diff --git a/OpenKeychain/src/main/assets/LetsEncryptCA.cer b/OpenKeychain/src/main/assets/LetsEncryptCA.cer
deleted file mode 100644
index 0002462ce..000000000
--- a/OpenKeychain/src/main/assets/LetsEncryptCA.cer
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
-SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
-GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
-q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
-SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
-Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
-a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
-/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
-AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
-CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
-bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
-c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
-VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
-ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
-MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
-Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
-AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
-uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
-wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
-X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
-PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
-KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
------END CERTIFICATE-----
diff --git a/OpenKeychain/src/main/assets/hkps.pool.sks-keyservers.net.CA.cer b/OpenKeychain/src/main/assets/hkps.pool.sks-keyservers.net.CA.cer
deleted file mode 100644
index 24a2ad2e8..000000000
--- a/OpenKeychain/src/main/assets/hkps.pool.sks-keyservers.net.CA.cer
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
-BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u
-ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw
-MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP
-c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr
-cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I
-6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj
-MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F
-45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS
-FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx
-Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4
-aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx
-MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y
-u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9
-p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP
-fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G
-A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY
-TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR
-OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u
-gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/
-X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5
-gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB
-UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04
-lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT
-BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB
-cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U
-f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G
-ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph
-WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==
------END CERTIFICATE-----
diff --git a/OpenKeychain/src/main/assets/pgp.mit.edu.cer b/OpenKeychain/src/main/assets/pgp.mit.edu.cer
deleted file mode 100644
index 5de4241cb..000000000
--- a/OpenKeychain/src/main/assets/pgp.mit.edu.cer
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFnDCCBISgAwIBAgIRAOEF8Fi8qyp/9jJV2GaC7EUwDQYJKoZIhvcNAQELBQAw
-djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
-EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
-FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTcwMzMwMDAwMDAwWhcNMjAwMzI5
-MjM1OTU5WjCB2TELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTAyMTM5MRYwFAYDVQQI
-Ew1NYXNzYWNodXNldHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxHTAbBgNVBAkTFDc3
-IE1hc3NhY2h1c2V0dHMgQXZlMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3Rp
-dHV0ZSBvZiBUZWNobm9sb2d5MSkwJwYDVQQLDCBJbmZvcm1hdGlvbiBTeXN0ZW1z
-ICYgVGVjaG5vbG9neTEUMBIGA1UEAxMLcGdwLm1pdC5lZHUwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDVoQg1md1TohFDgQxOnxQmJ7Nz/wR4pOGmYt/+
-WQdt+TodycBsadeEpOvGlU06Spv8RNIm8KARm+Eqc/DrHwwl5XrkYH4R4wnIIrRB
-aZAx4kNWIzqfHX11+sDr+73PESctpxxVfdzhotBjewEuvrORsG3Q4LWCu8dMSMPD
-kuI7GKzu80gBrwYf0XjMidnocGab8VQNwRRhKvBnFZ9zYjsdUPZ7WMHvztcZdhsW
