From 10c5d151d3e027b79681b989d10cdfa8b51c9008 Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 18 Nov 2019 19:12:04 +0100 Subject: [PATCH] delete cached posh file after not being able to verify --- .../services/MemorizingTrustManager.java | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java b/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java index c393a9f22..bb028f96c 100644 --- a/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java +++ b/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java @@ -179,7 +179,7 @@ public class MemorizingTrustManager { File dir = app.getDir(KEYSTORE_DIR, Context.MODE_PRIVATE); keyStoreFile = new File(dir + File.separator + KEYSTORE_FILE); - poshCacheDir = app.getFilesDir().getAbsolutePath()+"/posh_cache/"; + poshCacheDir = app.getCacheDir().getAbsolutePath()+"/posh_cache/"; appKeyStore = loadAppKeyStore(); } @@ -427,14 +427,18 @@ public class MemorizingTrustManager { } catch (CertificateException e) { boolean trustSystemCAs = !PreferenceManager.getDefaultSharedPreferences(master).getBoolean("dont_trust_system_cas", false); if (domain != null && isServer && trustSystemCAs && !isIp(domain)) { - String hash = getBase64Hash(chain[0],"SHA-256"); - List fingerprints = getPoshFingerprints(domain); - if (hash != null && fingerprints.contains(hash)) { - Log.d("mtm","trusted cert fingerprint of "+domain+" via posh"); - return; + final String hash = getBase64Hash(chain[0],"SHA-256"); + final List fingerprints = getPoshFingerprints(domain); + if (hash != null && fingerprints.size() > 0) { + if (fingerprints.contains(hash)) { + Log.d("mtm","trusted cert fingerprint of "+domain+" via posh"); + return; + } + if (getPoshCacheFile(domain).delete()) { + Log.d("mtm", "deleted posh file for "+domain+" after not being able to verify"); + } } } - e.printStackTrace(); if (interactive) { interactCert(chain, authType, e); } else {