diff options
author | Adithya Abraham Philip <adithyaphilip@gmail.com> | 2015-06-07 02:19:03 +0530 |
---|---|---|
committer | Adithya Abraham Philip <adithyaphilip@gmail.com> | 2015-07-03 20:46:15 +0530 |
commit | 007d02f01b1381d218a248a377e186b4549a5e0e (patch) | |
tree | 7231d735cf25cd9883557307f43e422551a43d0b /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java | |
parent | a6cb330dafa5fccdd92376502cb6624b9dc72df6 (diff) | |
download | open-keychain-007d02f01b1381d218a248a377e186b4549a5e0e.tar.gz open-keychain-007d02f01b1381d218a248a377e186b4549a5e0e.tar.bz2 open-keychain-007d02f01b1381d218a248a377e186b4549a5e0e.zip |
added proxy support, silent right now
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java index 4ff14e3bb..b116524ef 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java @@ -19,6 +19,8 @@ package org.sufficientlysecure.keychain.util; import android.content.res.AssetManager; +import com.squareup.okhttp.CertificatePinner; +import com.squareup.okhttp.OkHttpClient; import org.sufficientlysecure.keychain.Constants; import java.io.ByteArrayInputStream; @@ -85,6 +87,31 @@ public class TlsHelper { return url.openConnection(); } + public static void pinCertificateIfNecessary(OkHttpClient client, URL url) throws TlsHelperException { + if (url.getProtocol().equals("https")) { + for (String domain : sStaticCA.keySet()) { + if (url.getHost().endsWith(domain)) { + pinCertificate(sStaticCA.get(domain), domain, client); + } + } + } + } + + public static void pinCertificate(byte[] certificate, String hostName, OkHttpClient client) + throws TlsHelperException { + try { + // Load CA + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate ca = cf.generateCertificate(new ByteArrayInputStream(certificate)); + String pin = CertificatePinner.pin(ca); + Log.e("PHILIP", "" + ca.getPublicKey() + ":" + pin); + + client.setCertificatePinner(new CertificatePinner.Builder().add(hostName, pin).build()); + } catch (CertificateException e) { + throw new TlsHelperException(e); + } + } + /** * Opens a Connection that will only accept certificates signed with a specific CA and skips common name check. * This is required for some distributed Keyserver networks like sks-keyservers.net |