linked-ids: add certificate pinning, pin twitter api cert

author: Vincent Breitmoser <valodim@mugenguild.com> 2015-05-09 19:26:11 +0200
committer: Vincent Breitmoser <valodim@mugenguild.com> 2015-05-09 19:27:33 +0200
commit: 9aff6c7f8527f3eb78a14c62a677a2fd0631130e (patch)
tree: 7cd54a583932cbf1a10c3531f576cee891277518 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java
parent: 3600cda3bcf1797db60c870a5fa582a27856e666 (diff)
download: open-keychain-9aff6c7f8527f3eb78a14c62a677a2fd0631130e.tar.gz
open-keychain-9aff6c7f8527f3eb78a14c62a677a2fd0631130e.tar.bz2
open-keychain-9aff6c7f8527f3eb78a14c62a677a2fd0631130e.zip
1 files changed, 15 insertions, 9 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java
index 36100fe58..d6b806ee6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java
@@ -32,6 +32,11 @@ import java.util.regex.Pattern;
 
 public class TwitterResource extends LinkedTokenResource {
 
+    public static final String[] CERT_PINS = new String[] {
+        // antec Class 3 Secure Server CA - G4
+        "513fb9743870b73440418d30930699ff"
+    };
+
     final String mHandle;
     final String mTweetId;
 
@@ -68,12 +73,12 @@ public class TwitterResource extends LinkedTokenResource {
 
     @SuppressWarnings("deprecation")
     @Override
-    protected String fetchResource(OperationLog log, int indent) throws IOException, HttpStatusException,
-            JSONException {
+    protected String fetchResource(Context context, OperationLog log, int indent)
+            throws IOException, HttpStatusException, JSONException {
 
         String authToken;
         try {
-            authToken = getAuthToken();
+            authToken = getAuthToken(context);
         } catch (IOException | HttpStatusException | JSONException e) {
             log.add(LogType.MSG_LV_ERROR_TWITTER_AUTH, indent);
             return null;
@@ -90,7 +95,7 @@ public class TwitterResource extends LinkedTokenResource {
         httpGet.setHeader("Content-Type", "application/json");
 
         try {
-            String response = getResponseBody(httpGet);
+            String response = getResponseBody(context, httpGet, CERT_PINS);
             JSONObject obj = new JSONObject(response);
             JSONObject user = obj.getJSONObject("user");
             if (!mHandle.equalsIgnoreCase(user.getString("screen_name"))) {
@@ -142,11 +147,11 @@ public class TwitterResource extends LinkedTokenResource {
 
     @SuppressWarnings("deprecation")
     public static TwitterResource searchInTwitterStream(
-            String screenName, String needle, OperationLog log) {
+            Context context, String screenName, String needle, OperationLog log) {
 
         String authToken;
         try {
-            authToken = getAuthToken();
+            authToken = getAuthToken(context);
         } catch (IOException | HttpStatusException | JSONException e) {
             log.add(LogType.MSG_LV_ERROR_TWITTER_AUTH, 1);
             return null;
@@ -166,7 +171,7 @@ public class TwitterResource extends LinkedTokenResource {
         httpGet.setHeader("Content-Type", "application/json");
 
         try {
-            String response = getResponseBody(httpGet);
+            String response = getResponseBody(context, httpGet, CERT_PINS);
             JSONArray array = new JSONArray(response);
 
             for (int i = 0; i < array.length(); i++) {
@@ -203,7 +208,8 @@ public class TwitterResource extends LinkedTokenResource {
     private static String cachedAuthToken;
 
     @SuppressWarnings("deprecation")
-    private static String getAuthToken() throws IOException, HttpStatusException, JSONException {
+    private static String getAuthToken(Context context)
+            throws IOException, HttpStatusException, JSONException {
         if (cachedAuthToken != null) {
             return cachedAuthToken;
         }
@@ -215,7 +221,7 @@ public class TwitterResource extends LinkedTokenResource {
         httpPost.setHeader("Authorization", "Basic " + base64Encoded);
         httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8");
         httpPost.setEntity(new StringEntity("grant_type=client_credentials"));
-        JSONObject rawAuthorization = new JSONObject(getResponseBody(httpPost));
+        JSONObject rawAuthorization = new JSONObject(getResponseBody(context, httpPost, CERT_PINS));
 
         // Applications should verify that the value associated with the
         // token_type key of the returned object is bearer
author	Vincent Breitmoser <valodim@mugenguild.com>	2015-05-09 19:26:11 +0200
committer	Vincent Breitmoser <valodim@mugenguild.com>	2015-05-09 19:27:33 +0200
commit	9aff6c7f8527f3eb78a14c62a677a2fd0631130e (patch)
tree	7cd54a583932cbf1a10c3531f576cee891277518 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/linked/resources/TwitterResource.java
parent	3600cda3bcf1797db60c870a5fa582a27856e666 (diff)
download	open-keychain-9aff6c7f8527f3eb78a14c62a677a2fd0631130e.tar.gz open-keychain-9aff6c7f8527f3eb78a14c62a677a2fd0631130e.tar.bz2 open-keychain-9aff6c7f8527f3eb78a14c62a677a2fd0631130e.zip