limit posh files to 10k
This commit is contained in:
parent
7e762eb799
commit
09cf5feefa
|
@ -43,6 +43,7 @@ import androidx.appcompat.app.AppCompatActivity;
|
||||||
|
|
||||||
import com.google.common.base.Charsets;
|
import com.google.common.base.Charsets;
|
||||||
import com.google.common.base.Joiner;
|
import com.google.common.base.Joiner;
|
||||||
|
import com.google.common.io.ByteStreams;
|
||||||
import com.google.common.io.CharStreams;
|
import com.google.common.io.CharStreams;
|
||||||
|
|
||||||
import org.json.JSONArray;
|
import org.json.JSONArray;
|
||||||
|
@ -77,6 +78,7 @@ import javax.net.ssl.TrustManager;
|
||||||
import javax.net.ssl.TrustManagerFactory;
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
import javax.net.ssl.X509TrustManager;
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
|
||||||
|
import eu.siacs.conversations.Config;
|
||||||
import eu.siacs.conversations.R;
|
import eu.siacs.conversations.R;
|
||||||
import eu.siacs.conversations.crypto.XmppDomainVerifier;
|
import eu.siacs.conversations.crypto.XmppDomainVerifier;
|
||||||
import eu.siacs.conversations.entities.MTMDecision;
|
import eu.siacs.conversations.entities.MTMDecision;
|
||||||
|
@ -391,13 +393,13 @@ public class MemorizingTrustManager {
|
||||||
final List<String> fingerprints = getPoshFingerprints(domain);
|
final List<String> fingerprints = getPoshFingerprints(domain);
|
||||||
if (hash != null && fingerprints.size() > 0) {
|
if (hash != null && fingerprints.size() > 0) {
|
||||||
if (fingerprints.contains(hash)) {
|
if (fingerprints.contains(hash)) {
|
||||||
Log.d("mtm", "trusted cert fingerprint of " + domain + " via posh");
|
Log.d(Config.LOGTAG, "trusted cert fingerprint of " + domain + " via posh");
|
||||||
return;
|
return;
|
||||||
} else {
|
} else {
|
||||||
Log.d("mtm", "fingerprint " + hash + " not found in " + fingerprints);
|
Log.d(Config.LOGTAG, "fingerprint " + hash + " not found in " + fingerprints);
|
||||||
}
|
}
|
||||||
if (getPoshCacheFile(domain).delete()) {
|
if (getPoshCacheFile(domain).delete()) {
|
||||||
Log.d("mtm", "deleted posh file for " + domain + " after not being able to verify");
|
Log.d(Config.LOGTAG, "deleted posh file for " + domain + " after not being able to verify");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -410,7 +412,7 @@ public class MemorizingTrustManager {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> getPoshFingerprints(String domain) {
|
private List<String> getPoshFingerprints(final String domain) {
|
||||||
final List<String> cached = getPoshFingerprintsFromCache(domain);
|
final List<String> cached = getPoshFingerprintsFromCache(domain);
|
||||||
if (cached == null) {
|
if (cached == null) {
|
||||||
return getPoshFingerprintsFromServer(domain);
|
return getPoshFingerprintsFromServer(domain);
|
||||||
|
@ -424,13 +426,13 @@ public class MemorizingTrustManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<String> getPoshFingerprintsFromServer(String domain, String url, int maxTtl, boolean followUrl) {
|
private List<String> getPoshFingerprintsFromServer(String domain, String url, int maxTtl, boolean followUrl) {
|
||||||
Log.d("mtm", "downloading json for " + domain + " from " + url);
|
Log.d(Config.LOGTAG, "downloading json for " + domain + " from " + url);
|
||||||
final SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(master);
|
final SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(master);
|
||||||
final boolean useTor = QuickConversationsService.isConversations() && preferences.getBoolean("use_tor", master.getResources().getBoolean(R.bool.use_tor));
|
final boolean useTor = QuickConversationsService.isConversations() && preferences.getBoolean("use_tor", master.getResources().getBoolean(R.bool.use_tor));
|
||||||
try {
|
try {
|
||||||
final List<String> results = new ArrayList<>();
|
final List<String> results = new ArrayList<>();
|
||||||
final InputStream inputStream = HttpConnectionManager.open(url, useTor);
|
final InputStream inputStream = HttpConnectionManager.open(url, useTor);
|
||||||
final String body = CharStreams.toString(new InputStreamReader(inputStream, Charsets.UTF_8));
|
final String body = CharStreams.toString(new InputStreamReader(ByteStreams.limit(inputStream,10_000), Charsets.UTF_8));
|
||||||
final JSONObject jsonObject = new JSONObject(body);
|
final JSONObject jsonObject = new JSONObject(body);
|
||||||
int expires = jsonObject.getInt("expires");
|
int expires = jsonObject.getInt("expires");
|
||||||
if (expires <= 0) {
|
if (expires <= 0) {
|
||||||
|
@ -457,7 +459,7 @@ public class MemorizingTrustManager {
|
||||||
writeFingerprintsToCache(domain, results, 1000L * expires + System.currentTimeMillis());
|
writeFingerprintsToCache(domain, results, 1000L * expires + System.currentTimeMillis());
|
||||||
return results;
|
return results;
|
||||||
} catch (final Exception e) {
|
} catch (final Exception e) {
|
||||||
Log.d("mtm", "error fetching posh " + e.getMessage());
|
Log.d(Config.LOGTAG, "error fetching posh",e);
|
||||||
return new ArrayList<>();
|
return new ArrayList<>();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -495,7 +497,7 @@ public class MemorizingTrustManager {
|
||||||
file.delete();
|
file.delete();
|
||||||
return null;
|
return null;
|
||||||
} else {
|
} else {
|
||||||
Log.d("mtm", "posh fingerprints expire in " + (expiresIn / 1000) + "s");
|
Log.d(Config.LOGTAG, "posh fingerprints expire in " + (expiresIn / 1000) + "s");
|
||||||
}
|
}
|
||||||
final List<String> result = new ArrayList<>();
|
final List<String> result = new ArrayList<>();
|
||||||
final JSONArray jsonArray = jsonObject.getJSONArray("fingerprints");
|
final JSONArray jsonArray = jsonObject.getJSONArray("fingerprints");
|
||||||
|
@ -512,7 +514,6 @@ public class MemorizingTrustManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
private X509Certificate[] getAcceptedIssuers() {
|
private X509Certificate[] getAcceptedIssuers() {
|
||||||
LOGGER.log(Level.FINE, "getAcceptedIssuers()");
|
|
||||||
return defaultTrustManager == null ? new X509Certificate[0] : defaultTrustManager.getAcceptedIssuers();
|
return defaultTrustManager == null ? new X509Certificate[0] : defaultTrustManager.getAcceptedIssuers();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue