make hkp classes slightly more failfast
This commit is contained in:
Vincent Breitmoser
@@ -49,14 +49,12 @@ import okhttp3.OkHttpClient;
|
|||||||
import okhttp3.Request;
|
import okhttp3.Request;
|
||||||
import okhttp3.RequestBody;
|
import okhttp3.RequestBody;
|
||||||
import okhttp3.Response;
|
import okhttp3.Response;
|
||||||
|
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
|
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
||||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||||
import org.sufficientlysecure.keychain.util.Log;
|
import org.sufficientlysecure.keychain.util.Log;
|
||||||
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
|
|
||||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||||
import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
|
|
||||||
|
|
||||||
public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
||||||
|
|
||||||
@@ -91,7 +89,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
* 5.2. Machine Readable Indexes</a>
|
* 5.2. Machine Readable Indexes</a>
|
||||||
* in Internet-Draft OpenPGP HTTP Keyserver Protocol Document
|
* in Internet-Draft OpenPGP HTTP Keyserver Protocol Document
|
||||||
*/
|
*/
|
||||||
public static final Pattern PUB_KEY_LINE = Pattern
|
private static final Pattern PUB_KEY_LINE = Pattern
|
||||||
.compile("pub:([0-9a-fA-F]+):([0-9]+):([0-9]+):([0-9]+):([0-9]*):([rde]*)[ \n\r]*" // pub line
|
.compile("pub:([0-9a-fA-F]+):([0-9]+):([0-9]+):([0-9]+):([0-9]*):([rde]*)[ \n\r]*" // pub line
|
||||||
+ "((uid:([^:]*):([0-9]+):([0-9]*):([rde]*)[ \n\r]*)+)", // one or more uid lines
|
+ "((uid:([^:]*):([0-9]+):([0-9]*):([rde]*)[ \n\r]*)+)", // one or more uid lines
|
||||||
Pattern.CASE_INSENSITIVE
|
Pattern.CASE_INSENSITIVE
|
||||||
@@ -121,7 +119,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
* </li>
|
* </li>
|
||||||
* </ul>
|
* </ul>
|
||||||
*/
|
*/
|
||||||
public static final Pattern UID_LINE = Pattern
|
private static final Pattern UID_LINE = Pattern
|
||||||
.compile("uid:([^:]*):([0-9]+):([0-9]*):([rde]*)",
|
.compile("uid:([^:]*):([0-9]+):([0-9]*):([rde]*)",
|
||||||
Pattern.CASE_INSENSITIVE);
|
Pattern.CASE_INSENSITIVE);
|
||||||
|
|
||||||
@@ -201,8 +199,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
|
|
||||||
private String query(HttpUrl url, @NonNull ParcelableProxy proxy) throws Keyserver.QueryFailedException, HttpError {
|
private String query(HttpUrl url, @NonNull ParcelableProxy proxy) throws Keyserver.QueryFailedException, HttpError {
|
||||||
try {
|
try {
|
||||||
OkHttpClient client =
|
OkHttpClient client = OkHttpClientFactory.getClientPinnedIfAvailable(url.url(), proxy.getProxy());
|
||||||
OkHttpClientFactory.getClientPinnedIfAvailable(url.url(), proxy.getProxy());
|
|
||||||
|
|
||||||
Request request = new Request.Builder()
|
Request request = new Request.Builder()
|
||||||
.url(url)
|
.url(url)
|
||||||
@@ -222,11 +219,11 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
}
|
}
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
Log.e(Constants.TAG, "IOException at HkpKeyserver", e);
|
Log.e(Constants.TAG, "IOException at HkpKeyserver", e);
|
||||||
throw new Keyserver.QueryFailedException("Keyserver '" + mUrl + "' is unavailable. Check your Internet connection!" +
|
String proxyInfo = proxy.getProxy() == Proxy.NO_PROXY ? "" : " Using proxy " + proxy.getProxy();
|
||||||
(proxy.getProxy() == Proxy.NO_PROXY ? "" : " Using proxy " + proxy.getProxy()));
|
String causeName = e.getCause().getClass().getSimpleName();
|
||||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
throw new Keyserver.QueryFailedException(String.format(
|
||||||
Log.e(Constants.TAG, "Exception in pinning certs", e);
|
"Network error (%s) for '%s'. Check your Internet connection! %s",
|
||||||
throw new Keyserver.QueryFailedException("Exception in pinning certs");
|
causeName, mUrl, proxyInfo));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -267,8 +264,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
|
|
||||||
data = query(url, proxy);
|
data = query(url, proxy);
|
||||||
} catch (URISyntaxException e) {
|
} catch (URISyntaxException e) {
|
||||||
Log.e(Constants.TAG, "Unsupported keyserver URI", e);
|
throw new IllegalStateException("Unsupported keyserver URI");
|
||||||
throw new Keyserver.QueryFailedException("Unsupported keyserver URI");
|
|
||||||
} catch (HttpError e) {
|
} catch (HttpError e) {
|
||||||
