diff options
| author | Michal Kepkowski <michal.kepkowski@sagiton.pl> | 2016-03-12 19:32:36 +0100 |
|---|---|---|
| committer | Michal Kepkowski <michal.kepkowski@sagiton.pl> | 2016-03-14 17:41:18 +0100 |
| commit | 6c2efb02353f34ea153f4bf8ed283685ccaad9a9 (patch) | |
| tree | a9578572e5f61cd39bf458ba36bcaf4de6d1a4df | |
| parent | 81e46a7bc3cbed48ab3b7d4267314f55c2fef968 (diff) | |
| download | open-keychain-6c2efb02353f34ea153f4bf8ed283685ccaad9a9.tar.gz open-keychain-6c2efb02353f34ea153f4bf8ed283685ccaad9a9.tar.bz2 open-keychain-6c2efb02353f34ea153f4bf8ed283685ccaad9a9.zip | |
okhttp3
11 files changed, 131 insertions, 113 deletions
diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle index 3b7d03187..8f7f31bed 100644 --- a/OpenKeychain/build.gradle +++ b/OpenKeychain/build.gradle @@ -55,8 +55,8 @@ dependencies { compile 'org.sufficientlysecure:html-textview:1.3' compile 'org.sufficientlysecure:donations:2.4' compile 'com.nispok:snackbar:2.11.0' - compile 'com.squareup.okhttp:okhttp:2.7.5' - compile 'com.squareup.okhttp:okhttp-urlconnection:2.7.5' + compile 'com.squareup.okhttp3:okhttp:3.2.0' + compile 'com.squareup.okhttp3:okhttp-urlconnection:3.2.0' compile 'org.apache.james:apache-mime4j-core:0.7.2' compile 'org.apache.james:apache-mime4j-dom:0.7.2' compile 'org.thoughtcrime.ssl.pinning:AndroidPinning:1.0.0' @@ -105,10 +105,10 @@ dependencyVerification { 'se.emilsjolander:stickylistheaders:a08ca948aa6b220f09d82f16bbbac395f6b78897e9eeac6a9f0b0ba755928eeb', 'org.sufficientlysecure:donations:96f8197bab26dfe41900d824f10f8f1914519cd62eedb77bdac5b223eccdf0a6', 'org.sufficientlysecure:html-textview:39048e35894e582adada388e6c00631803283f8defed8e07ad58a5f284f272ee', - 'com.squareup.okhttp:okhttp:88ac9fd1bb51f82bcc664cc1eb9c225c90dc4389d660231b4cc737bebfe7d0aa', + 'com.squareup.okhttp3:okhttp:a41cdb7b024c56436a21e38f00b4d12e3b7e01451ffe6c4f545acba805bba03b', + 'com.squareup.okhttp3:okhttp-urlconnection:7d6598a6665c166e2d4b78956a96056b9be7de192b3c923ccf4695d08e580833', 'com.nispok:snackbar:46b5eb9d630d329e13c2ce00ee9fb115ffb66c23c72cff32ee97eedd76824c6f', 'org.apache.james:apache-mime4j-core:4d7434c68f94b81a253c12f28e6bbb4d6239c361d6086a46e22e594bb43ac660', - 'com.squareup.okhttp:okhttp-urlconnection:6ae7c527abd2253e7c499ded790174f8f37d9676add63d9e23a76f3ba0588c07', 'org.thoughtcrime.ssl.pinning:AndroidPinning:afa1d74e699257fa75cb109ff29bac50726ef269c6e306bdeffe8223cee06ef4', 'org.apache.james:apache-mime4j-dom:7e6b06ee164a1c21b7e477249ea0b74a18fddce44764e5764085f58dd8c34633', 'com.mikepenz:materialdrawer:4e2644f454cc2ce48b956536d3339957c3f592adb2e0b6dad72d477da29f7677', diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java index faa2a1848..1c592003c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java @@ -23,10 +23,10 @@ import android.net.Uri; import android.support.annotation.NonNull; import android.support.annotation.Nullable; -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.Request; -import com.squareup.okhttp.Response; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.pgp.PgpHelper; import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; @@ -34,6 +34,8 @@ import org.sufficientlysecure.keychain.pgp.UncachedPublicKey; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.util.Log; +import org.sufficientlysecure.keychain.util.OkHttpClientFactory; +import org.sufficientlysecure.keychain.util.TlsHelper; import java.io.IOException; import java.net.Proxy; @@ -104,8 +106,7 @@ public class FacebookKeyserver extends Keyserver { String request = String.format(FB_KEY_URL_FORMAT, fbUsername); Log.d(Constants.TAG, "fetching from Facebook with: " + request + " proxy: " + mProxy); - OkHttpClient client = new OkHttpClient(); - client.setProxy(mProxy); + OkHttpClient client = OkHttpClientFactory.getClient(mProxy); URL url = new URL(request); @@ -126,6 +127,9 @@ public class FacebookKeyserver extends Keyserver { throw new QueryFailedException("Cannot connect to Facebook. " + "Check