fix(build): implement certificate pinning
This commit is contained in:
Harsh Shandilya
parent
3e67280f65
commit
0542963ae0
3 changed files with 36 additions and 15 deletions
|
|
@ -0,0 +1,31 @@
|
||||||
|
package app.passwordstore.gradle
|
||||||
|
|
||||||
|
import java.util.concurrent.TimeUnit
|
||||||
|
import okhttp3.CertificatePinner
|
||||||
|
import okhttp3.OkHttpClient
|
||||||
|
|
||||||
|
object OkHttp {
|
||||||
|
private val certificatePinner =
|
||||||
|
CertificatePinner.Builder()
|
||||||
|
.add(
|
||||||
|
"api.crowdin.com",
|
||||||
|
"sha256/qKpGqFXXIteblI82BcMyRX0eC2o7lpL9XVInWKIG7rc=",
|
||||||
|
"sha256/DxH4tt40L+eduF6szpY6TONlxhZhBd+pJ9wbHlQ2fuw=",
|
||||||
|
"sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=",
|
||||||
|
)
|
||||||
|
.add(
|
||||||
|
"publicsuffix.org",
|
||||||
|
"sha256/GHmZgxELzHuqpSexbC20wv6kqtrqS6BFdKs0z5pciGw=",
|
||||||
|
"sha256/cXjPgKdVe6iojP8s0YQJ3rtmDFHTnYZxcYvmYGFiYME=",
|
||||||
|
"sha256/hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc=",
|
||||||
|
)
|
||||||
|
.build()
|
||||||
|
val CLIENT =
|
||||||
|
OkHttpClient.Builder()
|
||||||
|
.connectTimeout(5, TimeUnit.MINUTES)
|
||||||
|
.writeTimeout(5, TimeUnit.MINUTES)
|
||||||
|
.readTimeout(5, TimeUnit.MINUTES)
|
||||||
|
.callTimeout(10, TimeUnit.MINUTES)
|
||||||
|
.certificatePinner(certificatePinner)
|
||||||
|
.build()
|
||||||
|
}
|
||||||
|
|
@ -1,11 +1,10 @@
|
||||||
package app.passwordstore.gradle.crowdin
|
package app.passwordstore.gradle.crowdin
|
||||||
|
|
||||||
|
import app.passwordstore.gradle.OkHttp
|
||||||
import app.passwordstore.gradle.crowdin.api.ListProjects
|
import app.passwordstore.gradle.crowdin.api.ListProjects
|
||||||
import com.squareup.moshi.Moshi
|
import com.squareup.moshi.Moshi
|
||||||
import com.squareup.moshi.kotlin.reflect.KotlinJsonAdapterFactory
|
import com.squareup.moshi.kotlin.reflect.KotlinJsonAdapterFactory
|
||||||
import java.util.concurrent.TimeUnit
|
|
||||||
import okhttp3.MediaType.Companion.toMediaType
|
import okhttp3.MediaType.Companion.toMediaType
|
||||||
import okhttp3.OkHttpClient
|
|
||||||
import okhttp3.Request
|
import okhttp3.Request
|
||||||
import okhttp3.RequestBody.Companion.toRequestBody
|
import okhttp3.RequestBody.Companion.toRequestBody
|
||||||
import org.gradle.api.DefaultTask
|
import org.gradle.api.DefaultTask
|
||||||
|
|
@ -24,13 +23,6 @@ abstract class BuildOnApiTask : DefaultTask() {
|
||||||
|
|
||||||
@TaskAction
|
@TaskAction
|
||||||
fun doWork() {
|
fun doWork() {
|
||||||
val client =
|
|
||||||
OkHttpClient.Builder()
|
|
||||||
.connectTimeout(5, TimeUnit.MINUTES)
|
|
||||||
.writeTimeout(5, TimeUnit.MINUTES)
|
|
||||||
.readTimeout(5, TimeUnit.MINUTES)
|
|
||||||
.callTimeout(10, TimeUnit.MINUTES)
|
|
||||||
.build()
|
|
||||||
val moshi = Moshi.Builder().add(KotlinJsonAdapterFactory()).build()
|
val moshi = Moshi.Builder().add(KotlinJsonAdapterFactory()).build()
|
||||||
val projectAdapter = moshi.adapter(ListProjects::class.java)
|
val projectAdapter = moshi.adapter(ListProjects::class.java)
|
||||||
val projectRequest =
|
val projectRequest =
|
||||||
|
|
@ -39,7 +31,7 @@ abstract class BuildOnApiTask : DefaultTask() {
|
||||||
.header("Authorization", "Bearer ${crowdinKey.get()}")
|
.header("Authorization", "Bearer ${crowdinKey.get()}")
|
||||||
.get()
|
.get()
|
||||||
.build()
|
.build()
|
||||||
client.newCall(projectRequest).execute().use { response ->
|
OkHttp.CLIENT.newCall(projectRequest).execute().use { response ->
|
||||||
val projects = projectAdapter.fromJson(response.body!!.source())
|
val projects = projectAdapter.fromJson(response.body!!.source())
|
||||||
if (projects != null) {
|
if (projects != null) {
|
||||||
val identifier =
|
val identifier =
|
||||||
|
|
@ -54,7 +46,7 @@ abstract class BuildOnApiTask : DefaultTask() {
|
||||||
.header("Authorization", "Bearer ${crowdinKey.get()}")
|
.header("Authorization", "Bearer ${crowdinKey.get()}")
|
||||||
.post("{}".toRequestBody("application/json".toMediaType()))
|
.post("{}".toRequestBody("application/json".toMediaType()))
|
||||||
.build()
|
.build()
|
||||||
client.newCall(buildRequest).execute().close()
|
OkHttp.CLIENT.newCall(buildRequest).execute().close()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,8 @@
|
||||||
|
|
||||||
package app.passwordstore.gradle.psl
|
package app.passwordstore.gradle.psl
|
||||||
|
|
||||||
|
import app.passwordstore.gradle.OkHttp
|
||||||
import java.util.TreeSet
|
import java.util.TreeSet
|
||||||
import okhttp3.OkHttpClient
|
|
||||||
import okhttp3.Request
|
import okhttp3.Request
|
||||||
import okio.ByteString
|
import okio.ByteString
|
||||||
import okio.ByteString.Companion.encodeUtf8
|
import okio.ByteString.Companion.encodeUtf8
|
||||||
|
|
@ -32,12 +32,10 @@ abstract class PSLUpdateTask : DefaultTask() {
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun fetchPublicSuffixList(): PublicSuffixListData {
|
private fun fetchPublicSuffixList(): PublicSuffixListData {
|
||||||
val client = OkHttpClient.Builder().build()
|
|
||||||
|
|
||||||
val request =
|
val request =
|
||||||
Request.Builder().url("https://publicsuffix.org/list/public_suffix_list.dat").build()
|
Request.Builder().url("https://publicsuffix.org/list/public_suffix_list.dat").build()
|
||||||
|
|
||||||
client.newCall(request).execute().use { response ->
|
OkHttp.CLIENT.newCall(request).execute().use { response ->
|
||||||
val source = requireNotNull(response.body).source()
|
val source = requireNotNull(response.body).source()
|
||||||
|
|
||||||
val data = PublicSuffixListData()
|
val data = PublicSuffixListData()
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue