diff options
Diffstat (limited to 'OpenKeychain')
4 files changed, 95 insertions, 81 deletions
diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle index ff6f603f4..8fe0cc7c7 100644 --- a/OpenKeychain/build.gradle +++ b/OpenKeychain/build.gradle @@ -19,7 +19,7 @@ dependencies { compile project(':extern:spongycastle:prov') compile project(':extern:AppMsg:library') compile project(':extern:SuperToasts:supertoasts') - compile project(':extern:dnsjava') + compile project(':extern:minidns') compile project(':extern:KeybaseLib:Lib') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java index 319ac2873..639b70043 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java @@ -49,6 +49,41 @@ public final class Constants { public static final String CUSTOM_CONTACT_DATA_MIME_TYPE = "vnd.android.cursor.item/vnd.org.sufficientlysecure.keychain.key"; + // TODO: Resource/Asset? + public static final String SKS_KEYSERVERS_NET_CA = + "-----BEGIN CERTIFICATE-----\n" + + "MIIFizCCA3OgAwIBAgIJAK9zyLTPn4CPMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV\n" + + "BAYTAk5PMQ0wCwYDVQQIDARPc2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5u\n" + + "ZXQgQ0ExHjAcBgNVBAMMFXNrcy1rZXlzZXJ2ZXJzLm5ldCBDQTAeFw0xMjEwMDkw\n" + + "MDMzMzdaFw0yMjEwMDcwMDMzMzdaMFwxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIDARP\n" + + "c2xvMR4wHAYDVQQKDBVza3Mta2V5c2VydmVycy5uZXQgQ0ExHjAcBgNVBAMMFXNr\n" + + "cy1rZXlzZXJ2ZXJzLm5ldCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC\n" + + "ggIBANdsWy4PXWNUCkS3L//nrd0GqN3dVwoBGZ6w94Tw2jPDPifegwxQozFXkG6I\n" + + "6A4TK1CJLXPvfz0UP0aBYyPmTNadDinaB9T4jIwd4rnxl+59GiEmqkN3IfPsv5Jj\n" + + "MkKUmJnvOT0DEVlEaO1UZIwx5WpfprB3mR81/qm4XkAgmYrmgnLXd/pJDAMk7y1F\n" + + "45b5zWofiD5l677lplcIPRbFhpJ6kDTODXh/XEdtF71EAeaOdEGOvyGDmCO0GWqS\n" + + "FDkMMPTlieLA/0rgFTcz4xwUYj/cD5e0ZBuSkYsYFAU3hd1cGfBue0cPZaQH2HYx\n" + + "Qk4zXD8S3F4690fRhr+tki5gyG6JDR67aKp3BIGLqm7f45WkX1hYp+YXywmEziM4\n" + + "aSbGYhx8hoFGfq9UcfPEvp2aoc8u5sdqjDslhyUzM1v3m3ZGbhwEOnVjljY6JJLx\n" + + "MxagxnZZSAY424ZZ3t71E/Mn27dm2w+xFRuoy8JEjv1d+BT3eChM5KaNwrj0IO/y\n" + + "u8kFIgWYA1vZ/15qMT+tyJTfyrNVV/7Df7TNeWyNqjJ5rBmt0M6NpHG7CrUSkBy9\n" + + "p8JhimgjP5r0FlEkgg+lyD+V79H98gQfVgP3pbJICz0SpBQf2F/2tyS4rLm+49rP\n" + + "fcOajiXEuyhpcmzgusAj/1FjrtlynH1r9mnNaX4e+rLWzvU5AgMBAAGjUDBOMB0G\n" + + "A1UdDgQWBBTkwyoJFGfYTVISTpM8E+igjdq28zAfBgNVHSMEGDAWgBTkwyoJFGfY\n" + + "TVISTpM8E+igjdq28zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQAR\n" + + "OXnYwu3g1ZjHyley3fZI5aLPsaE17cOImVTehC8DcIphm2HOMR/hYTTL+V0G4P+u\n" + + "gH+6xeRLKSHMHZTtSBIa6GDL03434y9CBuwGvAFCMU2GV8w92/Z7apkAhdLToZA/\n" + + "X/iWP2jeaVJhxgEcH8uPrnSlqoPBcKC9PrgUzQYfSZJkLmB+3jEa3HKruy1abJP5\n" + + "gAdQvwvcPpvYRnIzUc9fZODsVmlHVFBCl2dlu/iHh2h4GmL4Da2rRkUMlbVTdioB\n" + + "UYIvMycdOkpH5wJftzw7cpjsudGas0PARDXCFfGyKhwBRFY7Xp7lbjtU5Rz0Gc04\n" + + "lPrhDf0pFE98Aw4jJRpFeWMjpXUEaG1cq7D641RpgcMfPFvOHY47rvDTS7XJOaUT\n" + + "BwRjmDt896s6vMDcaG/uXJbQjuzmmx3W2Idyh3s5SI0GTHb0IwMKYb4eBUIpQOnB\n" + + "cE77VnCYqKvN1NVYAqhWjXbY7XasZvszCRcOG+W3FqNaHOK/n/0ueb0uijdLan+U\n" + + "f4p1bjbAox8eAOQS/8a3bzkJzdyBNUKGx1BIK2IBL9bn/HravSDOiNRSnZ/R3l9G\n" + + "ZauX0tu7IIDlRCILXSyeazu0aj/vdT3YFQXPcvt5Fkf5wiNTo53f72/jYEJd6qph\n" + + "WrpoKqrwGwTpRUCMhYIUt65hsTxCiJJ5nKe39h46sg==\n" + + "-----END CERTIFICATE-----"; + public static boolean KITKAT = Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT; public static final class Path { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/EmailKeyHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/EmailKeyHelper.java index 80f52f914..5d281d5b0 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/EmailKeyHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/EmailKeyHelper.java @@ -57,11 +57,13 @@ public