-g5jbmuysPC9ErpxeE0xD/DyDoc46UUORW2kfXYm3e6cB4/zjybCIJYBW/G28KTlk
-AuuYHcQtbQAHAMah3VcOi+2IQbrsgd88M12siOZsQ2ljmcd/AgMBAAGjggG/MIIB
-uzAfBgNVHSMEGDAWgBQeBaN3j2yW4luHS6a0hqxxAAznODAdBgNVHQ4EFgQUoyY9
-TyBELfDcf5GE01hdrh3j+AgwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAw
-HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGcGA1UdIARgMF4wUgYMKwYB
-BAGuIwEEAwEBMEIwQAYIKwYBBQUHAgEWNGh0dHBzOi8vd3d3LmluY29tbW9uLm9y
-Zy9jZXJ0L3JlcG9zaXRvcnkvY3BzX3NzbC5wZGYwCAYGZ4EMAQICMEQGA1UdHwQ9
-MDswOaA3oDWGM2h0dHA6Ly9jcmwuaW5jb21tb24tcnNhLm9yZy9JbkNvbW1vblJT
-QVNlcnZlckNBLmNybDB1BggrBgEFBQcBAQRpMGcwPgYIKwYBBQUHMAKGMmh0dHA6
-Ly9jcnQudXNlcnRydXN0LmNvbS9JbkNvbW1vblJTQVNlcnZlckNBXzIuY3J0MCUG
-CCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMBYGA1UdEQQPMA2C
-C3BncC5taXQuZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQCN63TS5Z2nhbOK4EgoYoc0
-pvZjd5lQVQofmyC3oflfPbSeYXfCdfgJz9eA9WJR6YDAd6c9BlGbFCmv6hGWTXUf
-0/44cQUc4wJ2HrN5aceJKTPFsIlaV6TqFA0G7nkye5QV3vVF1hvTosbMKfFYYUdT
-EYz4KlYyes9WdtuQodKNjwf+zXi6HdOZX2jPZB2uI/Qrb39G/qn9yuIlvAazo7j9
-HcgBWO8yG53oLCDdu6qFT+e9+mb/MazfjyoR9iYpC27NgCLJGNvGdYhwEDCXVEF0
-6wHNlpxGIs7HVvPedaG4ClAPhiNGvtQz3Q7idmJaSoifEfG6vpTuUEdaK9S52z+A
------END CERTIFICATE-----
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
index 03fd91371..370584104 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
@@ -23,21 +23,13 @@ import java.lang.reflect.Method;
import java.security.Security;
import java.util.HashMap;
-import android.accounts.Account;
-import android.accounts.AccountManager;
import android.annotation.SuppressLint;
import android.app.Application;
-import android.content.Context;
import android.graphics.Bitmap;
import android.os.Build;
-import android.os.Build.VERSION;
-import android.os.Build.VERSION_CODES;
-import android.widget.Toast;
-import androidx.annotation.Nullable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.sufficientlysecure.keychain.keysync.KeyserverSyncManager;
-import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
import org.sufficientlysecure.keychain.provider.TemporaryFileProvider;
import org.sufficientlysecure.keychain.util.PRNGFixes;
import org.sufficientlysecure.keychain.util.Preferences;
@@ -95,11 +87,6 @@ public class KeychainApplication extends Application {
// Upgrade preferences as needed
preferences.upgradePreferences();
- TlsCertificatePinning.addPinnedCertificate("keys.openpgp.org", getAssets(), "LetsEncryptCA.cer");
- TlsCertificatePinning.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
- TlsCertificatePinning.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
- TlsCertificatePinning.addPinnedCertificate("keyserver.ubuntu.com", getAssets(), "LetsEncryptCA.cer");
-
// only set up the rest on our main process
if (!BuildConfig.APPLICATION_ID.equals(getProcessName())) {
return;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/OkHttpClientFactory.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/OkHttpClientFactory.java
index 507a9509c..b98f36fac 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/OkHttpClientFactory.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/OkHttpClientFactory.java
@@ -71,15 +71,6 @@ public class OkHttpClientFactory {
.readTimeout(25000, TimeUnit.MILLISECONDS);
}
- // If a pinned cert is available, use it!
- // NOTE: this fails gracefully back to "no pinning" if no cert is available.
- TlsCertificatePinning tlsCertificatePinning = new TlsCertificatePinning(url);
- boolean isHttpsProtocol = "https".equals(url.getProtocol());
- boolean isPinAvailable = tlsCertificatePinning.isPinAvailable();
- if (isHttpsProtocol && isPinAvailable) {
- tlsCertificatePinning.pinCertificate(builder);
- }
-
return builder.build();
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/TlsCertificatePinning.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/TlsCertificatePinning.java
deleted file mode 100644
index 5431ce9bf..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/network/TlsCertificatePinning.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/*
- * Copyright (C) 2017 Schürmann & Breitmoser GbR
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- */
-
-package org.sufficientlysecure.keychain.network;
-
-import android.content.res.AssetManager;
-
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.KeyManagementException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-
-import okhttp3.OkHttpClient;
-import timber.log.Timber;
-
-
-public class TlsCertificatePinning {
-
- private static Map sCertificatePins = new HashMap<>();
-
- /**
- * Add certificate from assets to pinned certificate map.
- */
- public static void addPinnedCertificate(String host, AssetManager assetManager, String cerFilename) {
- try {
- InputStream is = assetManager.open(cerFilename);
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- int reads = is.read();
-
- while (reads != -1) {
- baos.write(reads);
- reads = is.read();
- }
-
- is.close();
-
- sCertificatePins.put(host, baos.toByteArray());
- } catch (IOException e) {
- Timber.w(e);
- }
- }
-
- private final URL url;
-
- public TlsCertificatePinning(URL url) {
- this.url = url;
- }
-
- public boolean isPinAvailable() {
- return sCertificatePins.containsKey(url.getHost());
- }
-
- /**
- * Modifies the builder to accept only requests with a given certificate.
- * Applies to all URLs requested by the builder.
- * Therefore a builder that is pinned this way should be used to only make requests
- * to URLs with passed certificate.
- */
- void pinCertificate(OkHttpClient.Builder builder) {
- Timber.d("Pinning certificate for " + url);
-
- // We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed
- // certificate if such certificate is not accepted by TrustManager.
- // (Refer to note at end of description:
- // http://square.github.io/okhttp/javadoc/com/squareup/okhttp/CertificatePinner.html )
- // Creating our own TrustManager that trusts only our certificate eliminates the need for certificate pinning
- try {
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- byte[] certificate = sCertificatePins.get(url.getHost());
- Certificate ca = cf.generateCertificate(new ByteArrayInputStream(certificate));
-
- KeyStore keyStore = createSingleCertificateKeyStore(ca);
- X509TrustManager trustManager = createTrustManager(keyStore);
-
- SSLContext sslContext = SSLContext.getInstance("TLS");
- sslContext.init(null, new TrustManager[]{trustManager}, null);
- SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
-
- builder.sslSocketFactory(sslSocketFactory, trustManager);
- } catch (CertificateException | KeyStoreException |
- KeyManagementException | NoSuchAlgorithmException | IOException e) {
- throw new IllegalStateException(e);
- }
- }
-
- private KeyStore createSingleCertificateKeyStore(Certificate ca) throws KeyStoreException,
- CertificateException, NoSuchAlgorithmException, IOException {
- String keyStoreType = KeyStore.getDefaultType();
- KeyStore keyStore = KeyStore.getInstance(keyStoreType);
- keyStore.load(null, null);
- keyStore.setCertificateEntry("ca", ca);
-
- return keyStore;
- }
-
- private X509TrustManager createTrustManager(KeyStore keyStore) throws NoSuchAlgorithmException,
- KeyStoreException {
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
- TrustManagerFactory.getDefaultAlgorithm());
- trustManagerFactory.init(keyStore);
- TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
- if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
- throw new IllegalStateException("Unexpected default trust managers: "
- + Arrays.toString(trustManagers));
- }
-
- return (X509TrustManager) trustManagers[0];
- }
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
index f58685a98..6bdc4783e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
@@ -33,10 +33,6 @@ import android.os.Bundle;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
-import androidx.annotation.NonNull;
-import com.google.android.material.textfield.TextInputLayout;
-import androidx.fragment.app.DialogFragment;
-import androidx.appcompat.app.AlertDialog;
import android.view.KeyEvent;
import android.view.LayoutInflater;
import android.view.View;
@@ -44,17 +40,19 @@ import android.view.inputmethod.EditorInfo;
import android.view.inputmethod.InputMethodManager;
import android.widget.Button;
import android.widget.CheckBox;
-import android.widget.CompoundButton;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.TextView.OnEditorActionListener;
+import androidx.annotation.NonNull;
+import androidx.appcompat.app.AlertDialog;
+import androidx.fragment.app.DialogFragment;
+import com.google.android.material.textfield.TextInputLayout;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.keyimport.HkpKeyserverAddress;
