added proxy support, silent right now

2015-06-07 02:19:03 +05:30
parent a6cb330daf
commit 007d02f01b
15 changed files with 250 additions and 55 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableProxy.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ParcelableProxy.java
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.util;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+import java.net.InetSocketAddress;
+import java.net.Proxy;
+
+/**
+ * used to simply transport java.net.Proxy objects created using InetSockets between services/activities
+ */
+public class ParcelableProxy implements Parcelable {
+    private String mProxyHost;
+    private int mProxyPort;
+    private int mProxyType;
+
+    private final int TYPE_HTTP = 1;
+    private final int TYPE_SOCKS = 2;
+
+    public ParcelableProxy(Proxy proxy) {
+        InetSocketAddress address = (InetSocketAddress) proxy.address();
+
+        mProxyHost = address.getHostName();
+        mProxyPort = address.getPort();
+
+        switch (proxy.type()) {
+            case HTTP: {
+                mProxyType = TYPE_HTTP;
+                break;
+            }
+            case SOCKS: {
+                mProxyType = TYPE_SOCKS;
+                break;
+            }
+        }
+    }
+
+    public Proxy getProxy() {
+        Proxy.Type type = null;
+        switch (mProxyType) {
+            case TYPE_HTTP:
+                type = Proxy.Type.HTTP;
+                break;
+            case TYPE_SOCKS:
+                type = Proxy.Type.SOCKS;
+                break;
+        }
+        return new Proxy(type, new InetSocketAddress(mProxyHost, mProxyPort));
+    }
+
+    protected ParcelableProxy(Parcel in) {
+        mProxyHost = in.readString();
+        mProxyPort = in.readInt();
+        mProxyType = in.readInt();
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeString(mProxyHost);
+        dest.writeInt(mProxyPort);
+        dest.writeInt(mProxyType);
+    }
+
+    @SuppressWarnings("unused")
+    public static final Parcelable.Creator<ParcelableProxy> CREATOR = new Parcelable.Creator<ParcelableProxy>() {
+        @Override
+        public ParcelableProxy createFromParcel(Parcel in) {
+            return new ParcelableProxy(in);
+        }
+
+        @Override
+        public ParcelableProxy[] newArray(int size) {
+            return new ParcelableProxy[size];
+        }
+    };
+}
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
@@ -306,7 +306,8 @@ public class Preferences {
        boolean useNormalProxy = getUseNormalProxy();

        if (useTor) {
-            proxy = Constants.Orbot.PROXY;
+            proxy = new Proxy(Constants.Orbot.PROXY_TYPE,
+                    new InetSocketAddress(Constants.Orbot.PROXY_HOST, Constants.Orbot.PROXY_PORT));
        }
        else if (useNormalProxy) {
            proxy = new Proxy(getProxyType(), new InetSocketAddress(getProxyHost(), getProxyPort()));
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java
@@ -19,6 +19,8 @@ package org.sufficientlysecure.keychain.util;

 import android.content.res.AssetManager;

+import com.squareup.okhttp.CertificatePinner;
+import com.squareup.okhttp.OkHttpClient;
 import org.sufficientlysecure.keychain.Constants;

 import java.io.ByteArrayInputStream;
@@ -85,6 +87,31 @@ public class TlsHelper {
        return url.openConnection();
    }

+    public static void pinCertificateIfNecessary(OkHttpClient client, URL url) throws TlsHelperException {
+        if (url.getProtocol().equals("https")) {
+            for (String domain : sStaticCA.keySet()) {
+                if (url.getHost().endsWith(domain)) {
+                    pinCertificate(sStaticCA.get(domain), domain, client);
+                }
+            }
+        }
+    }
+
+    public static void pinCertificate(byte[] certificate, String hostName, OkHttpClient client)
+            throws TlsHelperException {
+        try {
+            // Load CA
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            Certificate ca = cf.generateCertificate(new ByteArrayInputStream(certificate));
+            String pin = CertificatePinner.pin(ca);
+            Log.e("PHILIP", "" + ca.getPublicKey() + ":" + pin);
+
+            client.setCertificatePinner(new CertificatePinner.Builder().add(hostName, pin).build());
+        } catch (CertificateException e) {
+            throw new TlsHelperException(e);
+        }
+    }
+
    /**
     * Opens a Connection that will only accept certificates signed with a specific CA and skips common name check.
     * This is required for some distributed Keyserver networks like sks-keyservers.net