your Internet connection!" + (mProxy == Proxy.NO_PROXY ? "" : " Using proxy " + mProxy)); + } catch (TlsHelper.TlsHelperException e) { + Log.e(Constants.TAG, "Exception in cert pinning", e); + throw new QueryFailedException("Exception in cert pinning. "); } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java index c2190318b..bdf43b6da 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java @@ -18,16 +18,18 @@ package org.sufficientlysecure.keychain.keyimport; -import com.squareup.okhttp.MediaType; -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.Request; -import com.squareup.okhttp.RequestBody; -import com.squareup.okhttp.Response; + +import okhttp3.MediaType; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.RequestBody; +import okhttp3.Response; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.pgp.PgpHelper; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.util.Log; +import org.sufficientlysecure.keychain.util.OkHttpClientFactory; import org.sufficientlysecure.keychain.util.TlsHelper; import java.io.IOException; @@ -42,7 +44,6 @@ import java.util.Comparator; import java.util.GregorianCalendar; import java.util.Locale; import java.util.TimeZone; -import java.util.concurrent.TimeUnit; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -199,43 +200,12 @@ public class HkpKeyserver extends Keyserver { return mSecure ? "https://" : "http://"; } - /** - * returns a client with pinned certificate if necessary - * - * @param url url to be queried by client - * @param proxy proxy to be used by client - * @return client with a pinned certificate if necessary - */ - public static OkHttpClient getClient(URL url, Proxy proxy) throws IOException { - OkHttpClient client = new OkHttpClient(); - - try { - TlsHelper.usePinnedCertificateIfAvailable(client, url); - } catch (TlsHelper.TlsHelperException e) { - Log.w(Constants.TAG, e); - } - - // don't follow any redirects - client.setFollowRedirects(false); - client.setFollowSslRedirects(false); - - if (proxy != null) { - client.setProxy(proxy); - client.setConnectTimeout(30000, TimeUnit.MILLISECONDS); - } else { - client.setProxy(Proxy.NO_PROXY); - client.setConnectTimeout(5000, TimeUnit.MILLISECONDS); - } - client.setReadTimeout(45000, TimeUnit.MILLISECONDS); - - return client; - } private String query(String request, @NonNull Proxy proxy) throws QueryFailedException, HttpError { try { URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request); Log.d(Constants.TAG, "hkp keyserver query: " + url + " Proxy: " + proxy); - OkHttpClient client = getClient(url, proxy); + OkHttpClient client = OkHttpClientFactory.getPinnedClient(url, proxy); Response response = client.newCall(new Request.Builder().url(url).build()).execute(); String responseBody = response.body().string(); // contains body both in case of success or failure @@ -249,6 +219,9 @@ public class HkpKeyserver extends Keyserver { Log.e(Constants.TAG, "IOException at HkpKeyserver", e); throw new QueryFailedException("Keyserver '" + mHost + "' is unavailable. Check your Internet connection!" + (proxy == Proxy.NO_PROXY ? "" : " Using proxy " + proxy)); + } catch (TlsHelper.TlsHelperException e) { + Log.e(Constants.TAG, "Exception in pinning certs", e); + throw new QueryFailedException("Exception in pinning certs"); } } @@ -413,6 +386,7 @@ public class HkpKeyserver extends Keyserver { Log.d(Constants.TAG, "hkp keyserver add: " + url); Log.d(Constants.TAG, "params: " + params); + RequestBody body = RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), params); Request request = new Request.Builder() @@ -422,7 +396,7 @@ public class HkpKeyserver extends Keyserver { .post(body) .build(); - Response response = getClient(url, mProxy).newCall(request).execute(); + Response response = OkHttpClientFactory.getPinnedClient(url, mProxy).newCall(request).execute(); Log.d(Constants.TAG, "response code: " + response.code()); Log.d(Constants.TAG, "answer: " + response.body().string()); @@ -434,6 +408,9 @@ public class HkpKeyserver extends Keyserver { } catch (IOException e) { Log.e(Constants.TAG, "IOException", e); throw new AddKeyException(); + } catch (TlsHelper.TlsHelperException e) { + Log.e(Constants.TAG, "Exception in pinning certs", e); + throw new AddKeyException(); } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/LinkedTokenResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/LinkedTokenResource.java index 6a584a939..24fa3bd67 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/LinkedTokenResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/LinkedTokenResource.java @@ -2,10 +2,10 @@ package org.sufficientlysecure.keychain.linked; import android.content.Context; -import com.squareup.okhttp.CertificatePinner; -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.Request; -import com.squareup.okhttp.Response; +import okhttp3.CertificatePinner; +import okhttp3.OkHttpClient; +import okhttp3.Request; +import okhttp3.Response; import org.json.JSONException; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.linked.resources.GenericHttpsResource; @@ -16,6 +16,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult.LogTyp import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.util.Log; +import org.sufficientlysecure.keychain.util.OkHttpClientFactory; import java.io.IOException; import java.net.MalformedURLException; @@ -236,13 +237,16 @@ public abstract class LinkedTokenResource extends LinkedResource { return builder.build(); } + public static String getResponseBody(Request request, String... pins) throws IOException, HttpStatusException { - Log.d("Connection to: "+request.url().getHost(),""); - OkHttpClient client = new OkHttpClient(); + Log.d("Connection to: "+request.url().url().getHost(),""); + OkHttpClient client; if(pins !=null){ - client.setCertificatePinner(getCertificatePinner(request.url().getHost(),pins)); + client = OkHttpClientFactory.getPinnedSimpleClient(getCertificatePinner(request.url().url().getHost(),pins)); + }else{ + client = OkHttpClientFactory.getSimpleClient(); } Response response = client.newCall(request).execute(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GenericHttpsResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GenericHttpsResource.java index d6b8640e3..da531e8fa 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GenericHttpsResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GenericHttpsResource.java @@ -6,7 +6,7 @@ import android.net.Uri; import android.support.annotation.DrawableRes; import android.support.annotation.StringRes; -import com.squareup.okhttp.Request; +import okhttp3.Request; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GithubResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GithubResource.java index 134582ae1..0e87ca6e5 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GithubResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/GithubResource.java @@ -6,7 +6,7 @@ import android.net.Uri; import android.support.annotation.DrawableRes; import android.support.annotation.StringRes; -import com.squareup.okhttp.Request; +import okhttp3.Request; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java index b0f02c43c..db3b64225 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java @@ -7,11 +7,11 @@ import android.support.annotation.DrawableRes; import android.support.annotation.StringRes; import android.util.Log; -import com.squareup.okhttp.MediaType; -import com.squareup.okhttp.Request; -import com.squareup.okhttp.RequestBody; import com.textuality.keybase.lib.JWalk; +import okhttp3.MediaType; +import okhttp3.Request; +import okhttp3.RequestBody; import org.json.JSONArray; import org.json.JSONException; import org.json.JSONObject; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java index 3d96f3c6d..7abef97d2 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java @@ -50,14 +50,13 @@ import android.widget.EditText; import android.widget.TextView; import