From 007d02f01b1381d218a248a377e186b4549a5e0e Mon Sep 17 00:00:00 2001 From: Adithya Abraham Philip Date: Sun, 7 Jun 2015 02:19:03 +0530 Subject: added proxy support, silent right now --- .../org/sufficientlysecure/keychain/Constants.java | 1 - .../keychain/keyimport/CloudSearch.java | 6 +- .../keychain/keyimport/HkpKeyserver.java | 94 +++++++++++++-------- .../keychain/keyimport/KeybaseKeyserver.java | 9 +- .../keychain/keyimport/Keyserver.java | 7 +- .../keychain/operations/CertifyOperation.java | 1 + .../keychain/operations/ImportOperation.java | 2 +- .../keychain/ui/CreateYubiKeyImportFragment.java | 3 +- .../keychain/ui/ImportKeysActivity.java | 31 ++++++- .../keychain/ui/ImportKeysListFragment.java | 12 ++- .../ui/adapter/ImportKeysListCloudLoader.java | 8 +- .../keychain/util/ParcelableProxy.java | 98 ++++++++++++++++++++++ .../keychain/util/Preferences.java | 3 +- .../keychain/util/TlsHelper.java | 27 ++++++ 14 files changed, 248 insertions(+), 54 deletions(-) create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableProxy.java (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java index 9492f35ce..f45c4baa3 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java @@ -110,7 +110,6 @@ public final class Constants { public static final String PROXY_HOST = "127.0.0.1"; public static final int PROXY_PORT = 8118; public static final Proxy.Type PROXY_TYPE = Proxy.Type.HTTP; - public static final Proxy PROXY = new Proxy(PROXY_TYPE, new InetSocketAddress(PROXY_HOST, PROXY_PORT)); } public static final class Defaults { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/CloudSearch.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/CloudSearch.java index 649cede10..fc5490fd4 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/CloudSearch.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/CloudSearch.java @@ -20,6 +20,7 @@ import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.Preferences; +import java.net.Proxy; import java.util.ArrayList; import java.util.Vector; @@ -30,7 +31,8 @@ public class CloudSearch { private final static long SECONDS = 1000; - public static ArrayList search(final String query, Preferences.CloudSearchPrefs cloudPrefs) + public static ArrayList search(final String query, Preferences.CloudSearchPrefs cloudPrefs, + final Proxy proxy) throws Keyserver.CloudSearchFailureException { final ArrayList servers = new ArrayList<>(); @@ -51,7 +53,7 @@ public class CloudSearch { @Override public void run() { try { - results.addAll(keyserver.search(query)); + results.addAll(keyserver.search(query, proxy)); } catch (Keyserver.CloudSearchFailureException e) { problems.add(e); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java index cb8a53e25..f18878bb5 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java @@ -18,6 +18,8 @@ package org.sufficientlysecure.keychain.keyimport; +import com.squareup.okhttp.*; +import okio.BufferedSink; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.pgp.PgpHelper; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; @@ -29,16 +31,14 @@ import java.io.IOException; import java.io.OutputStream; import java.io.OutputStreamWriter; import java.io.UnsupportedEncodingException; -import java.net.HttpURLConnection; -import java.net.URL; -import java.net.URLDecoder; -import java.net.URLEncoder; +import java.net.*; import java.util.ArrayList; import java.util.Arrays; import java.util.Comparator; import java.util.GregorianCalendar; import java.util.Locale; import java.util.TimeZone; +import java.util.concurrent.TimeUnit; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -190,7 +190,7 @@ public class HkpKeyserver extends Keyserver { return mSecure ? "https://" : "http://"; } - private HttpURLConnection openConnection(URL url) throws IOException { + private HttpURLConnection openConnectioan(URL url) throws IOException { HttpURLConnection conn = null; try { conn = (HttpURLConnection) TlsHelper.openConnection(url); @@ -205,18 +205,43 @@ public class HkpKeyserver extends Keyserver { return conn; } - private String query(String request) throws QueryFailedException, HttpError { + /** + * returns a client with pinned certificate if necessary + * + * @param url + * @param proxy + * @return + */ + private OkHttpClient getClient(URL url, Proxy proxy) { + OkHttpClient client = new OkHttpClient(); + + try { + TlsHelper.pinCertificateIfNecessary(client, url); + } catch (TlsHelper.TlsHelperException e) { + Log.w(Constants.TAG, e); + } + + client.setProxy(proxy); + // TODO: if proxy !