Add hkps support for sks-keyservers.net

author: mar-v-in <github@rvin.mooo.com> 2014-06-23 22:25:42 +0200
committer: mar-v-in <github@rvin.mooo.com> 2014-06-23 22:27:58 +0200
commit: 3ebbaae253cee615a8e132c9967ad390926bb095 (patch)
tree: a7a852c7968751e59bf043fb08507c7a0febcc00 /OpenKeychain/src/main/java/org
parent: b92a389ebcf372ed7c3c8debe0776d9c426b2ce7 (diff)
download: open-keychain-3ebbaae253cee615a8e132c9967ad390926bb095.tar.gz
open-keychain-3ebbaae253cee615a8e132c9967ad390926bb095.tar.bz2
open-keychain-3ebbaae253cee615a8e132c9967ad390926bb095.zip
2 files changed, 77 insertions, 65 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
index 319ac2873..efb378bc8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
@@ -49,6 +49,41 @@ public final class Constants {
 
     public static final String CUSTOM_CONTACT_DATA_MIME_TYPE = "vnd.android.cursor.item/vnd.org.sufficientlysecure.keychain.key";
 
+    // TODO: Resource/Asset?
+    public static final String SKS_KEYSERVERS_NET_CA =
+            "-----BEGIN CERTIFICATE-----" +
+            "MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV" +
+            "BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u" +
+            "ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw" +
+            "MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP" +
+            "c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr" +
+            "cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC" +
+            "ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I" +
+            "6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj" +
+            "MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F" +
+            "45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS" +
+            "FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx" +
+            "Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4" +
+            "aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx" +
+            "MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y" +
+            "u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9" +
+            "p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP" +
+            "fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G" +
+            "A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY" +
+            "TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR" +
+            "OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u" +
+            "gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/" +
+            "X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5" +
+            "gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB" +
+            "UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04" +
+            "lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT" +
+            "BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB" +
+            "cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U" +
+            "f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G" +
+            "ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph" +
+            "WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==" +
+            "-----END CERTIFICATE-----";
+
     public static boolean KITKAT = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT;
 
     public static final class Path {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
index 1949c9f19..a101d91d9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
@@ -22,32 +22,26 @@ import de.measite.minidns.Client;
 import de.measite.minidns.Question;
 import de.measite.minidns.Record;
 import de.measite.minidns.record.SRV;
-import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.HttpStatus;
 import org.apache.http.NameValuePair;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.message.BasicNameValuePair;
-import org.apache.http.util.EntityUtils;
 import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.helper.TlsHelper;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
 import org.sufficientlysecure.keychain.util.Log;
 
 import java.io.IOException;
-import java.io.InputStream;
 import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
-import java.net.InetAddress;
-import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLDecoder;
 import java.net.URLEncoder;
-import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Comparator;
@@ -200,48 +194,39 @@ public class HkpKeyserver extends Keyserver {
         return mSecure ? "https://" : "http://";
     }
 
-    private String query(String request) throws QueryFailedException, HttpError {
-        List<String> urls = new ArrayList<String>();
-        if (mSecure) {
-            urls.add(getUrlPrefix() + mHost + ":" + mPort + request);
-        } else {
-            InetAddress ips[];
+    private HttpURLConnection openConnection(URL url) throws IOException {
+        HttpURLConnection conn = null;
+        if (mHost.endsWith("pool.sks-keyservers.net") && mSecure) {
             try {
-                ips = InetAddress.getAllByName(mHost);
-            } catch (UnknownHostException e) {
-                throw new QueryFailedException(e.toString());
-            }
-            for (InetAddress ip : ips) {
-                // Note: This is actually not HTTP 1.1 compliant, as we hide the real "Host" value,
-                //       but Android's HTTPUrlConnection does not support any other way to set
-                //       Socket's remote IP address...
-                urls.add(getUrlPrefix() + ip.getHostAddress() + ":" + mPort + request);
+                conn = TlsHelper.openCAConnection(Constants.SKS_KEYSERVERS_NET_CA.getBytes(), url);
+            } catch (TlsHelper.TlsHelperException e) {
+                Log.w(Constants.TAG, e);
             }
         }
+        if (conn == null) {
+            conn = (HttpURLConnection) url.openConnection();
+        }
+        conn.setConnectTimeout(5000);
+        conn.setReadTimeout(25000);
+        return conn;
+    }
 