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
-import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
import org.sufficientlysecure.keychain.util.ParcelableProxy;
import org.sufficientlysecure.keychain.util.Preferences;
@@ -84,7 +82,6 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
private EditText mKeyserverEditOnionText;
private TextInputLayout mKeyserverEditOnionTextLayout;
private CheckBox mVerifyKeyserverCheckBox;
- private CheckBox mOnlyTrustedKeyserverCheckBox;
public enum DialogAction {
ADD,
@@ -134,13 +131,6 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
mKeyserverEditOnionText = view.findViewById(R.id.keyserver_onion_edit_text);
mKeyserverEditOnionTextLayout = view.findViewById(R.id.keyserver_onion_edit_text_layout);
mVerifyKeyserverCheckBox = view.findViewById(R.id.verify_connection_checkbox);
- mOnlyTrustedKeyserverCheckBox = view.findViewById(R.id.only_trusted_keyserver_checkbox);
- mVerifyKeyserverCheckBox.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
- @Override
- public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
- mOnlyTrustedKeyserverCheckBox.setEnabled(isChecked);
- }
- });
switch (mDialogAction) {
case ADD: {
@@ -243,20 +233,12 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
OrbotHelper.DialogActions dialogActions = new OrbotHelper.DialogActions() {
@Override
public void onOrbotStarted() {
- verifyConnection(
- keyserver,
- proxy,
- mOnlyTrustedKeyserverCheckBox.isChecked()
- );
+ verifyConnection(keyserver, proxy);
}
@Override
public void onNeutralButton() {
- verifyConnection(
- keyserver,
- null,
- mOnlyTrustedKeyserverCheckBox.isChecked()
- );
+ verifyConnection(keyserver, null);
}
@Override
@@ -266,11 +248,7 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
};
if (OrbotHelper.putOrbotInRequiredState(dialogActions, getActivity())) {
- verifyConnection(
- keyserver,
- proxy,
- mOnlyTrustedKeyserverCheckBox.isChecked()
- );
+ verifyConnection(keyserver, proxy);
}
} else {
dismiss();
@@ -327,7 +305,7 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
}
- public void verifyConnection(HkpKeyserverAddress keyserver, final ParcelableProxy proxy, final boolean onlyTrustedKeyserver) {
+ public void verifyConnection(HkpKeyserverAddress keyserver, ParcelableProxy proxy) {
new AsyncTask() {
ProgressDialog mProgressDialog;
@@ -345,7 +323,7 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
protected VerifyReturn doInBackground(HkpKeyserverAddress... keyservers) {
mKeyserver = keyservers[0];
- return verifyKeyserver(mKeyserver, proxy, onlyTrustedKeyserver);
+ return verifyKeyserver(mKeyserver, proxy);
}
@Override
@@ -360,20 +338,11 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
}.execute(keyserver);
}
- private VerifyReturn verifyKeyserver(HkpKeyserverAddress keyserver, final ParcelableProxy proxy, final boolean onlyTrustedKeyserver) {
+ private VerifyReturn verifyKeyserver(HkpKeyserverAddress keyserver, ParcelableProxy proxy) {
VerifyReturn reason = VerifyReturn.GOOD;
try {
URI keyserverUriHttp = keyserver.getUrlURI();
- // check TLS pinning only for non-Tor keyservers
- TlsCertificatePinning tlsCertificatePinning = new TlsCertificatePinning(keyserverUriHttp.toURL());
- boolean isPinAvailable = tlsCertificatePinning.isPinAvailable();
- if (onlyTrustedKeyserver && !isPinAvailable) {
- Timber.w("No pinned certificate for this host in OpenKeychain's assets.");
- reason = VerifyReturn.NO_PINNED_CERTIFICATE;
- return reason;
- }
-
OkHttpClient client = OkHttpClientFactory.getClientPinnedIfAvailable(
keyserverUriHttp.toURL(), proxy.getProxy());
client.newCall(new Request.Builder().url(keyserverUriHttp.toURL()).build()).execute();
diff --git a/OpenKeychain/src/main/res/layout/add_keyserver_dialog.xml b/OpenKeychain/src/main/res/layout/add_keyserver_dialog.xml
index 63ee7dae2..28af3fe75 100644
--- a/OpenKeychain/src/main/res/layout/add_keyserver_dialog.xml
+++ b/OpenKeychain/src/main/res/layout/add_keyserver_dialog.xml
@@ -53,11 +53,4 @@
android:checked="true"
android:text="@string/label_verify_keyserver_connection" />
-
-
\ No newline at end of file