class EmailKeyHelper { } } - // Most users don't have the SRV record, so ask a default server as well - String[] servers = Preferences.getPreferences(context).getKeyServers(); - if (servers != null && servers.length != 0) { - HkpKeyserver hkp = new HkpKeyserver(servers[0]); - keys.addAll(getEmailKeys(mail, hkp)); + if (keys.isEmpty()) { + // Most users don't have the SRV record, so ask a default server as well + String[] servers = Preferences.getPreferences(context).getKeyServers(); + if (servers != null && servers.length != 0) { + HkpKeyserver hkp = new HkpKeyserver(servers[0]); + keys.addAll(getEmailKeys(mail, hkp)); + } } return new ArrayList<ImportKeysListEntry>(keys); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java index 2ec9e1c07..09bd34fc9 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java @@ -18,36 +18,30 @@ package org.sufficientlysecure.keychain.keyimport; -import org.apache.http.HttpEntity; +import de.measite.minidns.Client; +import de.measite.minidns.Question; +import de.measite.minidns.Record; +import de.measite.minidns.record.SRV; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.message.BasicNameValuePair; -import org.apache.http.util.EntityUtils; import org.sufficientlysecure.keychain.Constants; +import org.sufficientlysecure.keychain.helper.TlsHelper; import org.sufficientlysecure.keychain.pgp.PgpHelper; import org.sufficientlysecure.keychain.pgp.PgpKeyHelper; import org.sufficientlysecure.keychain.util.Log; -import org.xbill.DNS.Lookup; -import org.xbill.DNS.Record; -import org.xbill.DNS.SRVRecord; -import org.xbill.DNS.Type; import java.io.IOException; -import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.net.HttpURLConnection; -import java.net.InetAddress; -import java.net.MalformedURLException; import java.net.URL; import java.net.URLDecoder; import java.net.URLEncoder; -import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Arrays; import java.util.Comparator; @@ -200,48 +194,39 @@ public class HkpKeyserver extends Keyserver { return mSecure ? "https://" : "http://"; } - private String query(String request) throws QueryFailedException, HttpError { - List<String> urls = new ArrayList<String>(); - if (mSecure) { - urls.add(getUrlPrefix() + mHost + ":" + mPort + request); - } else { - InetAddress ips[]; + private HttpURLConnection openConnection(URL url) throws IOException { + HttpURLConnection conn = null; + if (mHost.endsWith("pool.sks-keyservers.net") && mSecure) { try { - ips = InetAddress.getAllByName(mHost); - } catch (UnknownHostException e) { - throw new QueryFailedException(e.toString()); - } - for (InetAddress ip : ips) { - // Note: This is actually not HTTP 1.1 compliant, as we hide the real "Host" value, - // but Android's HTTPUrlConnection does not support any other way to set - // Socket's remote IP address... - urls.add(getUrlPrefix() + ip.getHostAddress() + ":" + mPort + request); + conn = TlsHelper.openCAConnection(Constants.SKS_KEYSERVERS_NET_CA.getBytes(), url); + } catch (TlsHelper.TlsHelperException e) { + Log.w(Constants.TAG, e); } } + if (conn == null) { + conn = (HttpURLConnection) url.openConnection(); + } + conn.setConnectTimeout(5000); + conn.setReadTimeout(25000); + return conn; + } - for (String url : urls) { - try { - Log.d(Constants.TAG, "hkp keyserver query: " + url); - URL realUrl = new URL(url); - HttpURLConnection conn = (HttpURLConnection) realUrl.openConnection(); - conn.setConnectTimeout(5000); - conn.setReadTimeout(25000); - conn.connect(); - int response = conn.getResponseCode(); - if (response >= 200 && response < 300) { - return readAll(conn.getInputStream(), conn.getContentEncoding()); - } else { - String data = readAll(conn.getErrorStream(), conn.getContentEncoding()); - throw