mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-04 16:25:05 -05:00
Add hkps support for sks-keyservers.net
This commit is contained in:
mar-v-in
parent
b92a389ebc
commit
3ebbaae253
@ -49,6 +49,41 @@ public final class Constants {
|
|||||||
|
|
||||||
public static final String CUSTOM_CONTACT_DATA_MIME_TYPE = "vnd.android.cursor.item/vnd.org.sufficientlysecure.keychain.key";
|
public static final String CUSTOM_CONTACT_DATA_MIME_TYPE = "vnd.android.cursor.item/vnd.org.sufficientlysecure.keychain.key";
|
||||||
|
|
||||||
|
// TODO: Resource/Asset?
|
||||||
|
public static final String SKS_KEYSERVERS_NET_CA =
|
||||||
|
"-----BEGIN CERTIFICATE-----" +
|
||||||
|
"MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV" +
|
||||||
|
"BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u" +
|
||||||
|
"ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw" +
|
||||||
|
"MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP" +
|
||||||
|
"c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr" +
|
||||||
|
"cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC" +
|
||||||
|
"ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I" +
|
||||||
|
"6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj" +
|
||||||
|
"MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F" +
|
||||||
|
"45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS" +
|
||||||
|
"FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx" +
|
||||||
|
"Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4" +
|
||||||
|
"aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx" +
|
||||||
|
"MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y" +
|
||||||
|
"u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9" +
|
||||||
|
"p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP" +
|
||||||
|
"fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G" +
|
||||||
|
"A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY" +
|
||||||
|
"TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR" +
|
||||||
|
"OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u" +
|
||||||
|
"gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/" +
|
||||||
|
"X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5" +
|
||||||
|
"gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB" +
|
||||||
|
"UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04" +
|
||||||
|
"lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT" +
|
||||||
|
"BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB" +
|
||||||
|
"cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U" +
|
||||||
|
"f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G" +
|
||||||
|
"ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph" +
|
||||||
|
"WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==" +
|
||||||
|
"-----END CERTIFICATE-----";
|
||||||
|
|
||||||
public static boolean KITKAT = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT;
|
public static boolean KITKAT = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT;
|
||||||
|
|
||||||
public static final class Path {
|
public static final class Path {
|
||||||
|
|||||||
@ -22,32 +22,26 @@ import de.measite.minidns.Client;
|
|||||||
import de.measite.minidns.Question;
|
import de.measite.minidns.Question;
|
||||||
import de.measite.minidns.Record;
|
import de.measite.minidns.Record;
|
||||||
import de.measite.minidns.record.SRV;
|
import de.measite.minidns.record.SRV;
|
||||||
import org.apache.http.HttpEntity;
|
|
||||||
import org.apache.http.HttpResponse;
|
import org.apache.http.HttpResponse;
|
||||||
import org.apache.http.HttpStatus;
|
import org.apache.http.HttpStatus;
|
||||||
import org.apache.http.NameValuePair;
|
import org.apache.http.NameValuePair;
|
||||||
import org.apache.http.client.HttpClient;
|
import org.apache.http.client.HttpClient;
|
||||||
import org.apache.http.client.entity.UrlEncodedFormEntity;
|
import org.apache.http.client.entity.UrlEncodedFormEntity;
|
||||||
import org.apache.http.client.methods.HttpGet;
|
|
||||||
import org.apache.http.client.methods.HttpPost;
|
import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.impl.client.DefaultHttpClient;
|
import org.apache.http.impl.client.DefaultHttpClient;
|
||||||
import org.apache.http.message.BasicNameValuePair;
|
import org.apache.http.message.BasicNameValuePair;
|
||||||
import org.apache.http.util.EntityUtils;
|
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
|
import org.sufficientlysecure.keychain.helper.TlsHelper;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
|
import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
|
||||||
import org.sufficientlysecure.keychain.util.Log;
|
import org.sufficientlysecure.keychain.util.Log;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.UnsupportedEncodingException;
|
import java.io.UnsupportedEncodingException;
|
||||||
import java.net.HttpURLConnection;
|
import java.net.HttpURLConnection;
|
||||||
import java.net.InetAddress;
|
|
||||||
import java.net.MalformedURLException;
|
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.URLDecoder;
|
import java.net.URLDecoder;
|
||||||
import java.net.URLEncoder;
|
import java.net.URLEncoder;
|
||||||
import java.net.UnknownHostException;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Comparator;
|
import java.util.Comparator;
|
||||||
@ -200,48 +194,39 @@ public class HkpKeyserver extends Keyserver {
|
|||||||