-        for (String url : urls) {
-            try {
-                Log.d(Constants.TAG, "hkp keyserver query: " + url);
-                URL realUrl = new URL(url);
-                HttpURLConnection conn = (HttpURLConnection) realUrl.openConnection();
-                conn.setConnectTimeout(5000);
-                conn.setReadTimeout(25000);
-                conn.connect();
-                int response = conn.getResponseCode();
-                if (response >= 200 && response < 300) {
-                    return readAll(conn.getInputStream(), conn.getContentEncoding());
-                } else {
-                    String data = readAll(conn.getErrorStream(), conn.getContentEncoding());
-                    throw new HttpError(response, data);
-                }
-            } catch (MalformedURLException e) {
-                // nothing to do, try next IP
-            } catch (IOException e) {
-                // nothing to do, try next IP
+    private String query(String request) throws QueryFailedException, HttpError {
+        try {
+            URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request);
+            Log.d(Constants.TAG, "hkp keyserver query: " + url);
+            HttpURLConnection conn = openConnection(url);
+            conn.connect();
+            int response = conn.getResponseCode();
+            if (response >= 200 && response < 300) {
+                return readAll(conn.getInputStream(), conn.getContentEncoding());
+            } else {
+                String data = readAll(conn.getErrorStream(), conn.getContentEncoding());
+                throw new HttpError(response, data);
             }
+        } catch (IOException e) {
+            throw new QueryFailedException("querying server(s) for '" + mHost + "' failed");
         }
-
-        throw new QueryFailedException("querying server(s) for '" + mHost + "' failed");
     }
 
     @Override
@@ -335,33 +320,25 @@ public class HkpKeyserver extends Keyserver {
 
     @Override
     public String get(String keyIdHex) throws QueryFailedException {
-        HttpClient client = new DefaultHttpClient();
+        String query = getUrlPrefix() + mHost + ":" + mPort +
+                "/pks/lookup?op=get&options=mr&search=" + keyIdHex;
+        Log.d(Constants.TAG, "hkp keyserver get: " + query);
+        String data;
         try {
-            String query = getUrlPrefix() + mHost + ":" + mPort +
-                    "/pks/lookup?op=get&options=mr&search=" + keyIdHex;
-            Log.d(Constants.TAG, "hkp keyserver get: " + query);
-            HttpGet get = new HttpGet(query);
-            HttpResponse response = client.execute(get);
-            if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
-                throw new QueryFailedException("not found");
-            }
-
-            HttpEntity entity = response.getEntity();
-            InputStream is = entity.getContent();
-            String data = readAll(is, EntityUtils.getContentCharSet(entity));
-            Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data);
-            if (matcher.find()) {
-                return matcher.group(1);
-            }
-        } catch (IOException e) {
-            // nothing to do, better luck on the next keyserver
-        } finally {
-            client.getConnectionManager().shutdown();
+            data = query(query);
+        } catch (HttpError httpError) {
+            throw new QueryFailedException("not found");
+        }
+        Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data);
+        if (matcher.find()) {
+            return matcher.group(1);
         }
-
         return null;
     }
 
+    /*
+     * TODO Use openConnection
+     */
     @Override
     public void add(String armoredKey) throws AddKeyException {
         HttpClient client = new DefaultHttpClient();
author	mar-v-in <github@rvin.mooo.com>	2014-06-23 22:25:42 +0200
committer	mar-v-in <github@rvin.mooo.com>	2014-06-23 22:27:58 +0200
commit	3ebbaae253cee615a8e132c9967ad390926bb095 (patch)
tree	a7a852c7968751e59bf043fb08507c7a0febcc00 /OpenKeychain/src/main/java/org
parent	b92a389ebcf372ed7c3c8debe0776d9c426b2ce7 (diff)
download	open-keychain-3ebbaae253cee615a8e132c9967ad390926bb095.tar.gz open-keychain-3ebbaae253cee615a8e132c9967ad390926bb095.tar.bz2 open-keychain-3ebbaae253cee615a8e132c9967ad390926bb095.zip