diff options
author | mar-v-in <github@rvin.mooo.com> | 2014-05-28 20:44:01 +0200 |
---|---|---|
committer | mar-v-in <github@rvin.mooo.com> | 2014-05-28 20:44:01 +0200 |
commit | c676e534799545f6aa95071463c10aa0b2f92b9d (patch) | |
tree | e6dad33f801bc3af6d2ef35a21b416c0f6252a68 /OpenKeychain/src/main/java/org | |
parent | cb92c9ccc811a72b4e216f819be32b19748113c7 (diff) | |
download | open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.tar.gz open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.tar.bz2 open-keychain-c676e534799545f6aa95071463c10aa0b2f92b9d.zip |
Fix url building to support certificate check on hkps servers
Note: the CA used by sks-keyservers.net is not valid for android, thus using hkps fails for them. pgp.mit.edu uses a perfectly valid cert.
Diffstat (limited to 'OpenKeychain/src/main/java/org')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java index 71c251ddc..b064fc5b1 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java @@ -201,15 +201,26 @@ public class HkpKeyserver extends Keyserver { } private String query(String request) throws QueryFailedException, HttpError { - InetAddress ips[]; - try { - ips = InetAddress.getAllByName(mHost); - } catch (UnknownHostException e) { - throw new QueryFailedException(e.toString()); + List<String> urls = new ArrayList<String>(); + if (mSecure) { + urls.add(getUrlPrefix() + mHost + ":" + mPort + request); + } else { + InetAddress ips[]; + try { + ips = InetAddress.getAllByName(mHost); + } catch (UnknownHostException e) { + throw new QueryFailedException(e.toString()); + } + for (InetAddress ip : ips) { + // Note: This is actually not HTTP 1.1 compliant, as we hide the real "Host" value, + // but Android's HTTPUrlConnection does not support any other way to set + // Socket's remote IP address... + urls.add(getUrlPrefix() + ip.getHostAddress() + ":" + mPort + request); + } } - for (int i = 0; i < ips.length; ++i) { + + for (String url : urls) { try { - String url = getUrlPrefix() + ips[i].getHostAddress() + ":" + mPort + request; Log.d(Constants.TAG, "hkp keyserver query: " + url); URL realUrl = new URL(url); HttpURLConnection conn = (HttpURLConnection) realUrl.openConnection(); @@ -272,7 +283,7 @@ public class HkpKeyserver extends Keyserver { while (matcher.find()) { final ImportKeysListEntry entry = new ImportKeysListEntry(); entry.setQuery(query); - entry.setOrigin("hkp:" + mHost + ":" + mPort); + entry.setOrigin(getUrlPrefix() + mHost + ":" + mPort); entry.setBitStrength(Integer.parseInt(matcher.group(3))); |