return mSecure ? "https://" : "http://";
|
return mSecure ? "https://" : "http://";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private HttpURLConnection openConnection(URL url) throws IOException {
|
||||||
|
HttpURLConnection conn = null;
|
||||||
|
if (mHost.endsWith("pool.sks-keyservers.net") && mSecure) {
|
||||||
|
try {
|
||||||
|
conn = TlsHelper.openCAConnection(Constants.SKS_KEYSERVERS_NET_CA.getBytes(), url);
|
||||||
|
} catch (TlsHelper.TlsHelperException e) {
|
||||||
|
Log.w(Constants.TAG, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (conn == null) {
|
||||||
|
conn = (HttpURLConnection) url.openConnection();
|
||||||
|
}
|
||||||
|
conn.setConnectTimeout(5000);
|
||||||
|
conn.setReadTimeout(25000);
|
||||||
|
return conn;
|
||||||
|
}
|
||||||
|
|
||||||
private String query(String request) throws QueryFailedException, HttpError {
|
private String query(String request) throws QueryFailedException, HttpError {
|
||||||
List<String> urls = new ArrayList<String>();
|
try {
|
||||||
if (mSecure) {
|
URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request);
|
||||||
urls.add(getUrlPrefix() + mHost + ":" + mPort + request);
|
Log.d(Constants.TAG, "hkp keyserver query: " + url);
|
||||||
} else {
|
HttpURLConnection conn = openConnection(url);
|
||||||
InetAddress ips[];
|
conn.connect();
|
||||||
try {
|
int response = conn.getResponseCode();
|
||||||
ips = InetAddress.getAllByName(mHost);
|
if (response >= 200 && response < 300) {
|
||||||
} catch (UnknownHostException e) {
|
return readAll(conn.getInputStream(), conn.getContentEncoding());
|
||||||
throw new QueryFailedException(e.toString());
|
} else {
|
||||||
}
|
String data = readAll(conn.getErrorStream(), conn.getContentEncoding());
|
||||||
for (InetAddress ip : ips) {
|
throw new HttpError(response, data);
|
||||||
// Note: This is actually not HTTP 1.1 compliant, as we hide the real "Host" value,
|
|
||||||
// but Android's HTTPUrlConnection does not support any other way to set
|
|
||||||
// Socket's remote IP address...
|
|
||||||
urls.add(getUrlPrefix() + ip.getHostAddress() + ":" + mPort + request);
|
|
||||||
}
|
}
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new QueryFailedException("querying server(s) for '" + mHost + "' failed");
|
||||||
}
|
}
|
||||||
|
|
||||||
for (String url : urls) {
|
|
||||||
try {
|
|
||||||
Log.d(Constants.TAG, "hkp keyserver query: " + url);
|
|
||||||
URL realUrl = new URL(url);
|
|
||||||
HttpURLConnection conn = (HttpURLConnection) realUrl.openConnection();
|
|
||||||
conn.setConnectTimeout(5000);
|
|
||||||
conn.setReadTimeout(25000);
|
|
||||||
conn.connect();
|
|
||||||
int response = conn.getResponseCode();
|
|
||||||
if (response >= 200 && response < 300) {
|
|
||||||
return readAll(conn.getInputStream(), conn.getContentEncoding());
|
|
||||||
} else {
|
|
||||||
String data = readAll(conn.getErrorStream(), conn.getContentEncoding());
|
|
||||||
throw new HttpError(response, data);
|
|
||||||
}
|
|
||||||
} catch (MalformedURLException e) {
|
|
||||||
// nothing to do, try next IP
|
|
||||||
} catch (IOException e) {
|
|
||||||
// nothing to do, try next IP
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
throw new QueryFailedException("querying server(s) for '" + mHost + "' failed");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -335,33 +320,25 @@ public class HkpKeyserver extends Keyserver {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String get(String keyIdHex) throws QueryFailedException {
|
public String get(String keyIdHex) throws QueryFailedException {
|
||||||
HttpClient client = new DefaultHttpClient();
|
String query = getUrlPrefix() + mHost + ":" + mPort +
|
||||||
|
"/pks/lookup?op=get&options=mr&search=" + keyIdHex;
|
||||||
|
Log.d(Constants.TAG, "hkp keyserver get: " + query);
|
||||||
|
String data;
|
||||||
try {
|
try {
|
||||||
String query = getUrlPrefix() + mHost + ":" + mPort +
|
data = query(query);
|
||||||
"/pks/lookup?op=get&options=mr&search=" + keyIdHex;
|
} catch (HttpError httpError) {
|
||||||
Log.d(Constants.TAG, "hkp keyserver get: " + query);
|
throw new QueryFailedException("not found");
|
||||||
HttpGet get = new HttpGet(query);
|
}
|
||||||
HttpResponse response = client.execute(get);
|
Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data);
|
||||||
if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) {
|
if (matcher.find()) {
|
||||||
throw new QueryFailedException("not found");
|
return matcher.group(1);
|
||||||
}
|
|
||||||
|
|
||||||
HttpEntity entity = response.getEntity();
|
|
||||||
InputStream is = entity.getContent();
|
|
||||||
String data = readAll(is, EntityUtils.getContentCharSet(entity));
|
|
||||||
Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data);
|
|
||||||
if (matcher.find()) {
|
|
||||||
return matcher.group(1);
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
// nothing to do, better luck on the next keyserver
|
|
||||||
} finally {
|
|
||||||
client.getConnectionManager().shutdown();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* TODO Use openConnection
|
||||||
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void add(String armoredKey) throws AddKeyException {
|
public void add(String armoredKey) throws AddKeyException {
|
||||||
HttpClient client = new DefaultHttpClient();
|
HttpClient client = new DefaultHttpClient();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user