="1"
+                    android:textSize="@dimen/material_baseline_grid_2x"
+                    android:padding="14dp"
+                    android:text="@string/main_settings_proxy_use_system" />
+
+                <RadioButton
+                    android:id="@id/mainSettingsProxyManual"
+                    android:layout_width="match_parent"
+                    android:layout_height="match_parent"
+                    android:layout_weight="1"
+                    android:textSize="@dimen/material_baseline_grid_2x"
+                    android:padding="14dp"
+                    android:text="@string/main_settings_proxy_manual" />
+            </RadioGroup>
+
+            <com.google.android.material.textview.MaterialTextView
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:gravity="start"
+                android:layout_marginTop="20dp"
+                android:minHeight="@dimen/material_baseline_grid_4x"
+                android:textSize="@dimen/material_baseline_grid_2x"
+                android:text="@string/main_settings_proxy_host" />
+
+            <com.google.android.material.textfield.TextInputLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_gravity="start"
+                android:hint="@string/main_settings_proxy_host"
+                app:hintEnabled="false"
+                app:errorEnabled="true"
+                app:expandedHintEnabled="false">
+
+                <com.google.android.material.textfield.TextInputEditText
+                    android:id="@id/mainSettingsProxyHost"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:inputType="text"
+                    android:imeOptions="actionDone"
+                    android:maxLines="1"
+                    android:minHeight="@dimen/material_baseline_grid_4x"
+                    android:background="@drawable/bottom_border_background" />
+
+            </com.google.android.material.textfield.TextInputLayout>
+
+            <com.google.android.material.textview.MaterialTextView
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:gravity="start"
+                android:layout_marginTop="20dp"
+                android:minHeight="@dimen/material_baseline_grid_4x"
+                android:textSize="@dimen/material_baseline_grid_2x"
+                android:text="@string/main_settings_proxy_port" />
+
+            <com.google.android.material.textfield.TextInputLayout
+                android:id="@id/mainSettingsProxyPortLayout"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_gravity="start"
+                android:hint="@string/main_settings_proxy_port"
+                app:hintEnabled="false"
+                app:errorEnabled="true"
+                app:expandedHintEnabled="false">
+
+                <com.google.android.material.textfield.TextInputEditText
+                    android:id="@id/mainSettingsProxyPort"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:inputType="number"
+                    android:imeOptions="actionDone"
+                    android:maxLines="1"
+                    android:minHeight="@dimen/material_baseline_grid_4x"
+                    android:background="@drawable/bottom_border_background" />
+
+            </com.google.android.material.textfield.TextInputLayout>
+
+            <com.google.android.material.textview.MaterialTextView
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:gravity="start"
+                android:layout_marginTop="20dp"
+                android:minHeight="@dimen/material_baseline_grid_4x"
+                android:textSize="@dimen/material_baseline_grid_2x"
+                android:text="@string/main_settings_proxy_username" />
+
+            <com.google.android.material.textfield.TextInputLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_gravity="start"
+                android:hint="@string/main_settings_proxy_username"
+                app:hintEnabled="false"
+                app:errorEnabled="true"
+                app:expandedHintEnabled="false">
+
+                <com.google.android.material.textfield.TextInputEditText
+                    android:id="@id/mainSettingsProxyUsername"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:inputType="text"
+                    android:imeOptions="actionDone"
+                    android:maxLines="1"
+                    android:minHeight="@dimen/material_baseline_grid_4x"
+                    android:background="@drawable/bottom_border_background" />
+
+            </com.google.android.material.textfield.TextInputLayout>
+
+            <com.google.android.material.textview.MaterialTextView
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:gravity="start"
+                android:layout_marginTop="20dp"
+                android:minHeight="@dimen/material_baseline_grid_4x"
+                android:textSize="@dimen/material_baseline_grid_2x"
+                android:text="@string/main_settings_proxy_password" />
+
+            <com.google.android.material.textfield.TextInputLayout
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_gravity="start"
+                android:hint="@string/main_settings_proxy_password"
+                app:hintEnabled="false"
+                app:errorEnabled="true"
+                app:expandedHintEnabled="false">
+
+                <com.google.android.material.textfield.TextInputEditText
+                    android:id="@id/mainSettingsProxyPassword"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:inputType="textPassword"
+                    android:imeOptions="actionDone"
+                    android:maxLines="1"
+                    android:minHeight="@dimen/material_baseline_grid_4x"
+                    android:background="@drawable/bottom_border_background" />
+
+            </com.google.android.material.textfield.TextInputLayout>
+
+            <CheckBox
+                android:id="@id/mainSettingsProxyAllowSSL"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_marginTop="20dp"
+                android:layout_marginBottom="20dp"
+                android:checked="true"
+                android:text="@string/main_settings_proxy_allow_ssl" />
+
+        </LinearLayout>
+
+    </ScrollView>
+
+</merge>
\ No newline at end of file
diff --git a/app/src/main/res/values-et/strings.xml b/app/src/main/res/values-et/strings.xml
index e2acd132f..2131dddec 100644
--- a/app/src/main/res/values-et/strings.xml
+++ b/app/src/main/res/values-et/strings.xml
@@ -44,6 +44,15 @@
     <!-- Main Settings -->
     <string name="main_settings_title">Seaded</string>
     <string name="main_settings_access_button">Ligipääs</string>
+    <string name="main_settings_proxy_button">Proksi</string>
+    <string name="main_settings_proxy_no_proxy">Ei kasuta proksit</string>
+    <string name="main_settings_proxy_use_system">Kasuta süsteemseid proksi seadeid</string>
+    <string name="main_settings_proxy_manual">Proksi seaded määratakse käsitsi</string>
+    <string name="main_settings_proxy_host">Host</string>
+    <string name="main_settings_proxy_port">Port</string>
+    <string name="main_settings_proxy_username">Kasutajanimi</string>
+    <string name="main_settings_proxy_password">Parool</string>
+    <string name="main_settings_proxy_allow_ssl">Luba proksi kasutamine SSL-ühenduste jaoks</string>
     <string name="main_settings_role_and_address_button">Roll ja aadress</string>
     <string name="main_settings_phone_no_title">Riigikood ja telefoninumber</string>
     <string name="main_settings_personal_code_title">Isikukood</string>
diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml
index de0034763..c5384a8a5 100644
--- a/app/src/main/res/values-ru/strings.xml
+++ b/app/src/main/res/values-ru/strings.xml
@@ -44,6 +44,15 @@
     <!-- Main Settings -->
     <string name="main_settings_title">Настройки</string>
     <string name="main_settings_access_button">Доступ</string>
+    <string name="main_settings_proxy_button">Прокси</string>
+    <string name="main_settings_proxy_no_proxy">Прокси не используется</string>
+    <string name="main_settings_proxy_use_system">Использовать системные настройки прокси</string>
+    <string name="main_settings_proxy_manual">Настроить прокси вручную</string>
+    <string name="main_settings_proxy_host">Хост</string>
+    <string name="main_settings_proxy_port">Порт</string>
+    <string name="main_settings_proxy_username">Имя пользователя</string>
+    <string name="main_settings_proxy_password">Пароль</string>
+    <string name="main_settings_proxy_allow_ssl">Включить прокси-сервер для подключения SSL</string>
     <string name="main_settings_role_and_address_button">Роль и адрес</string>
     <string name="main_settings_phone_no_title">Код страны и телефонный номер</string>
     <string name="main_settings_personal_code_title">Личный код</string>
diff --git a/app/src/main/res/values/ids.xml b/app/src/main/res/values/ids.xml
index b98c9ffb7..509243d72 100644
--- a/app/src/main/res/values/ids.xml
+++ b/app/src/main/res/values/ids.xml
@@ -67,9 +67,21 @@
     <!-- Main Settings -->
     <item type="id" name="mainSettingsScreen" />
     <item type="id" name="mainSettingsAccessScreen" />
-    <item type="id" name="mainSettingsRoleAndAddressScreen" />
+    <item type="id" name="mainSettingsProxyScreen" />
     <item type="id" name="mainSettingsFragment" />
     <item type="id" name="mainSettingsAccessCategory" />
+    <item type="id" name="mainSettingsProxyCategory" />
+    <item type="id" name="mainSettingsProxyGroup" />
+    <item type="id" name="mainSettingsProxyNoProxy" />