android.widget.TextView.OnEditorActionListener; -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.Request; +import okhttp3.OkHttpClient; +import okhttp3.Request; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.R; -import org.sufficientlysecure.keychain.keyimport.HkpKeyserver; -import org.sufficientlysecure.keychain.ui.util.Notify; import org.sufficientlysecure.keychain.util.Log; +import org.sufficientlysecure.keychain.util.OkHttpClientFactory; import org.sufficientlysecure.keychain.util.Preferences; import org.sufficientlysecure.keychain.util.TlsHelper; import org.sufficientlysecure.keychain.util.orbot.OrbotHelper; @@ -354,14 +353,10 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On Log.d("Converted URL", newKeyserver.toString()); - OkHttpClient client = HkpKeyserver.getClient(newKeyserver.toURL(), proxy); - - // don't follow any redirects - client.setFollowRedirects(false); - client.setFollowSslRedirects(false); + OkHttpClient client = OkHttpClientFactory.getPinnedClient(newKeyserver.toURL(), proxy); if (onlyTrustedKeyserver - && !TlsHelper.usePinnedCertificateIfAvailable(client, newKeyserver.toURL())) { + && TlsHelper.getPinnedSslSocketFactory(newKeyserver.toURL())==null) { Log.w(Constants.TAG, "No pinned certificate for this host in OpenKeychain's assets."); reason = FailureReason.NO_PINNED_CERTIFICATE; return reason; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpClientFactory.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpClientFactory.java new file mode 100644 index 000000000..2bf3b7e14 --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpClientFactory.java @@ -0,0 +1,55 @@ +package org.sufficientlysecure.keychain.util; + +import okhttp3.CertificatePinner; +import okhttp3.OkHttpClient; +import org.sufficientlysecure.keychain.Constants; + +import java.io.IOException; +import java.net.Proxy; +import java.net.URL; +import java.util.concurrent.TimeUnit; + +/** + * Created by Michał Kępkowski on 11/03/16. + */ +public class OkHttpClientFactory { + private static OkHttpClient client; + + public static OkHttpClient getSimpleClient(){ + if(client == null){ + client = new OkHttpClient.Builder().build(); + } + return client; + } + + public static OkHttpClient getPinnedSimpleClient(CertificatePinner pinner){ + return new OkHttpClient.Builder() + .certificatePinner(pinner) + .build(); + } + + + public static OkHttpClient getPinnedClient(URL url, Proxy proxy) throws IOException, TlsHelper.TlsHelperException { + + return new OkHttpClient.Builder() + .followRedirects(false) + .followSslRedirects(false) + .proxy(proxy) + .connectTimeout(30000, TimeUnit.MILLISECONDS) + .readTimeout(45000, TimeUnit.MILLISECONDS) + .sslSocketFactory(TlsHelper.getPinnedSslSocketFactory(url)) + .build(); + } + + public static OkHttpClient getClient( Proxy proxy) throws IOException, TlsHelper.TlsHelperException { + + return new OkHttpClient.Builder() + .followRedirects(false) + .followSslRedirects(false) + .proxy(proxy) + .connectTimeout(30000, TimeUnit.MILLISECONDS) + .readTimeout(45000, TimeUnit.MILLISECONDS) + .build(); + } + +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java index d2c90cfcd..04527c730 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java @@ -17,55 +17,36 @@ package org.sufficientlysecure.keychain.util; -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.OkUrlFactory; + import com.textuality.keybase.lib.KeybaseUrlConnectionClient; +import okhttp3.OkHttpClient; import org.sufficientlysecure.keychain.Constants; import java.io.IOException; import java.net.Proxy; import java.net.URL; -import java.net.URLConnection; -import java.util.concurrent.TimeUnit; /** * Wrapper for Keybase Lib */ public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient { - private OkUrlFactory generateUrlFactory() { - OkHttpClient client = new OkHttpClient(); - return new OkUrlFactory(client); - } @Override - public URLConnection openConnection(URL url, Proxy proxy, boolean