diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-21 14:05:44 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-09-21 14:05:49 +0200 |
commit | 9ee61dc0dfa5990126b7fb79c5373beb83a8b040 (patch) | |
tree | 474120fc44ceb09397b089fe329e32bd31afa199 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util | |
parent | ad2c8867e67e71f8b3d88db93911a7e37ed4bf69 (diff) | |
download | open-keychain-9ee61dc0dfa5990126b7fb79c5373beb83a8b040.tar.gz open-keychain-9ee61dc0dfa5990126b7fb79c5373beb83a8b040.tar.bz2 open-keychain-9ee61dc0dfa5990126b7fb79c5373beb83a8b040.zip |
Pin keybase certificate
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java index 7c1d9f291..32a5406e0 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java @@ -1,7 +1,3 @@ -package org.sufficientlysecure.keychain.util; - -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.OkUrlFactory; /* * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de> * @@ -19,8 +15,14 @@ import com.squareup.okhttp.OkUrlFactory; * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +package org.sufficientlysecure.keychain.util; + +import com.squareup.okhttp.OkHttpClient; +import com.squareup.okhttp.OkUrlFactory; import com.textuality.keybase.lib.KeybaseUrlConnectionClient; +import org.sufficientlysecure.keychain.Constants; + import java.io.IOException; import java.net.Proxy; import java.net.URL; @@ -33,25 +35,14 @@ import java.util.concurrent.TimeUnit; public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient { private final OkUrlFactory factory; - private final OkUrlFactory proxyFactory; private static OkUrlFactory generateUrlFactory() { OkHttpClient client = new OkHttpClient(); - client.setConnectTimeout(5000, TimeUnit.MILLISECONDS); - client.setReadTimeout(25000, TimeUnit.MILLISECONDS); - return new OkUrlFactory(client); - } - - private static OkUrlFactory generateProxyUrlFactory() { - OkHttpClient client = new OkHttpClient(); - client.setConnectTimeout(30000, TimeUnit.MILLISECONDS); - client.setReadTimeout(40000, TimeUnit.MILLISECONDS); return new OkUrlFactory(client); } public OkHttpKeybaseClient() { factory = generateUrlFactory(); - proxyFactory = generateProxyUrlFactory(); } @Override @@ -61,14 +52,28 @@ public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient { @Override public URLConnection openConnection(URL url, Proxy proxy) throws IOException { - URLConnection conn; if (proxy != null) { - proxyFactory.client().setProxy(proxy); - conn = proxyFactory.open(url); + factory.client().setProxy(proxy); + factory.client().setConnectTimeout(30000, TimeUnit.MILLISECONDS); + factory.client().setReadTimeout(40000, TimeUnit.MILLISECONDS); } else { - conn = factory.open(url); + factory.client().setConnectTimeout(5000, TimeUnit.MILLISECONDS); + factory.client().setReadTimeout(25000, TimeUnit.MILLISECONDS); } - return conn; + + factory.client().setFollowSslRedirects(false); + + // forced the usage of keybase.io pinned certificate + try { + if (!TlsHelper.usePinnedCertificateIfAvailable(factory.client(), url)) { + throw new IOException("no pinned certificate found for URL!"); + } + } catch (TlsHelper.TlsHelperException e) { + Log.e(Constants.TAG, "TlsHelper failed", e); + throw new IOException("TlsHelper failed"); + } + + return factory.open(url); } }
\ No newline at end of file |