+    <item type="id" name="mainSettingsProxyUseSystem" />
+    <item type="id" name="mainSettingsProxyManual" />
+    <item type="id" name="mainSettingsProxyHost" />
+    <item type="id" name="mainSettingsProxyPortLayout" />
+    <item type="id" name="mainSettingsProxyPort" />
+    <item type="id" name="mainSettingsProxyUsername" />
+    <item type="id" name="mainSettingsProxyPassword" />
+    <item type="id" name="mainSettingsProxyAllowSSL" />
+    <item type="id" name="mainSettingsRoleAndAddressScreen" />
     <item type="id" name="mainSettingsRoleAndAddressCategory" />
     <item type="id" name="mainSettingsOpenAllFileTypes" />
     <item type="id" name="mainSettingsAllowScreenshots" />
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index f2f0205f0..f19b1b99f 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -44,6 +44,15 @@
     <!-- Main Settings -->
     <string name="main_settings_title">Settings</string>
     <string name="main_settings_access_button">Access</string>
+    <string name="main_settings_proxy_button">Proxy</string>
+    <string name="main_settings_proxy_no_proxy">No proxy</string>
+    <string name="main_settings_proxy_use_system">Use system proxy settings</string>
+    <string name="main_settings_proxy_manual">Manual proxy configuration</string>
+    <string name="main_settings_proxy_host">Host</string>
+    <string name="main_settings_proxy_port">Port</string>
+    <string name="main_settings_proxy_username">Username</string>
+    <string name="main_settings_proxy_password">Password</string>
+    <string name="main_settings_proxy_allow_ssl">Enable proxy for SSL connections</string>
     <string name="main_settings_role_and_address_button">Role and address</string>
     <string name="main_settings_phone_no_title">Country code and phone number</string>
     <string name="main_settings_personal_code_title">Personal code</string>
diff --git a/build.gradle b/build.gradle
index 44be9d5b9..91da3c126 100755
--- a/build.gradle
+++ b/build.gradle
@@ -48,6 +48,7 @@ ext {
     androidxConstraintlayoutVersion = '2.1.4'
     androidxCoreVersion = '1.10.1'
     androidxWorkRuntime = '2.8.1'
+    androidxSecurityCrypto = '1.0.0'
     androidxPreference = '1.2.0'
     androidSupportTestVersion = '1.0.2'
     preferencexVersion = '1.1.0'
diff --git a/common-lib/src/main/java/ee/ria/DigiDoc/common/ManualProxy.java b/common-lib/src/main/java/ee/ria/DigiDoc/common/ManualProxy.java
new file mode 100644
index 000000000..d7f0fca2e
--- /dev/null
+++ b/common-lib/src/main/java/ee/ria/DigiDoc/common/ManualProxy.java
@@ -0,0 +1,47 @@
+package ee.ria.DigiDoc.common;
+
+public class ManualProxy {
+    private String host;
+    private int port;
+    private String username;
+    private String password;
+
+    public ManualProxy(String host, int port, String username, String password) {
+        this.host = host;
+        this.port = port;
+        this.username = username;
+        this.password = password;
+    }
+
+    public String getHost() {
+        return host;
+    }
+
+    public void setHost(String host) {
+        this.host = host;
+    }
+
+    public int getPort() {
+        return port;
+    }
+
+    public void setPort(int port) {
+        this.port = port;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}
diff --git a/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyConfig.java b/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyConfig.java
new file mode 100644
index 000000000..d82636e6a
--- /dev/null
+++ b/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyConfig.java
@@ -0,0 +1,27 @@
+package ee.ria.DigiDoc.common;
+
+import androidx.annotation.Nullable;
+
+import java.net.Proxy;
+
+import okhttp3.Authenticator;
+
+public final class ProxyConfig {
+    @Nullable
+    private final Proxy proxy;
+    private final Authenticator authenticator;
+
+    public ProxyConfig(@Nullable Proxy proxy, Authenticator authenticator) {
+        this.proxy = proxy;
+        this.authenticator = authenticator;
+    }
+
+    @Nullable
+    public Proxy proxy() {
+        return proxy;
+    }
+
+    public Authenticator authenticator() {
+        return authenticator;
+    }
+}
diff --git a/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxySetting.java b/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxySetting.java
new file mode 100644
index 000000000..65a0bbe3c
--- /dev/null
+++ b/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxySetting.java
@@ -0,0 +1,7 @@
+package ee.ria.DigiDoc.common;
+
+public enum ProxySetting {
+    NO_PROXY,
+    SYSTEM_PROXY,
+    MANUAL_PROXY
+}
diff --git a/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyUtil.java b/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyUtil.java
new file mode 100644
index 000000000..1c7887e1e
--- /dev/null
+++ b/common-lib/src/main/java/ee/ria/DigiDoc/common/ProxyUtil.java
@@ -0,0 +1,71 @@
+package ee.ria.DigiDoc.common;
+
+import static java.net.Proxy.Type.HTTP;
+
+import androidx.annotation.Nullable;
+
+import org.apache.commons.lang3.math.NumberUtils;
+
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+import java.util.concurrent.CompletableFuture;
+
+import okhttp3.Authenticator;
+import okhttp3.Credentials;
+
+public class ProxyUtil {
+
+    public static ProxyConfig getProxy(ProxySetting proxySetting, ManualProxy manualProxySettings) {
+        switch (proxySetting) {
+            case NO_PROXY -> {}
+            case SYSTEM_PROXY -> {
+                ManualProxy systemProxy = new ManualProxy(
+                        System.getProperty("http.proxyHost"),
+                        NumberUtils.toInt(System.getProperty("http.proxyPort"), 0),
+                        System.getProperty("http.proxyUser"),
+                        System.getProperty("http.proxyPassword")
+                );
+                Authenticator authenticator = null;
+                if (systemProxy.getUsername() != null && !systemProxy.getUsername().isEmpty() &&
+                        systemProxy.getPassword() != null && !systemProxy.getPassword().isEmpty()) {
+                    authenticator = (route, response) -> {
+                        String credential = Credentials.basic(systemProxy.getUsername(), systemProxy.getPassword());
+                        return response.request().newBuilder()
+                                .header("Proxy-Authorization", credential)
+                                .build();
+                    };
+                }
+                return getProxyConfig(systemProxy, authenticator).join();
+            }
+            case MANUAL_PROXY -> {
+                Authenticator authenticator = (route, response) -> {
+                    String credential = Credentials.basic(manualProxySettings.getUsername(),
+                            manualProxySettings.getPassword());
+                    return response.request().newBuilder()
+                            .header("Proxy-Authorization", credential)
+                            .build();
+                };
+                return getProxyConfig(manualProxySettings, authenticator).join();
+            }
+        }
+        return new ProxyConfig(null, Authenticator.NONE);
+    }
+
+    public static boolean useHTTPSProxy(boolean isProxySSLEnabled, ManualProxy manualProxySettings) {
+        String host = manualProxySettings.getHost();
+        if (host != null) {
+            return isProxySSLEnabled || !host.isEmpty() && !host.startsWith("https");
+        }
+        return false;
+    }
+
+    private static CompletableFuture<ProxyConfig> getProxyConfig(@Nullable ManualProxy manualProxy, Authenticator authenticator) {
+        return CompletableFuture.supplyAsync(() -> {
+            if (manualProxy != null && manualProxy.getHost() != null && !manualProxy.getHost().isEmpty()) {
+                Proxy proxy = new Proxy(HTTP, new InetSocketAddress(manualProxy.getHost(), manualProxy.getPort()));
+                return new ProxyConfig(proxy, authenticator != null ? authenticator : Authenticator.NONE);
+            }
+            return new ProxyConfig(null, authenticator != null ? authenticator : Authenticator.NONE);
+        });
+    }
+}
diff --git a/common-lib/src/main/res/values/donottranslate.xml b/common-lib/src/main/res/values/donottranslate.xml
index fe10acb0b..0c7c2f214 100644
--- a/common-lib/src/main/res/values/donottranslate.xml
+++ b/common-lib/src/main/res/values/donottranslate.xml
@@ -3,4 +3,14 @@
     <string name="main_diagnostics_logging_key">main_diagnostics_logging</string>
     <string name="main_diagnostics_logging_running_key">main_diagnostics_logging_running</string>
     <string name="main_settings_tsa_cert_key">main_settings_tsa_cert</string>
+
+
+    <string name="main_settings_proxy_setting_key">main_settings_proxy_setting</string>
+    <string name="main_settings_proxy_host_key">main_settings_proxy_host</string>
+    <string name="main_settings_proxy_port_key">main_settings_proxy_port</string>
+    <string name="main_settings_proxy_username_key">main_settings_proxy_username</string>
+    <string name="main_settings_proxy_password_key">main_settings_proxy_password</string>
+    <string name="main_settings_proxy_ssl_enabled_key">mainSettingsProxySSLEnabled</string>
+
+
 </resources>
\ No newline at end of file
diff --git a/configuration-lib/build.gradle b/configuration-lib/build.gradle
index ecfd6e33c..a3d885a2a 100644
--- a/configuration-lib/build.gradle
+++ b/configuration-lib/build.gradle
@@ -40,6 +40,7 @@ dependencies {
     api "com.google.code.gson:gson:${gsonVersion}"
 
     implementation "androidx.core:core:${androidxCoreVersion}"
+    implementation "androidx.preference:preference:${androidxPreference}"
     implementation "com.jakewharton.timber:timber:${timberVersion}"
     implementation "com.google.auto.value:auto-value-annotations:${autoValueVersion}"
     implementation "commons-io:commons-io:${commonsioVersion}"
diff --git a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationConstants.java b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationConstants.java
index e737b0278..7060b77f4 100644
--- a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationConstants.java
+++ b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationConstants.java
@@ -6,4 +6,10 @@ public interface ConfigurationConstants {
     String CONFIGURATION_RESULT_RECEIVER = "ee.ria.mopp.configuration.CONFIGURATION_RESULT_RECEIVER";
     String CONFIGURATION_PROVIDER = "ee.ria.mopp.configuration.CONFIGURATION_PROVIDER";
     String LAST_CONFIGURATION_UPDATE = "ee.ria.mopp.configuration.LAST_CONFIGURATION_UPDATE";
+
+    String PROXY_SETTING = "ee.ria.mopp.configuration.PROXY_SETTING";
+    String MANUAL_PROXY_HOST = "ee.ria.mopp.configuration.HOST";
+    String MANUAL_PROXY_PORT = "ee.ria.mopp.configuration.PORT";
+    String MANUAL_PROXY_USERNAME = "ee.ria.mopp.configuration.USERNAME";
+    String MANUAL_PROXY_PASSWORD = "ee.ria.mopp.configuration.PASSWORD";
 }
diff --git a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationManager.java b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationManager.java
index 4823ee8bd..376178c33 100644
--- a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationManager.java
+++ b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/ConfigurationManager.java
@@ -92,7 +92,7 @@ public ConfigurationManager(Context context, ConfigurationProperties configurati
         this.cachedConfigurationHandler = cachedConfigurationHandler;
         this.centralConfigurationServiceUrl = configurationProperties.getCentralConfigurationServiceUrl();
         this.configurationProperties = configurationProperties;
-        this.centralConfigurationLoader = new CentralConfigurationLoader(centralConfigurationServiceUrl, userAgent);
+        this.centralConfigurationLoader = new CentralConfigurationLoader(context, centralConfigurationServiceUrl, userAgent);
         this.defaultConfigurationLoader = new DefaultConfigurationLoader(context.getAssets());
         this.cachedConfigurationLoader = new CachedConfigurationLoader(cachedConfigurationHandler);
         this.context = context;
diff --git a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationClient.java b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationClient.java
index f8a1d369b..3d55e7a65 100644
--- a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationClient.java
+++ b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationClient.java
@@ -1,8 +1,21 @@
 package ee.ria.DigiDoc.configuration.loader;
 
