diff options
author | Michal Kepkowski <michal.kepkowski@sagiton.pl> | 2016-03-12 19:32:36 +0100 |
---|---|---|
committer | Michal Kepkowski <michal.kepkowski@sagiton.pl> | 2016-03-14 17:41:18 +0100 |
commit | 6c2efb02353f34ea153f4bf8ed283685ccaad9a9 (patch) | |
tree | a9578572e5f61cd39bf458ba36bcaf4de6d1a4df /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java | |
parent | 81e46a7bc3cbed48ab3b7d4267314f55c2fef968 (diff) | |
download | open-keychain-6c2efb02353f34ea153f4bf8ed283685ccaad9a9.tar.gz open-keychain-6c2efb02353f34ea153f4bf8ed283685ccaad9a9.tar.bz2 open-keychain-6c2efb02353f34ea153f4bf8ed283685ccaad9a9.zip |
okhttp3
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java index 1492abdeb..d1b8f768b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java @@ -19,8 +19,8 @@ package org.sufficientlysecure.keychain.util; import android.content.res.AssetManager; -import com.squareup.okhttp.OkHttpClient; +import okhttp3.OkHttpClient; import org.sufficientlysecure.keychain.Constants; import java.io.ByteArrayInputStream; @@ -39,6 +39,7 @@ import java.util.HashMap; import java.util.Map; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class TlsHelper { @@ -80,30 +81,30 @@ public class TlsHelper { * @throws TlsHelperException * @throws IOException */ - public static boolean usePinnedCertificateIfAvailable(OkHttpClient client, URL url) throws TlsHelperException, IOException { + public static SSLSocketFactory getPinnedSslSocketFactory(URL url) throws TlsHelperException, IOException { if (url.getProtocol().equals("https")) { // use certificate PIN from assets if we have one for (String host : sPinnedCertificates.keySet()) { if (url.getHost().endsWith(host)) { - pinCertificate(sPinnedCertificates.get(host), client); - return true; + return pinCertificate(sPinnedCertificates.get(host)); + //return true; } } } - return false; + return null; } /** - * Modifies the client to accept only requests with a given certificate. Applies to all URLs requested by the - * client. - * Therefore a client that is pinned this way should be used to only make requests to URLs with passed certificate. + * Modifies the builder to accept only requests with a given certificate. Applies to all URLs requested by the + * builder. + * Therefore a builder that is pinned this way should be used to only make requests to URLs with passed certificate. * * @param certificate certificate to pin - * @param client OkHttpClient to enforce pinning on + * @param builder OkHttpBuilder to enforce pinning on * @throws TlsHelperException * @throws IOException */ - private static void pinCertificate(byte[] certificate, OkHttpClient client) + private static SSLSocketFactory pinCertificate(byte[] certificate) throws TlsHelperException, IOException { // We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed // certificate if such certificate is not accepted by TrustManager. @@ -130,7 +131,8 @@ public class TlsHelper { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); - client.setSslSocketFactory(context.getSocketFactory()); + return context.getSocketFactory(); + //builder.sslSocketFactory(context.getSocketFactory()); } catch (CertificateException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) { throw new TlsHelperException(e); } |