Refactor certificate pinning for OkHttp 3.9

2017-12-04 16:52:01 +01:00
parent 202f702652
commit fd18e0215d
3 changed files with 58 additions and 40 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddEditKeyserverDialogFragment.java
@@ -366,8 +366,9 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
            URI keyserverUriHttp = keyserver.getUrlURI();

            // check TLS pinning only for non-Tor keyservers
-            if (onlyTrustedKeyserver
-                    && TlsCertificatePinning.getPinnedSslSocketFactory(keyserverUriHttp.toURL()) == null) {
+            TlsCertificatePinning tlsCertificatePinning = new TlsCertificatePinning(keyserverUriHttp.toURL());
+            boolean isPinAvailable = tlsCertificatePinning.isPinAvailable();
+            if (onlyTrustedKeyserver && !isPinAvailable) {
                Log.w(Constants.TAG, "No pinned certificate for this host in OpenKeychain's assets.");
                reason = VerifyReturn.NO_PINNED_CERTIFICATE;
                return reason;