+import android.content.Context;
+import android.content.SharedPreferences;
+
+import androidx.preference.PreferenceManager;
+
 import java.io.IOException;
+import java.net.Proxy;
+import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
 
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxyConfig;
+import ee.ria.DigiDoc.common.ProxySetting;
+import ee.ria.DigiDoc.common.ProxyUtil;
+import ee.ria.DigiDoc.configuration.R;
+import okhttp3.Authenticator;
 import okhttp3.Call;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -17,25 +30,29 @@ class CentralConfigurationClient {
     private final String centralConfigurationServiceUrl;
     private final String userAgent;
 
-    CentralConfigurationClient(String centralConfigurationServiceUrl, String userAgent) {
+    CentralConfigurationClient(Context context, String centralConfigurationServiceUrl, String userAgent) {
         this.centralConfigurationServiceUrl = centralConfigurationServiceUrl;
-        httpClient = constructHttpClient();
+        httpClient = constructHttpClient(context);
         this.userAgent = userAgent;
     }
 
     String getConfiguration() {
-        return requestData(centralConfigurationServiceUrl + "/config.json");
+        CompletableFuture<String> future = requestData(centralConfigurationServiceUrl + "/config.json");
+        return future.join();
     }
 
     String getConfigurationSignature() {
-        return requestData(centralConfigurationServiceUrl + "/config.rsa");
+        CompletableFuture<String> future = requestData(centralConfigurationServiceUrl + "/config.rsa");
+        return future.join();
     }
 
     String getConfigurationSignaturePublicKey() {
-        return requestData(centralConfigurationServiceUrl + "/config.pub");
+        CompletableFuture<String> future = requestData(centralConfigurationServiceUrl + "/config.pub");
+        return future.join();
     }
 
-    private String requestData(String url) {
+    private CompletableFuture<String> requestData(String url) {
+        CompletableFuture<String> result = new CompletableFuture<>();
 
         Request request = new Request.Builder()
                 .url(url)
@@ -43,38 +60,80 @@ private String requestData(String url) {
                 .addHeader("User-Agent", userAgent)
                 .build();
 