=null increase timeout? + client.setConnectTimeout(5000, TimeUnit.MILLISECONDS); + client.setReadTimeout(25000, TimeUnit.MILLISECONDS); + + return client; + } + + private String query(String request, Proxy proxy) throws QueryFailedException, HttpError { try { URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request); Log.d(Constants.TAG, "hkp keyserver query: " + url); - HttpURLConnection conn = openConnection(url); - conn.connect(); - int response = conn.getResponseCode(); - if (response >= 200 && response < 300) { - return readAll(conn.getInputStream(), conn.getContentEncoding()); + OkHttpClient client = getClient(url, proxy); + Response response = client.newCall(new Request.Builder().url(url).build()).execute(); + + String responseBody = response.body().string();// contains body both in case of success or failure + + if (response.isSuccessful()) { + return responseBody; } else { - String data = readAll(conn.getErrorStream(), conn.getContentEncoding()); - throw new HttpError(response, data); + throw new HttpError(response.code(), responseBody); } } catch (IOException e) { throw new QueryFailedException("Keyserver '" + mHost + "' is unavailable. Check your Internet connection!"); @@ -232,7 +257,7 @@ public class HkpKeyserver extends Keyserver { * @throws QueryNeedsRepairException */ @Override - public ArrayList search(String query) throws QueryFailedException, + public ArrayList search(String query, Proxy proxy) throws QueryFailedException, QueryNeedsRepairException { ArrayList results = new ArrayList<>(); @@ -250,7 +275,7 @@ public class HkpKeyserver extends Keyserver { String data; try { - data = query(request); + data = query(request, proxy); } catch (HttpError e) { if (e.getData() != null) { Log.d(Constants.TAG, "returned error data: " + e.getData().toLowerCase(Locale.ENGLISH)); @@ -334,13 +359,14 @@ public class HkpKeyserver extends Keyserver { } @Override - public String get(String keyIdHex) throws QueryFailedException { + public String get(String keyIdHex, Proxy proxy) throws QueryFailedException { String request = "/pks/lookup?op=get&options=mr&search=" + keyIdHex; Log.d(Constants.TAG, "hkp keyserver get: " + request); String data; try { - data = query(request); + data = query(request, proxy); } catch (HttpError httpError) { + httpError.printStackTrace(); throw new QueryFailedException("not found"); } Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data); @@ -351,38 +377,35 @@ public class HkpKeyserver extends Keyserver { } @Override - public void add(String armoredKey) throws AddKeyException { + public void add(String armoredKey, Proxy proxy) throws AddKeyException { try { - String request = "/pks/add"; + String path = "/pks/add"; String params; try { params = "keytext=" + URLEncoder.encode(armoredKey, "UTF-8"); } catch (UnsupportedEncodingException e) { throw new AddKeyException(); } - URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request); + URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + path); Log.d(Constants.TAG, "hkp keyserver add: " + url.toString()); Log.d(Constants.TAG, "params: " + params); - HttpURLConnection conn = openConnection(url); - conn.setRequestMethod("POST"); - conn.addRequestProperty("Content-Type", "application/x-www-form-urlencoded"); - conn.setRequestProperty("Content-Length", Integer.toString(params.getBytes().length)); - conn.setDoInput(true); - conn.setDoOutput(true); + RequestBody body = RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), params); + + Log.e("PHILIP", "Media Type charset: "+body.contentType().charset()); - OutputStream os = conn.getOutputStream(); - BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(os, "UTF-8")); - writer.write(params); - writer.flush(); - writer.close(); - os.close(); + Request request = new Request.Builder() + .url(url) + .addHeader("Content-Type", "application/x-www-form-urlencoded") + .addHeader("Content-Length", Integer.toString(params.getBytes().length)) + .post(body) + .build(); - conn.connect(); + Response response = new OkHttpClient().setProxy(proxy).newCall(request).execute(); - Log.d(Constants.TAG, "response code: " + conn.getResponseCode()); - Log.d(Constants.TAG, "answer: " + readAll(conn.getInputStream(), conn.getContentEncoding())); + Log.d(Constants.TAG, "response code: " + response.code()); + Log.d(Constants.TAG, "answer: " + response.body().string()); } catch (IOException e) { Log.e(Constants.TAG, "IOException", e); throw new AddKeyException(); @@ -398,6 +421,7 @@ public class HkpKeyserver extends Keyserver { * Tries to find a server responsible for a given domain * * @return A responsible Keyserver or null if not found. + * TODO: Add proxy functionality */ public static HkpKeyserver resolve(String domain) { try { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/KeybaseKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/KeybaseKeyserver.java index e310e9a3f..7bbe42993 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/KeybaseKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/KeybaseKeyserver.java @@ -26,6 +26,7 @@ import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.util.Log; +import java.net.Proxy; import java.util.ArrayList; import java.util.List; @@ -34,8 +35,9 @@ public class KeybaseKeyserver extends Keyserver { private String mQuery; @Override - public ArrayList search(String query) throws QueryFailedException, + public ArrayList search(String query, Proxy proxy) throws QueryFailedException, QueryNeedsRepairException { + // TODO: implement proxy ArrayList results = new ArrayList<>(); if (query.startsWith("0x")) { @@ -98,7 +100,8 @@ public class KeybaseKeyserver extends Keyserver { } @Override - public String get(String id) throws QueryFailedException { + public String get(String id, Proxy proxy) throws QueryFailedException { + // TODO: implement proxy try { return User.keyForUsername(id); } catch (KeybaseException e) { @@ -107,7 +110,7 @@ public class KeybaseKeyserver extends Keyserver { } @Override - public void add(String armoredKey) throws AddKeyException { + public void add(String armoredKey, Proxy proxy) throws AddKeyException { throw new AddKeyException(); } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java index 5e4bd0b70..260e2af40 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java @@ -21,6 +21,7 @@ package org.sufficientlysecure.keychain.keyimport; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.net.Proxy; import java.util.List; public abstract class Keyserver { @@ -67,12 +68,12 @@ public abstract class Keyserver { private static final long serialVersionUID = -507574859137295530L; } - public abstract List search(String query) throws QueryFailedException, + public abstract List search(String query, Proxy proxy) throws QueryFailedException, QueryNeedsRepairException; - public abstract String get(String keyIdHex) throws QueryFailedException; + public abstract String get(String keyIdHex, Proxy proxy) throws QueryFailedException; - public abstract void add(String armoredKey) throws AddKeyException; + public abstract void add(String armoredKey, Proxy proxy) throws AddKeyException; public static String readAll(InputStream in, String encoding) throws IOException { ByteArrayOutputStream raw = new ByteArrayOutputStream(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java index 0806e6a16..44427348d 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java @@ -46,6 +46,7 @@ import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.Passphrase; +import java.net.Proxy; import java.util.ArrayList; import java.util.concurrent.atomic.AtomicBoolean; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java index ace059dac..44a67086f 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java @@ -562,4 +562,4 @@ public class ImportOperation extends BaseOperation { } } -} \ No newline at end of file +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java index c64f05687..945d42a24 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java @@ -171,8 +171,9 @@ public class CreateYubiKeyImportFragment } public void refreshSearch() { + // TODO: PHILIP implement proxy in YubiKey parts mListFragment.loadNew(new ImportKeysListFragment.CloudLoaderState("0x" + mNfcFingerprint, - Preferences.getPreferences(getActivity()).getCloudSearchPrefs())); + Preferences.getPreferences(getActivity()).getCloudSearchPrefs()), null); } public void importKey() { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java index bc83b05b0..b2b6c224a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java @@ -26,6 +26,7 @@ import android.view.View; import android.view.View.OnClickListener; import android.view.ViewGroup; +import info.guardianproject.onionkit.ui.OrbotHelper; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.intents.OpenKeychainIntents; @@ -42,6 +43,7 @@ import org.sufficientlysecure.keychain.ui.util.Notify; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.ParcelableFileCache; import org.sufficientlysecure.keychain.util.ParcelableFileCache.IteratorWithSize; +import org.sufficientlysecure.keychain.util.Preferences; import java.io.IOException; import java.util.ArrayList; @@ -87,11 +89,14 @@ public class ImportKeysActivity extends BaseNfcActivity private ArrayList mKeyList; private CryptoOperationHelper mOperationHelper; + private Preferences.ProxyPrefs mProxyPrefs; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + mProxyPrefs = Preferences.getPreferences(this).getProxyPrefs(); + mImportButton = findViewById(R.id.import_import); mImportButton.setOnClickListener(new OnClickListener() { @Override @@ -224,7 +229,7 @@ public class ImportKeysActivity extends BaseNfcActivity Notify.Style.WARN).show(mTopFragment); // we just set the keyserver startCloudFragment(savedInstanceState, null, false, keyserver); - // it's