aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java25
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java55
2 files changed, 32 insertions, 48 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java
index d87a82a24..6217d1a01 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FacebookKeyserver.java
@@ -21,11 +21,12 @@ package org.sufficientlysecure.keychain.keyimport;
import android.net.Uri;
import android.support.annotation.NonNull;
+import android.support.annotation.Nullable;
-import com.squareup.okhttp.OkHttpClient;
-import com.squareup.okhttp.Request;
-import com.squareup.okhttp.Response;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.Response;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.PgpHelper;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
@@ -33,11 +34,12 @@ import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.OkHttpClientFactory;
+import org.sufficientlysecure.keychain.util.TlsHelper;
import java.io.IOException;
import java.net.Proxy;
-import java.net.URI;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
@@ -104,11 +106,10 @@ public class FacebookKeyserver extends Keyserver {
String request = String.format(FB_KEY_URL_FORMAT, fbUsername);
Log.d(Constants.TAG, "fetching from Facebook with: " + request + " proxy: " + mProxy);
- OkHttpClient client = new OkHttpClient();
- client.setProxy(mProxy);
-
URL url = new URL(request);
+ OkHttpClient client = OkHttpClientFactory.getClientPinnedIfAvailable(url, mProxy);
+
Response response = client.newCall(new Request.Builder().url(url).build()).execute();
// contains body both in case of success or failure
@@ -126,6 +127,9 @@ public class FacebookKeyserver extends Keyserver {
throw new QueryFailedException("Cannot connect to Facebook. "
+ "Check your Internet connection!"
+ (mProxy == Proxy.NO_PROXY ? "" : " Using proxy " + mProxy));
+ } catch (TlsHelper.TlsHelperException e) {
+ Log.e(Constants.TAG, "Exception in cert pinning", e);
+ throw new QueryFailedException("Exception in cert pinning. ");
}
}
@@ -190,8 +194,11 @@ public class FacebookKeyserver extends Keyserver {
return uri.getPathSegments().get(0);
}
- public static boolean isFacebookHost(Uri uri) {
+ public static boolean isFacebookHost(@Nullable Uri uri) {
+ if (uri == null) {
+ return false;
+ }
String host = uri.getHost();
- return host.equalsIgnoreCase(FB_HOST) || host.equalsIgnoreCase(FB_HOST_WWW);
+ return FB_HOST.equalsIgnoreCase(host) || FB_HOST_WWW.equalsIgnoreCase(host);
}
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
index c2190318b..5e3d2ebc6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
@@ -18,16 +18,18 @@
package org.sufficientlysecure.keychain.keyimport;
-import com.squareup.okhttp.MediaType;
-import com.squareup.okhttp.OkHttpClient;
-import com.squareup.okhttp.Request;
-import com.squareup.okhttp.RequestBody;
-import com.squareup.okhttp.Response;
+
+import okhttp3.MediaType;
+import okhttp3.OkHttpClient;
+import okhttp3.Request;
+import okhttp3.RequestBody;
+import okhttp3.Response;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.PgpHelper;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.OkHttpClientFactory;
import org.sufficientlysecure.keychain.util.TlsHelper;
import java.io.IOException;
@@ -42,7 +44,6 @@ import java.util.Comparator;
import java.util.GregorianCalendar;
import java.util.Locale;
import java.util.TimeZone;
-import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -199,43 +200,12 @@ public class HkpKeyserver extends Keyserver {
return mSecure ? "https://" : "http://";
}
- /**
- * returns a client with pinned certificate if necessary
- *
- * @param url url to be queried by client
- * @param proxy proxy to be used by client
- * @return client with a pinned certificate if necessary
- */
- public static OkHttpClient getClient(URL url, Proxy proxy) throws IOException {
- OkHttpClient client = new OkHttpClient();
-
- try {
- TlsHelper.usePinnedCertificateIfAvailable(client, url);
- } catch (TlsHelper.TlsHelperException e) {
- Log.w(Constants.TAG, e);
- }
-
- // don't follow any redirects
- client.setFollowRedirects(false);
- client.setFollowSslRedirects(false);
-
- if (proxy != null) {
- client.setProxy(proxy);
- client.setConnectTimeout(30000, TimeUnit.MILLISECONDS);
- } else {
- client.setProxy(Proxy.NO_PROXY);
- client.setConnectTimeout(5000, TimeUnit.MILLISECONDS);
- }
- client.setReadTimeout(45000, TimeUnit.MILLISECONDS);
-
- return client;
- }
private String query(String request, @NonNull Proxy proxy) throws QueryFailedException, HttpError {
try {
URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request);
Log.d(Constants.TAG, "hkp keyserver query: " + url + " Proxy: " + proxy);
- OkHttpClient client = getClient(url, proxy);
+ OkHttpClient client = OkHttpClientFactory.getClientPinnedIfAvailable(url, proxy);
Response response = client.newCall(new Request.Builder().url(url).build()).execute();
String responseBody = response.body().string(); // contains body both in case of success or failure
@@ -249,6 +219,9 @@ public class HkpKeyserver extends Keyserver {
Log.e(Constants.TAG, "IOException at HkpKeyserver", e);
throw new QueryFailedException("Keyserver '" + mHost + "' is unavailable. Check your Internet connection!" +
(proxy == Proxy.NO_PROXY ? "" : " Using proxy " + proxy));
+ } catch (TlsHelper.TlsHelperException e) {
+ Log.e(Constants.TAG, "Exception in pinning certs", e);
+ throw new QueryFailedException("Exception in pinning certs");
}
}
@@ -413,6 +386,7 @@ public class HkpKeyserver extends Keyserver {
Log.d(Constants.TAG, "hkp keyserver add: " + url);
Log.d(Constants.TAG, "params: " + params);
+
RequestBody body = RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), params);
Request request = new Request.Builder()
@@ -422,7 +396,7 @@ public class HkpKeyserver extends Keyserver {
.post(body)
.build();
- Response response = getClient(url, mProxy).newCall(request).execute();
+ Response response = OkHttpClientFactory.getClientPinnedIfAvailable(url, mProxy).newCall(request).execute();
Log.d(Constants.TAG, "response code: " + response.code());
Log.d(Constants.TAG, "answer: " + response.body().string());
@@ -434,6 +408,9 @@ public class HkpKeyserver extends Keyserver {
} catch (IOException e) {
Log.e(Constants.TAG, "IOException", e);
throw new AddKeyException();
+ } catch (TlsHelper.TlsHelperException e) {
+ Log.e(Constants.TAG, "Exception in pinning certs", e);
+ throw new AddKeyException();
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 19:38:46 +0000