-        Call call = httpClient.newCall(request);
-        try {
-            Response response = call.execute();
-            if (response.code() != 200) {
-                throw new CentralConfigurationException("Service responded with not OK status code " + response.code());
-            }
-            ResponseBody responseBody = response.body();
-            if (responseBody == null) {
-                throw new CentralConfigurationException("Service responded with empty body");
-            }
-            return responseBody.string();
-        } catch (IOException e) {
-            throw new CentralConfigurationException("Something went wrong during fetching configuration", e);
+        if (httpClient != null) {
+            CompletableFuture.runAsync(() -> {
+                Call call = httpClient.newCall(request);
+                try {
+                    Response response = call.execute();
+                    if (response.code() != 200) {
+                        result.completeExceptionally(new CentralConfigurationException("Service responded with not OK status code " + response.code()));
+                        return;
+                    }
+                    ResponseBody responseBody = response.body();
+                    if (responseBody == null) {
+                        result.completeExceptionally(new CentralConfigurationException("Service responded with empty body"));
+                        return;
+                    }
+                    result.complete(responseBody.string());
+                } catch (IOException e) {
+                    result.completeExceptionally(new CentralConfigurationException("Something went wrong during fetching configuration", e));
+                }
+            });
+        } else {
+            result.completeExceptionally(new CentralConfigurationException("Unable to fetch configuration"));
         }
+
+        return result;
+    }
+
+    private static ProxySetting getProxySetting(Context context) {
+        SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
+        String proxySettingPreference = sharedPreferences.getString(context.getString(R.string.main_settings_proxy_setting_key), ProxySetting.NO_PROXY.name());
+        return ProxySetting.valueOf(proxySettingPreference);
+    }
+
+    private static ManualProxy getManualProxySettings(Context context) {
+        SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
+        String host = sharedPreferences.getString(context.getString(R.string.main_settings_proxy_host_key), "");
+        int port = sharedPreferences.getInt(context.getString(R.string.main_settings_proxy_port_key), 0);
+        String username = sharedPreferences.getString(context.getString(R.string.main_settings_proxy_username_key), "");
+        String password = sharedPreferences.getString(context.getString(R.string.main_settings_proxy_password_key), "");
+        return new ManualProxy(host, port, username, password);
+    }
+
+    private static boolean isProxySSLEnabled(Context context) {
+        SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
+        return sharedPreferences.getBoolean(context.getString(R.string.main_settings_proxy_ssl_enabled_key), true);
     }
 
-    private OkHttpClient constructHttpClient() {
+    private static OkHttpClient constructHttpClient(Context context) {
         try {
-            OkHttpClient.Builder builder = constructClientBuilder();
+            OkHttpClient.Builder builder = constructClientBuilder(context);
             return builder.build();
         } catch (Exception e) {
-            throw new IllegalStateException("Failed to construct HTTP client",e);
+            throw new IllegalStateException("Failed to construct HTTP client", e);
         }
     }
 
-    private OkHttpClient.Builder constructClientBuilder() {
-        return new OkHttpClient.Builder()
+    private static OkHttpClient.Builder constructClientBuilder(Context context) {
+        OkHttpClient.Builder builder = new OkHttpClient.Builder()
                 .hostnameVerifier(OkHostnameVerifier.INSTANCE)
                 .connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                 .readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                 .callTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                 .writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS);
+
+        if (context != null) {
+            boolean isProxySSLEnabled = isProxySSLEnabled(context);
+            ProxySetting proxySetting = getProxySetting(context);
+            ProxyConfig proxyConfig = ProxyUtil.getProxy(proxySetting, getManualProxySettings(context));
+            boolean useHTTPSProxy = proxySetting != ProxySetting.MANUAL_PROXY || ProxyUtil.useHTTPSProxy(isProxySSLEnabled, getManualProxySettings(context));
+
+            builder.proxy(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Proxy.NO_PROXY : proxyConfig.proxy())
+                    .proxyAuthenticator(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Authenticator.NONE : proxyConfig.authenticator());
+        }
+
+        return builder;
     }
 
     static class CentralConfigurationException extends RuntimeException {
diff --git a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationLoader.java b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationLoader.java
index c6b5ff7d9..3159f948c 100644
--- a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationLoader.java
+++ b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/loader/CentralConfigurationLoader.java
@@ -4,8 +4,6 @@
 
 import org.bouncycastle.util.encoders.Base64;
 
-import java.security.cert.X509Certificate;
-
 /**
  * Configuration loader from central configuration service.
  */
@@ -13,8 +11,8 @@ public class CentralConfigurationLoader extends ConfigurationLoader {
 
     private final CentralConfigurationClient configurationClient;
 
-    public CentralConfigurationLoader(String configurationServiceUrl, String userAgent) {
-        this.configurationClient = new CentralConfigurationClient(configurationServiceUrl, userAgent);
+    public CentralConfigurationLoader(Context context, String configurationServiceUrl, String userAgent) {
+        this.configurationClient = new CentralConfigurationClient(context, configurationServiceUrl, userAgent);
     }
 
     @Override
diff --git a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/task/FetchAndPackageDefaultConfigurationTask.java b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/task/FetchAndPackageDefaultConfigurationTask.java
index 523f9c127..03bf7d527 100644
--- a/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/task/FetchAndPackageDefaultConfigurationTask.java
+++ b/configuration-lib/src/main/java/ee/ria/DigiDoc/configuration/task/FetchAndPackageDefaultConfigurationTask.java
@@ -47,7 +47,7 @@ public static void main(String[] args) {
     private static void loadAndStoreDefaultConfiguration(String[] args) {
         FetchAndPackageDefaultConfigurationTask.buildVariant = "main";
         String configurationServiceUrl = determineCentralConfigurationServiceUrl(args);
-        CentralConfigurationLoader confLoader = new CentralConfigurationLoader(configurationServiceUrl,"Jenkins");
+        CentralConfigurationLoader confLoader = new CentralConfigurationLoader(null, configurationServiceUrl, "Jenkins");
         loadAndAssertConfiguration(confLoader, configurationServiceUrl, args);
     }
 
diff --git a/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/rest/ServiceGenerator.java b/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/rest/ServiceGenerator.java
index b5f876062..9396d723d 100644
--- a/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/rest/ServiceGenerator.java
+++ b/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/rest/ServiceGenerator.java
@@ -26,6 +26,7 @@
 
 import org.bouncycastle.util.encoders.Base64;
 
+import java.net.Proxy;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
@@ -41,7 +42,12 @@
 import javax.net.ssl.X509TrustManager;
 
 import ee.ria.DigiDoc.common.CertificateUtil;
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxyConfig;
+import ee.ria.DigiDoc.common.ProxySetting;
+import ee.ria.DigiDoc.common.ProxyUtil;
 import ee.ria.DigiDoc.mobileid.BuildConfig;
+import okhttp3.Authenticator;
 import okhttp3.CertificatePinner;
 import okhttp3.OkHttpClient;
 import okhttp3.Request;
@@ -60,20 +66,37 @@ public class ServiceGenerator {
 
     private static HttpLoggingInterceptor loggingInterceptor;
 
