Keyservers: Dont follow redirects, pin pgp.mit.edu, check for pinned cert on add (OKC-01-018)

2015-09-20 22:42:50 +02:00
parent 4c1d48bd95
commit 0b181743a3
22 changed files with 200 additions and 142 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
@@ -91,14 +91,15 @@ public class KeychainApplication extends Application {
        }

        brandGlowEffect(getApplicationContext(),
-            FormattingUtils.getColorFromAttr(getApplicationContext(), R.attr.colorPrimary));
+                FormattingUtils.getColorFromAttr(getApplicationContext(), R.attr.colorPrimary));

        setupAccountAsNeeded(this);

        // Update keyserver list as needed
        Preferences.getPreferences(this).upgradePreferences(this);

-        TlsHelper.addStaticCA("pool.sks-keyservers.net", getAssets(), "sks-keyservers.netCA.cer");
+        TlsHelper.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
+        TlsHelper.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");

        TemporaryStorageProvider.cleanUp(this);