new HttpError(response, data); - } - } catch (MalformedURLException e) { - // nothing to do, try next IP - } catch (IOException e) { - // nothing to do, try next IP + private String query(String request) throws QueryFailedException, HttpError { + try { + URL url = new URL(getUrlPrefix() + mHost + ":" + mPort + request); + Log.d(Constants.TAG, "hkp keyserver query: " + url); + HttpURLConnection conn = openConnection(url); + conn.connect(); + int response = conn.getResponseCode(); + if (response >= 200 && response < 300) { + return readAll(conn.getInputStream(), conn.getContentEncoding()); + } else { + String data = readAll(conn.getErrorStream(), conn.getContentEncoding()); + throw new HttpError(response, data); } + } catch (IOException e) { + throw new QueryFailedException("querying server(s) for '" + mHost + "' failed"); } - - throw new QueryFailedException("querying server(s) for '" + mHost + "' failed"); } @Override @@ -335,33 +320,24 @@ public class HkpKeyserver extends Keyserver { @Override public String get(String keyIdHex) throws QueryFailedException { - HttpClient client = new DefaultHttpClient(); + String request = "/pks/lookup?op=get&options=mr&search=" + keyIdHex; + Log.d(Constants.TAG, "hkp keyserver get: " + request); + String data; try { - String query = getUrlPrefix() + mHost + ":" + mPort + - "/pks/lookup?op=get&options=mr&search=" + keyIdHex; - Log.d(Constants.TAG, "hkp keyserver get: " + query); - HttpGet get = new HttpGet(query); - HttpResponse response = client.execute(get); - if (response.getStatusLine().getStatusCode() != HttpStatus.SC_OK) { - throw new QueryFailedException("not found"); - } - - HttpEntity entity = response.getEntity(); - InputStream is = entity.getContent(); - String data = readAll(is, EntityUtils.getContentCharSet(entity)); - Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data); - if (matcher.find()) { - return matcher.group(1); - } - } catch (IOException e) { - // nothing to do, better luck on the next keyserver - } finally { - client.getConnectionManager().shutdown(); + data = query(request); + } catch (HttpError httpError) { + throw new QueryFailedException("not found"); + } + Matcher matcher = PgpHelper.PGP_PUBLIC_KEY.matcher(data); + if (matcher.find()) { + return matcher.group(1); } - return null; } + /* + * TODO Use openConnection + */ @Override public void add(String armoredKey) throws AddKeyException { HttpClient client = new DefaultHttpClient(); @@ -396,19 +372,20 @@ public class HkpKeyserver extends Keyserver { */ public static HkpKeyserver resolve(String domain) { try { - Record[] records = new Lookup("_hkp._tcp." + domain, Type.SRV).run(); + Record[] records = new Client().query(new Question("_hkp._tcp." + domain, Record.TYPE.SRV)).getAnswers(); if (records.length > 0) { Arrays.sort(records, new Comparator<Record>() { @Override public int compare(Record lhs, Record rhs) { - if (!(lhs instanceof SRVRecord)) return 1; - if (!(rhs instanceof SRVRecord)) return -1; - return ((SRVRecord) lhs).getPriority() - ((SRVRecord) rhs).getPriority(); + if (lhs.getPayload().getType() != Record.TYPE.SRV) return 1; + if (rhs.getPayload().getType() != Record.TYPE.SRV) return -1; + return ((SRV) lhs.getPayload()).getPriority() - ((SRV) rhs.getPayload()).getPriority(); } }); Record record = records[0]; // This is our best choice - if (record instanceof SRVRecord) { - return new HkpKeyserver(((SRVRecord) record).getTarget().toString(), (short) ((SRVRecord) record).getPort()); + if (record.getPayload().getType() == Record.TYPE.SRV) { + return new HkpKeyserver(((SRV) record.getPayload()).getName(), + (short) ((SRV) record.getPayload()).getPort()); } } } catch (Exception ignored) { |