-    public static <S> S createService(Class<S> serviceClass, SSLContext sslContext, String midSignServiceUrl, ArrayList<String> certBundle, TrustManager[] trustManagers, Context context) throws CertificateException, NoSuchAlgorithmException {
+    public static <S> S createService(Class<S> serviceClass, SSLContext sslContext,
+                                      String midSignServiceUrl, ArrayList<String> certBundle,
+                                      TrustManager[] trustManagers, boolean isProxySSLEnabled,
+                                      ProxySetting proxySetting, ManualProxy manualProxySettings,
+                                      Context context) throws CertificateException, NoSuchAlgorithmException {
         Timber.log(Log.DEBUG, "Creating new retrofit instance");
         return new Retrofit.Builder()
                 .baseUrl(midSignServiceUrl + "/")
                 .addConverterFactory(ScalarsConverterFactory.create())
                 .addConverterFactory(GsonConverterFactory.create())
-                .client(buildHttpClient(sslContext, midSignServiceUrl, certBundle, trustManagers, context))
+                .client(buildHttpClient(sslContext, midSignServiceUrl, certBundle, trustManagers,
+                        isProxySSLEnabled, proxySetting, manualProxySettings, context))
                 .build()
                 .create(serviceClass);
     }
 
-    private static OkHttpClient buildHttpClient(SSLContext sslContext, String midSignServiceUrl, ArrayList<String> certBundle, TrustManager[] trustManagers, Context context) throws CertificateException, NoSuchAlgorithmException {
+    private static OkHttpClient buildHttpClient(SSLContext sslContext, String midSignServiceUrl,
+                                                ArrayList<String> certBundle,
+                                                TrustManager[] trustManagers,
+                                                boolean isProxySSLEnabled,
+                                                ProxySetting proxySetting,
+                                                ManualProxy manualProxySettings,
+                                                Context context) throws CertificateException, NoSuchAlgorithmException {
         Timber.log(Log.DEBUG, "Building new httpClient");
+
+        ProxyConfig proxyConfig = ProxyUtil.getProxy(proxySetting, manualProxySettings);
+        boolean useHTTPSProxy = proxySetting != ProxySetting.MANUAL_PROXY || ProxyUtil.useHTTPSProxy(isProxySSLEnabled, manualProxySettings);
+
         OkHttpClient.Builder httpClientBuilder = new OkHttpClient.Builder()
+                .proxy(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Proxy.NO_PROXY : proxyConfig.proxy())
+                .proxyAuthenticator(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Authenticator.NONE : proxyConfig.authenticator())
                 .connectTimeout(120, TimeUnit.SECONDS)
                 .readTimeout(120, TimeUnit.SECONDS)
                 .writeTimeout(120, TimeUnit.SECONDS)
diff --git a/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignConstants.java b/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignConstants.java
index 25cf60c7c..ac123ea8c 100644
--- a/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignConstants.java
+++ b/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignConstants.java
@@ -33,4 +33,10 @@ public interface MobileSignConstants {
     String CREATE_SIGNATURE_CHALLENGE = "ee.ria.mopp.androidmobileid.MID_CHALLENGE";
     String CREATE_SIGNATURE_STATUS = "ee.ria.mopp.androidmobileid.CREATE_SIGNATURE_STATUS";
     String SERVICE_FAULT = "ee.ria.mopp.androidmobileid.SERVICE_FAULT";
+    String PROXY_SETTING = "ee.ria.mopp.androidmobileid.PROXY_SETTING";
+    String MANUAL_PROXY_HOST = "ee.ria.mopp.androidmobileid.HOST";
+    String MANUAL_PROXY_PORT = "ee.ria.mopp.androidmobileid.PORT";
+    String MANUAL_PROXY_USERNAME = "ee.ria.mopp.androidmobileid.USERNAME";
+    String MANUAL_PROXY_PASSWORD = "ee.ria.mopp.androidmobileid.PASSWORD";
+    String PROXY_IS_SSL_ENABLED = "ee.ria.mopp.androidmobileid.PROXY_IS_SSL_ENABLED";
 }
diff --git a/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignService.java b/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignService.java
index b6b440a7a..9edca5988 100644
--- a/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignService.java
+++ b/mobile-id-lib/src/main/java/ee/ria/DigiDoc/mobileid/service/MobileSignService.java
@@ -19,11 +19,18 @@
 
 package ee.ria.DigiDoc.mobileid.service;
 
+import static ee.ria.DigiDoc.common.ProxySetting.MANUAL_PROXY;
 import static ee.ria.DigiDoc.common.SigningUtil.checkSigningCancelled;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.ACCESS_TOKEN_PASS;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.ACCESS_TOKEN_PATH;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.CERTIFICATE_CERT_BUNDLE;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.CREATE_SIGNATURE_REQUEST;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_HOST;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_PASSWORD;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_PORT;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.MANUAL_PROXY_USERNAME;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.PROXY_IS_SSL_ENABLED;
+import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.PROXY_SETTING;
 import static ee.ria.DigiDoc.mobileid.service.MobileSignConstants.SIGNING_ROLE_DATA;
 
 import android.content.Context;
@@ -66,7 +73,9 @@
 import javax.net.ssl.TrustManager;
 
 import ee.ria.DigiDoc.common.ContainerWrapper;
+import ee.ria.DigiDoc.common.ManualProxy;
 import ee.ria.DigiDoc.common.MessageUtil;
+import ee.ria.DigiDoc.common.ProxySetting;
 import ee.ria.DigiDoc.common.RoleData;
 import ee.ria.DigiDoc.common.TrustManagerUtil;
 import ee.ria.DigiDoc.common.UUIDUtil;
@@ -111,6 +120,9 @@ public class MobileSignService extends Worker {
     private final String accessTokenPath;
     private final String accessTokenPass;
     private final ArrayList<String> certificateCertBundle;
+    private final boolean isProxySSLEnabled;
+    private final ProxySetting proxySetting;
+    private final ManualProxy manualProxySettings;
     private final CountDownLatch countDownLatch = new CountDownLatch(1);
 
     public MobileSignService(@NonNull Context context, @NonNull WorkerParameters workerParameters) {
@@ -130,6 +142,25 @@ public MobileSignService(@NonNull Context context, @NonNull WorkerParameters wor
 