if (e.getData() != null) {
|
if (e.getData() != null) {
|
||||||
Log.d(Constants.TAG, "returned error data: " + e.getData().toLowerCase(Locale.ENGLISH));
|
Log.d(Constants.TAG, "returned error data: " + e.getData().toLowerCase(Locale.ENGLISH));
|
||||||
@@ -398,8 +394,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
|
|
||||||
data = query(url, proxy);
|
data = query(url, proxy);
|
||||||
} catch (URISyntaxException e) {
|
} catch (URISyntaxException e) {
|
||||||
Log.e(Constants.TAG, "Unsupported keyserver URI", e);
|
throw new IllegalStateException("Unsupported keyserver URI");
|
||||||
throw new Keyserver.QueryFailedException("Unsupported keyserver URI");
|
|
||||||
} catch (HttpError httpError) {
|
} catch (HttpError httpError) {
|
||||||
Log.d(Constants.TAG, "Failed to get key at HkpKeyserver", httpError);
|
Log.d(Constants.TAG, "Failed to get key at HkpKeyserver", httpError);
|
||||||
if (httpError.getCode() == 404) {
|
if (httpError.getCode() == 404) {
|
||||||
@@ -452,9 +447,6 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
Log.e(Constants.TAG, "IOException", e);
|
Log.e(Constants.TAG, "IOException", e);
|
||||||
throw new Keyserver.AddKeyException();
|
throw new Keyserver.AddKeyException();
|
||||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
|
||||||
Log.e(Constants.TAG, "Exception in pinning certs", e);
|
|
||||||
throw new Keyserver.AddKeyException();
|
|
||||||
} catch (URISyntaxException e) {
|
} catch (URISyntaxException e) {
|
||||||
Log.e(Constants.TAG, "Unsupported keyserver URI", e);
|
Log.e(Constants.TAG, "Unsupported keyserver URI", e);
|
||||||
throw new Keyserver.AddKeyException();
|
throw new Keyserver.AddKeyException();
|
||||||
|
|||||||
@@ -71,10 +71,8 @@ public class TlsCertificatePinning {
|
|||||||
* Use pinned certificate for OkHttpClient if we have one.
|
* Use pinned certificate for OkHttpClient if we have one.
|
||||||
*
|
*
|
||||||
* @return true, if certificate is available, false if not
|
* @return true, if certificate is available, false if not
|
||||||
* @throws TlsCertificatePinningException
|
|
||||||
* @throws IOException
|
|
||||||
*/
|
*/
|
||||||
public static SSLSocketFactory getPinnedSslSocketFactory(URL url) throws TlsCertificatePinningException, IOException {
|
public static SSLSocketFactory getPinnedSslSocketFactory(URL url) {
|
||||||
if (url.getProtocol().equals("https")) {
|
if (url.getProtocol().equals("https")) {
|
||||||
// use certificate PIN from assets if we have one
|
// use certificate PIN from assets if we have one
|
||||||
for (String host : sPinnedCertificates.keySet()) {
|
for (String host : sPinnedCertificates.keySet()) {
|
||||||
@@ -93,11 +91,8 @@ public class TlsCertificatePinning {
|
|||||||
* to URLs with passed certificate.
|
* to URLs with passed certificate.
|
||||||
*
|
*
|
||||||
* @param certificate certificate to pin
|
* @param certificate certificate to pin
|
||||||
* @throws TlsCertificatePinningException
|
|
||||||
* @throws IOException
|
|
||||||
*/
|
*/
|
||||||
private static SSLSocketFactory pinCertificate(byte[] certificate)
|
private static SSLSocketFactory pinCertificate(byte[] certificate) {
|
||||||
throws TlsCertificatePinningException, IOException {
|
|
||||||
// We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed
|
// We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed
|
||||||
// certificate if such certificate is not accepted by TrustManager.
|
// certificate if such certificate is not accepted by TrustManager.
|
||||||
// (Refer to note at end of description:
|
// (Refer to note at end of description:
|
||||||
@@ -124,15 +119,9 @@ public class TlsCertificatePinning {
|
|||||||
context.init(null, tmf.getTrustManagers(), null);
|
context.init(null, tmf.getTrustManagers(), null);
|
||||||
|
|
||||||
return context.getSocketFactory();
|
return context.getSocketFactory();
|
||||||
} catch (CertificateException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) {
|
} catch (CertificateException | KeyStoreException |
|
||||||
throw new TlsCertificatePinningException(e);
|
KeyManagementException | NoSuchAlgorithmException | IOException e) {
|
||||||
|
throw new IllegalStateException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public static class TlsCertificatePinningException extends Exception {
|
|
||||||
TlsCertificatePinningException(Exception e) {
|
|
||||||
super(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user