isKeybase) throws IOException { - OkUrlFactory factory = generateUrlFactory(); - if (proxy != null) { - factory.client().setProxy(proxy); - factory.client().setConnectTimeout(30000, TimeUnit.MILLISECONDS); - factory.client().setReadTimeout(40000, TimeUnit.MILLISECONDS); - } else { - factory.client().setConnectTimeout(5000, TimeUnit.MILLISECONDS); - factory.client().setReadTimeout(25000, TimeUnit.MILLISECONDS); - } - - factory.client().setFollowSslRedirects(false); - - // forced the usage of api.keybase.io pinned certificate - if (isKeybase) { - try { - if (!TlsHelper.usePinnedCertificateIfAvailable(factory.client(), url)) { - throw new IOException("no pinned certificate found for URL!"); - } - } catch (TlsHelper.TlsHelperException e) { - Log.e(Constants.TAG, "TlsHelper failed", e); - throw new IOException("TlsHelper failed"); + public OkHttpClient getClient(URL url, Proxy proxy, boolean pin) throws IOException { + try { + if(pin) { + return OkHttpClientFactory.getPinnedClient(url, proxy); + }else{ + return OkHttpClientFactory.getClient( proxy); } + } catch (IOException e) { + throw new IOException("no pinned certificate found for URL!"); + } catch (TlsHelper.TlsHelperException e) { + Log.e(Constants.TAG, "TlsHelper failed", e); + throw new IOException("TlsHelper failed"); } - - return factory.open(url); } @Override diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java index 1492abdeb..d1b8f768b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java @@ -19,8 +19,8 @@ package org.sufficientlysecure.keychain.util; import android.content.res.AssetManager; -import com.squareup.okhttp.OkHttpClient; +import okhttp3.OkHttpClient; import org.sufficientlysecure.keychain.Constants; import java.io.ByteArrayInputStream; @@ -39,6 +39,7 @@ import java.util.HashMap; import java.util.Map; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class TlsHelper { @@ -80,30 +81,30 @@ public class TlsHelper { * @throws TlsHelperException * @throws IOException */ - public static boolean usePinnedCertificateIfAvailable(OkHttpClient client, URL url) throws TlsHelperException, IOException { + public static SSLSocketFactory getPinnedSslSocketFactory(URL url) throws TlsHelperException, IOException { if (url.getProtocol().equals("https")) { // use certificate PIN from assets if we have one for (String host : sPinnedCertificates.keySet()) { if (url.getHost().endsWith(host)) { - pinCertificate(sPinnedCertificates.get(host), client); - return true; + return pinCertificate(sPinnedCertificates.get(host)); + //return true; } } } - return false; + return null; } /** - * Modifies the client to accept only requests with a given certificate. Applies to all URLs requested by the - * client. - * Therefore a client that is pinned this way should be used to only make requests to URLs with passed certificate. + * Modifies the builder to accept only requests with a given certificate. Applies to all URLs requested by the + * builder. + * Therefore a builder that is pinned this way should be used to only make requests to URLs with passed certificate. * * @param certificate certificate to pin - * @param client OkHttpClient to enforce pinning on + * @param builder OkHttpBuilder to enforce pinning on * @throws TlsHelperException * @throws IOException */ - private static void pinCertificate(byte[] certificate, OkHttpClient client) + private static SSLSocketFactory pinCertificate(byte[] certificate) throws TlsHelperException, IOException { // We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed // certificate if such certificate is not accepted by TrustManager. @@ -130,7 +131,8 @@ public class TlsHelper { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); - client.setSslSocketFactory(context.getSocketFactory()); + return context.getSocketFactory(); + //builder.sslSocketFactory(context.getSocketFactory()); } catch (CertificateException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) { throw new TlsHelperException(e); } |