         Type arraylistType = new TypeToken<ArrayList<String>>() {}.getType();
         certificateCertBundle = new Gson().fromJson(certBundleList, arraylistType);
+
+        isProxySSLEnabled = workerParameters.getInputData().getBoolean(PROXY_IS_SSL_ENABLED, true);
+
+        proxySetting = ProxySetting.valueOf(workerParameters.getInputData().getString(PROXY_SETTING));
+
+        if (MANUAL_PROXY.equals(proxySetting)) {
+            String proxySettingString = workerParameters.getInputData().getString(MANUAL_PROXY_HOST);
+            if (proxySettingString != null && proxySettingString.isEmpty()) {
+                broadcastFault(new RESTServiceFault(MobileCreateSignatureSessionStatusResponse.ProcessStatus.GENERAL_ERROR));
+                throw new IllegalArgumentException("Proxy setting cannot be empty");
+            }
+        }
+
+        manualProxySettings = new ManualProxy(
+                workerParameters.getInputData().getString(MANUAL_PROXY_HOST),
+                workerParameters.getInputData().getInt(MANUAL_PROXY_PORT, 0),
+                workerParameters.getInputData().getString(MANUAL_PROXY_USERNAME),
+                workerParameters.getInputData().getString(MANUAL_PROXY_PASSWORD)
+        );
     }
 
     @NonNull
@@ -163,7 +194,8 @@ public Result doWork() {
             try {
                 if (certificateCertBundle != null) {
                     midRestServiceClient = ServiceGenerator.createService(MIDRestServiceClient.class,
-                            restSSLConfig, request.getUrl(), certificateCertBundle, trustManagers, getApplicationContext());
+                            restSSLConfig, request.getUrl(), certificateCertBundle, trustManagers,
+                            isProxySSLEnabled, proxySetting, manualProxySettings, getApplicationContext());
                 } else {
                     Timber.log(Log.DEBUG, "Certificate cert bundle is null");
                     return Result.failure();
diff --git a/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/rest/ServiceGenerator.java b/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/rest/ServiceGenerator.java
index 0b6630dbf..4dd53eb93 100644
--- a/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/rest/ServiceGenerator.java
+++ b/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/rest/ServiceGenerator.java
@@ -27,6 +27,7 @@
 
 import org.bouncycastle.util.encoders.Base64;
 
+import java.net.Proxy;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
@@ -39,7 +40,12 @@
 import java.util.concurrent.TimeUnit;
 
 import ee.ria.DigiDoc.common.CertificateUtil;
+import ee.ria.DigiDoc.common.ManualProxy;
+import ee.ria.DigiDoc.common.ProxyConfig;
+import ee.ria.DigiDoc.common.ProxySetting;
+import ee.ria.DigiDoc.common.ProxyUtil;
 import ee.ria.DigiDoc.smartid.BuildConfig;
+import okhttp3.Authenticator;
 import okhttp3.CertificatePinner;
 import okhttp3.Headers;
 import okhttp3.OkHttpClient;
@@ -56,22 +62,37 @@ public class ServiceGenerator {
 
     private static HttpLoggingInterceptor loggingInterceptor;
 
-    public static <S> S createService(Class<S> serviceClass, String sidSignServiceUrl, ArrayList<String> certBundle, Context context)
+    public static <S> S createService(Class<S> serviceClass, String sidSignServiceUrl,
+                                      ArrayList<String> certBundle, boolean isProxySSLEnabled,
+                                      ProxySetting proxySetting, ManualProxy manualProxySettings,
+                                      Context context)
             throws CertificateException, NoSuchAlgorithmException {
         Timber.log(Log.DEBUG, "Creating new retrofit instance");
         return new Retrofit.Builder()
                 .baseUrl(sidSignServiceUrl)
                 .addConverterFactory(ScalarsConverterFactory.create())
                 .addConverterFactory(GsonConverterFactory.create())
-                .client(buildHttpClient(sidSignServiceUrl, certBundle, context))
+                .client(buildHttpClient(sidSignServiceUrl, certBundle, isProxySSLEnabled,
+                        proxySetting, manualProxySettings, context))
                 .build()
                 .create(serviceClass);
     }
 
