Fix url building to support certificate check on hkps servers

Note: the CA used by sks-keyservers.net is not valid for android, thus using hkps fails for them. pgp.mit.edu uses a perfectly valid cert.
author: mar-v-in <github@rvin.mooo.com> 2014-05-28 20:44:01 +0200
committer: mar-v-in <github@rvin.mooo.com> 2014-05-28 20:44:01 +0200
commit: c676e534799545f6aa95071463c10aa0b2f92b9d (patch)
tree: e6dad33f801bc3af6d2ef35a21b416c0f6252a68 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
parent: cb92c9ccc811a72b4e216f819be32b19748113c7 (diff)
download: open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.tar.gz
open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.tar.bz2
open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.zip
1 files changed, 19 insertions, 8 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
index 71c251ddc..b064fc5b1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
@@ -201,15 +201,26 @@ public class HkpKeyserver extends Keyserver {
     }
 
     private String query(String request) throws QueryFailedException, HttpError {
-        InetAddress ips[];
-        try {
-            ips = InetAddress.getAllByName(mHost);
-        } catch (UnknownHostException e) {
-            throw new QueryFailedException(e.toString());
+        List<String> urls = new ArrayList<String>();
+        if (mSecure) {
+            urls.add(getUrlPrefix() + mHost + ":" + mPort + request);
+        } else {
+            InetAddress ips[];
+            try {
+                ips = InetAddress.getAllByName(mHost);
+            } catch (UnknownHostException e) {
+                throw new QueryFailedException(e.toString());
+            }
+            for (InetAddress ip : ips) {
+                // Note: This is actually not HTTP 1.1 compliant, as we hide the real "Host" value,
+                //       but Android's HTTPUrlConnection does not support any other way to set
+                //       Socket's remote IP address...
+                urls.add(getUrlPrefix() + ip.getHostAddress() + ":" + mPort + request);
+            }
         }
-        for (int i = 0; i < ips.length; ++i) {
+
+        for (String url : urls) {
             try {
-                String url = getUrlPrefix() + ips[i].getHostAddress() + ":" + mPort + request;
                 Log.d(Constants.TAG, "hkp keyserver query: " + url);
                 URL realUrl = new URL(url);
                 HttpURLConnection conn = (HttpURLConnection) realUrl.openConnection();
@@ -272,7 +283,7 @@ public class HkpKeyserver extends Keyserver {
         while (matcher.find()) {
             final ImportKeysListEntry entry = new ImportKeysListEntry();
             entry.setQuery(query);
-            entry.setOrigin("hkp:" + mHost + ":" + mPort);
+            entry.setOrigin(getUrlPrefix() + mHost + ":" + mPort);
 
             entry.setBitStrength(Integer.parseInt(matcher.group(3)));
author	mar-v-in <github@rvin.mooo.com>	2014-05-28 20:44:01 +0200
committer	mar-v-in <github@rvin.mooo.com>	2014-05-28 20:44:01 +0200
commit	c676e534799545f6aa95071463c10aa0b2f92b9d (patch)
tree	e6dad33f801bc3af6d2ef35a21b416c0f6252a68 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
parent	cb92c9ccc811a72b4e216f819be32b19748113c7 (diff)
download	open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.tar.gz open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.tar.bz2 open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.zip