not necessary to set the keyserver for ImportKeysListFragment since + // we don't set the keyserver for ImportKeysListFragment since // it'll be taken care of by ImportKeysCloudFragment when the user clicks // the search button startListFragment(savedInstanceState, null, null, null, null); @@ -347,7 +352,29 @@ public class ImportKeysActivity extends BaseNfcActivity } public void loadCallback(ImportKeysListFragment.LoaderState loaderState) { - mListFragment.loadNew(loaderState); + if (loaderState instanceof ImportKeysListFragment.CloudLoaderState) { + // do the tor check + OrbotHelper helper = new OrbotHelper(this); + // TODO: Add callbacks by modifying OrbotHelper so we know if the user wants to not use Tor + + if(mProxyPrefs.torEnabled && !helper.isOrbotInstalled()) { + helper.promptToInstall(this); + return; + } + if(mProxyPrefs.torEnabled && !helper.isOrbotRunning()) { + helper.requestOrbotStart(this); + return; + } + } + + mListFragment.loadNew(loaderState, mProxyPrefs.proxy); + } + + /** + * disables use of Tor as proxy for this session + */ + private void disableTorForSession() { + mProxyPrefs = new Preferences.ProxyPrefs(false, false, null); } private void handleMessage(Message message) { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java index bf7e41045..a5f661fb7 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysListFragment.java @@ -47,6 +47,7 @@ import java.io.ByteArrayInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.net.Proxy; import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -64,6 +65,7 @@ public class ImportKeysListFragment extends ListFragment implements private ImportKeysAdapter mAdapter; private LoaderState mLoaderState; + private Proxy mProxy; private static final int LOADER_ID_BYTES = 0; private static final int LOADER_ID_CLOUD = 1; @@ -126,6 +128,7 @@ public class ImportKeysListFragment extends ListFragment implements /** * Creates an interactive ImportKeyListFragment which reads keyrings from bytes, or file specified * by dataUri, or searches a keyserver for serverQuery, if parameter is not null, in that order + * Will immediately load data if non-null bytes/dataUri/serverQuery * * @param bytes byte data containing list of keyrings to be imported * @param dataUri file from which keyrings are to be imported @@ -141,7 +144,7 @@ public class ImportKeysListFragment extends ListFragment implements /** * Visually consists of a list of keyrings with checkboxes to specify which are to be imported - * Can immediately load keyrings specified by any of its parameters + * Will immediately load data if non-null bytes/dataUri/serverQuery is supplied * * @param bytes byte data containing list of keyrings to be imported * @param dataUri file from which keyrings are to be imported @@ -183,6 +186,7 @@ public class ImportKeysListFragment extends ListFragment implements static public class CloudLoaderState extends LoaderState { Preferences.CloudSearchPrefs mCloudPrefs; String mServerQuery; + Proxy proxy; CloudLoaderState(String serverQuery, Preferences.CloudSearchPrefs cloudPrefs) { mServerQuery = serverQuery; @@ -258,7 +262,9 @@ public class ImportKeysListFragment extends ListFragment implements mAdapter.notifyDataSetChanged(); } - public void loadNew(LoaderState loaderState) { + public void loadNew(LoaderState loaderState, Proxy proxy) { + mProxy = proxy; + mLoaderState = loaderState; restartLoaders(); @@ -301,7 +307,7 @@ public class ImportKeysListFragment extends ListFragment implements } case LOADER_ID_CLOUD: { CloudLoaderState ls = (CloudLoaderState) mLoaderState; - return new ImportKeysListCloudLoader(getActivity(), ls.mServerQuery, ls.mCloudPrefs); + return new ImportKeysListCloudLoader(getActivity(), ls.mServerQuery, ls.mCloudPrefs, mProxy); } default: diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ImportKeysListCloudLoader.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ImportKeysListCloudLoader.java index af919f3b6..05d5a19ee 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ImportKeysListCloudLoader.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ImportKeysListCloudLoader.java @@ -29,6 +29,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.Preferences; +import java.net.Proxy; import java.util.ArrayList; public class ImportKeysListCloudLoader @@ -38,15 +39,18 @@ public class ImportKeysListCloudLoader Preferences.CloudSearchPrefs mCloudPrefs; String mServerQuery; + private Proxy mProxy; private ArrayList mEntryList = new ArrayList<>(); private AsyncTaskResultWrapper> mEntryListWrapper; - public ImportKeysListCloudLoader(Context context, String serverQuery, Preferences.CloudSearchPrefs cloudPrefs) { + public ImportKeysListCloudLoader(Context context, String serverQuery, Preferences.CloudSearchPrefs cloudPrefs, + Proxy proxy) { super(context); mContext = context; mServerQuery = serverQuery; mCloudPrefs = cloudPrefs; + mProxy = proxy; } @Override @@ -97,7 +101,7 @@ public class ImportKeysListCloudLoader private void queryServer(boolean enforceFingerprint) { try { ArrayList searchResult - = CloudSearch.search(mServerQuery, mCloudPrefs); + = CloudSearch.search(mServerQuery, mCloudPrefs, mProxy); mEntryList.clear(); // add result to data diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableProxy.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableProxy.java new file mode 100644 index 000000000..a24141a69 --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableProxy.java @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2014 Dominik Schürmann + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package org.sufficientlysecure.keychain.util; + +import android.os.Parcel; +import android.os.Parcelable; + +import java.net.InetSocketAddress; +import java.net.Proxy; + +/** + * used to simply transport java.net.Proxy objects created using InetSockets between services/activities + */ +public class ParcelableProxy implements Parcelable { + private String mProxyHost; + private int mProxyPort; + private int mProxyType; + + private final int TYPE_HTTP = 1; + private final int TYPE_SOCKS = 2; + + public ParcelableProxy(Proxy proxy) { + InetSocketAddress address = (InetSocketAddress) proxy.address(); + + mProxyHost = address.getHostName(); + mProxyPort = address.getPort(); + + switch (proxy.type()) { + case HTTP: { + mProxyType = TYPE_HTTP; + break; + } + case SOCKS: { + mProxyType = TYPE_SOCKS; + break; + } + } + } + + public Proxy getProxy() { + Proxy.Type type = null; + switch (mProxyType) { + case TYPE_HTTP: + type = Proxy.Type.HTTP; + break; + case TYPE_SOCKS: + type = Proxy.Type.SOCKS; + break; + } + return new Proxy(type, new InetSocketAddress(mProxyHost, mProxyPort)); + } + + protected ParcelableProxy(Parcel in) { + mProxyHost = in.readString(); + mProxyPort = in.readInt(); + mProxyType = in.readInt(); + } + + @Override + public int describeContents() { + return 0; + } + + @Override + public void writeToParcel(Parcel dest, int flags) { + dest.writeString(mProxyHost); + dest.writeInt(mProxyPort); + dest.writeInt(mProxyType); + } + + @SuppressWarnings("unused") + public static final Parcelable.Creator CREATOR = new Parcelable.Creator() { + @Override + public ParcelableProxy createFromParcel(Parcel in) { + return new ParcelableProxy(in); + } + + @Override + public ParcelableProxy[] newArray(int size) { + return new ParcelableProxy[size]; + } + }; +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java index 7c8e5f1ce..ab33f30bf 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java @@ -306,7 +306,8 @@ public class Preferences { boolean useNormalProxy = getUseNormalProxy(); if (useTor) { - proxy = Constants.Orbot.PROXY; + proxy = new Proxy(Constants.Orbot.PROXY_TYPE, + new InetSocketAddress(Constants.Orbot.PROXY_HOST, Constants.Orbot.PROXY_PORT)); } else if (useNormalProxy) { proxy = new Proxy(getProxyType(), new InetSocketAddress(getProxyHost(), getProxyPort())); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java index 4ff14e3bb..b116524ef 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java @@ -19,6 +19,8 @@ package org.sufficientlysecure.keychain.util; import android.content.res.AssetManager; +import com.squareup.okhttp.CertificatePinner; +import com.squareup.okhttp.OkHttpClient; import org.sufficientlysecure.keychain.Constants; import java.io.ByteArrayInputStream; @@ -85,6 +87,31 @@ public class TlsHelper { return url.openConnection(); } + public static void pinCertificateIfNecessary(OkHttpClient client, URL url) throws TlsHelperException { + if (url.getProtocol().equals("https")) { + for (String domain : sStaticCA.keySet()) { + if (url.getHost().endsWith(domain)) { + pinCertificate(sStaticCA.get(domain), domain, client); + } + } + } + } + + public static void pinCertificate(byte[] certificate, String hostName, OkHttpClient client) + throws TlsHelperException { + try { + // Load CA + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Certificate ca = cf.generateCertificate(new ByteArrayInputStream(certificate)); + String pin = CertificatePinner.pin(ca); + Log.e("PHILIP", "" + ca.getPublicKey() + ":" + pin); + + client.setCertificatePinner(new CertificatePinner.Builder().add(hostName, pin).build()); + } catch (CertificateException e) { + throw new TlsHelperException(e); + } + } + /** * Opens a Connection that will only accept certificates signed with a specific CA and skips common name check. * This is required for some distributed Keyserver networks like sks-keyservers.net -- cgit v1.2.3