-    private static OkHttpClient buildHttpClient(String sidSignServiceUrl, ArrayList<String> certBundle, Context context)
+    private static OkHttpClient buildHttpClient(String sidSignServiceUrl,
+                                                ArrayList<String> certBundle,
+                                                boolean isProxySSLEnabled,
+                                                ProxySetting proxySetting,
+                                                ManualProxy manualProxySettings,
+                                                Context context)
             throws CertificateException, NoSuchAlgorithmException {
         Timber.log(Log.DEBUG, "Building new httpClient");
+
+        ProxyConfig proxyConfig = ProxyUtil.getProxy(proxySetting, manualProxySettings);
+        boolean useHTTPSProxy = proxySetting != ProxySetting.MANUAL_PROXY || ProxyUtil.useHTTPSProxy(isProxySSLEnabled, manualProxySettings);
+
         OkHttpClient.Builder httpClientBuilder = new OkHttpClient.Builder()
+                .proxy(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Proxy.NO_PROXY : proxyConfig.proxy())
+                .proxyAuthenticator(proxySetting == ProxySetting.NO_PROXY || !useHTTPSProxy ? Authenticator.NONE : proxyConfig.authenticator())
                 .connectTimeout(120, TimeUnit.SECONDS)
                 .readTimeout(120, TimeUnit.SECONDS)
                 .writeTimeout(120, TimeUnit.SECONDS)
diff --git a/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignConstants.java b/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignConstants.java
index 8aa63ce28..c23505f58 100644
--- a/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignConstants.java
+++ b/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignConstants.java
@@ -33,6 +33,12 @@ public interface SmartSignConstants {
     String CREATE_SIGNATURE_CHALLENGE = "ee.ria.mopp.android.smartid.SID_CHALLENGE";
     String CREATE_SIGNATURE_STATUS = "ee.ria.mopp.android.smartid.CREATE_SIGNATURE_STATUS";
     String SERVICE_FAULT = "ee.ria.mopp.android.smartid.SERVICE_FAULT";
+    String PROXY_SETTING = "ee.ria.mopp.smartid.PROXY_SETTING";
+    String MANUAL_PROXY_HOST = "ee.ria.mopp.smartid.HOST";
+    String MANUAL_PROXY_PORT = "ee.ria.mopp.smartid.PORT";
+    String MANUAL_PROXY_USERNAME = "ee.ria.mopp.smartid.USERNAME";
+    String MANUAL_PROXY_PASSWORD = "ee.ria.mopp.smartid.PASSWORD";
+    String PROXY_IS_SSL_ENABLED = "ee.ria.mopp.smartid.PROXY_IS_SSL_ENABLED";
 
     String NOTIFICATION_CHANNEL = "SMART_ID_CHANNEL";
     int NOTIFICATION_PERMISSION_CODE = 1;
diff --git a/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignService.java b/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignService.java
index 79619e26b..c4c7285d8 100644
--- a/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignService.java
+++ b/smart-id-lib/src/main/java/ee/ria/DigiDoc/smartid/service/SmartSignService.java
@@ -23,8 +23,14 @@
 import static ee.ria.DigiDoc.common.SigningUtil.checkSigningCancelled;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.CERTIFICATE_CERT_BUNDLE;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.CREATE_SIGNATURE_REQUEST;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_HOST;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_PASSWORD;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_PORT;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.MANUAL_PROXY_USERNAME;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.NOTIFICATION_CHANNEL;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.NOTIFICATION_PERMISSION_CODE;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.PROXY_IS_SSL_ENABLED;
+import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.PROXY_SETTING;
 import static ee.ria.DigiDoc.smartid.service.SmartSignConstants.SIGNING_ROLE_DATA;
 
 import android.app.Notification;
@@ -58,9 +64,11 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 
 import ee.ria.DigiDoc.common.ContainerWrapper;
+import ee.ria.DigiDoc.common.ManualProxy;
 import ee.ria.DigiDoc.common.MessageUtil;
 import ee.ria.DigiDoc.common.NotificationUtil;
 import ee.ria.DigiDoc.common.PowerUtil;
+import ee.ria.DigiDoc.common.ProxySetting;
 import ee.ria.DigiDoc.common.RoleData;
 import ee.ria.DigiDoc.common.UUIDUtil;
 import ee.ria.DigiDoc.common.VerificationCodeUtil;
@@ -99,6 +107,11 @@ public class SmartSignService extends Worker {
     private final String signatureRequest;
     private final ArrayList<String> certificateCertBundle;
 
+    private final boolean isProxySSLEnabled;
+
+    private final ProxySetting proxySetting;
+    private final ManualProxy manualProxySettings;
+
     public SmartSignService(@NonNull Context context, @NonNull WorkerParameters workerParameters) {
         super(context, workerParameters);
         Timber.tag(TAG);
@@ -114,6 +127,23 @@ public SmartSignService(@NonNull Context context, @NonNull WorkerParameters work
 
         Type arraylistType = new TypeToken<ArrayList<String>>() {}.getType();
         certificateCertBundle = new Gson().fromJson(certBundleList, arraylistType);
+
+        String proxySettingString = workerParameters.getInputData().getString(MANUAL_PROXY_HOST);
+        if (proxySettingString != null && proxySettingString.isEmpty()) {
+            broadcastFault(new ServiceFault(SessionStatusResponse.ProcessStatus.GENERAL_ERROR));
+            throw new IllegalArgumentException("Proxy setting cannot be empty");
+        }
+
+        isProxySSLEnabled = workerParameters.getInputData().getBoolean(PROXY_IS_SSL_ENABLED, true);
+
+        proxySetting = ProxySetting.valueOf(workerParameters.getInputData().getString(PROXY_SETTING));
+
+        manualProxySettings = new ManualProxy(
+                workerParameters.getInputData().getString(MANUAL_PROXY_HOST),
+                workerParameters.getInputData().getInt(MANUAL_PROXY_PORT, 0),
+                workerParameters.getInputData().getString(MANUAL_PROXY_USERNAME),
+                workerParameters.getInputData().getString(MANUAL_PROXY_PASSWORD)
+        );
     }
 
     public static void setIsCancelled(boolean isCancelled) {
@@ -149,7 +179,8 @@ public Result doWork() {
                     if (certificateCertBundle != null) {
                         Timber.log(Log.DEBUG, request.toString());
                         SIDRestServiceClient = ServiceGenerator.createService(SIDRestServiceClient.class,
-                                request.getUrl() + "/", certificateCertBundle, getApplicationContext());
+                                request.getUrl() + "/", certificateCertBundle,
+                                isProxySSLEnabled, proxySetting, manualProxySettings, getApplicationContext());
                     }
                 } catch (CertificateException | NoSuchAlgorithmException e) {
                     broadcastFault(new ServiceFault(SessionStatusResponse.ProcessStatus.INVALID_SSL_HANDSHAKE));