diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2016-12-08 14:21:15 +0100 |
---|---|---|
committer | Daniel Gultsch <daniel@gultsch.de> | 2016-12-08 14:21:15 +0100 |
commit | 8d127f70d067636c9839fc9b8dd1e7d6507ef61d (patch) | |
tree | f8806e86311b5f1f47855e141e55e2b670eec3db | |
parent | 8eb292d16a2388fa5023fedaba76459ac03313ca (diff) |
follow redirects in posh
-rw-r--r-- | libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java index b722193e..439ad0f9 100644 --- a/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java +++ b/libs/MemorizingTrustManager/src/de/duenndns/ssl/MemorizingTrustManager.java @@ -458,10 +458,14 @@ public class MemorizingTrustManager { } private List<String> getPoshFingerprintsFromServer(String domain) { + return getPoshFingerprintsFromServer(domain, "https://"+domain+"/.well-known/posh/xmpp-client.json",-1,true); + } + + private List<String> getPoshFingerprintsFromServer(String domain, String url, int maxTtl, boolean followUrl) { + Log.d("mtm","downloading json for "+domain+" from "+url); try { List<String> results = new ArrayList<>(); - URL url = new URL("https://"+domain+"/.well-known/posh/xmpp-client.json"); - HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); + HttpsURLConnection connection = (HttpsURLConnection) new URL(url).openConnection(); connection.setConnectTimeout(5000); connection.setReadTimeout(5000); BufferedReader in = new BufferedReader(new InputStreamReader(connection.getInputStream())); @@ -472,6 +476,22 @@ public class MemorizingTrustManager { } JSONObject jsonObject = new JSONObject(builder.toString()); in.close(); + int expires = jsonObject.getInt("expires"); + if (expires <= 0) { + return new ArrayList<>(); + } + if (maxTtl >= 0) { + expires = Math.min(maxTtl,expires); + } + String redirect; + try { + redirect = jsonObject.getString("url"); + } catch (JSONException e) { + redirect = null; + } + if (followUrl && redirect != null && redirect.toLowerCase().startsWith("https")) { + return getPoshFingerprintsFromServer(domain, redirect, expires, false); + } JSONArray fingerprints = jsonObject.getJSONArray("fingerprints"); for(int i = 0; i < fingerprints.length(); i++) { JSONObject fingerprint = fingerprints.getJSONObject(i); @@ -480,11 +500,6 @@ public class MemorizingTrustManager { results.add(sha256); } } - int expires = jsonObject.getInt("expires"); - if (expires <= 0) { - return new ArrayList<>(); - } - in.close(); writeFingerprintsToCache(domain, results,1000L * expires+System.currentTimeMillis()); return results; } catch (Exception e) { |