Use keyserver.ubuntu.com as new default
This commit is contained in:
parent
37a58a620b
commit
3700432bd2
22
OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer
Normal file
22
OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer
Normal file
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
|
||||
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
|
||||
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
|
||||
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
|
||||
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
|
||||
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
|
||||
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
|
||||
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
|
||||
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
|
||||
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
|
||||
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
|
||||
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
|
||||
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
|
||||
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
|
||||
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
|
||||
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
|
||||
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
|
||||
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
|
||||
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
|
||||
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
|
||||
-----END CERTIFICATE-----
|
|
@ -174,8 +174,8 @@ public final class Constants {
|
|||
}
|
||||
|
||||
public static final class Defaults {
|
||||
public static final String KEY_SERVERS = "hkps://hkps.pool.sks-keyservers.net, hkps://pgp.mit.edu";
|
||||
public static final int PREF_CURRENT_VERSION = 8;
|
||||
public static final String KEY_SERVERS = "hkps://keyserver.ubuntu.com,hkps://hkps.pool.sks-keyservers.net;hkp://jirk5u4osbsr34t5.onion,hkps://pgp.mit.edu";
|
||||
public static final int PREF_CURRENT_VERSION = 9;
|
||||
}
|
||||
|
||||
public static final class key {
|
||||
|
|
|
@ -113,6 +113,7 @@ public class KeychainApplication extends Application {
|
|||
TlsCertificatePinning.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
|
||||
TlsCertificatePinning.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
|
||||
TlsCertificatePinning.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer");
|
||||
TlsCertificatePinning.addPinnedCertificate("keyserver.ubuntu.com", getAssets(), "DigiCertGlobalRootCA.cer");
|
||||
|
||||
TemporaryFileProvider.cleanUp(this);
|
||||
}
|
||||
|
|
|
@ -37,6 +37,7 @@ import org.sufficientlysecure.keychain.Constants.Pref;
|
|||
import org.sufficientlysecure.keychain.KeychainApplication;
|
||||
import org.sufficientlysecure.keychain.keyimport.HkpKeyserverAddress;
|
||||
import org.sufficientlysecure.keychain.service.KeyserverSyncAdapterService;
|
||||
|
||||
import timber.log.Timber;
|
||||
|
||||
|
||||
|
@ -424,11 +425,12 @@ public class Preferences {
|
|||
}
|
||||
|
||||
public void upgradePreferences(Context context) {
|
||||
Timber.d("Upgrading preferences…");
|
||||
int oldVersion = mSharedPreferences.getInt(Constants.Pref.PREF_VERSION, 0);
|
||||
boolean requiresUpgrade = oldVersion < Constants.Defaults.PREF_CURRENT_VERSION;
|
||||
|
||||
if (requiresUpgrade) {
|
||||
Timber.d("Upgrading preferences from %s to %s…", oldVersion, Constants.Defaults.PREF_CURRENT_VERSION);
|
||||
|
||||
switch (oldVersion) {
|
||||
case 1:
|
||||
// fall through
|
||||
|
@ -494,6 +496,9 @@ public class Preferences {
|
|||
}
|
||||
setKeyServers(servers);
|
||||
}
|
||||
case 8: {
|
||||
replaceDefaultKeyserverWithUbuntu();
|
||||
}
|
||||
}
|
||||
|
||||
// write new preference version
|
||||
|
@ -503,6 +508,20 @@ public class Preferences {
|
|||
}
|
||||
}
|
||||
|
||||
private void replaceDefaultKeyserverWithUbuntu() {
|
||||
ArrayList<HkpKeyserverAddress> servers = getKeyServers();
|
||||
boolean oldDefaults = "hkps://hkps.pool.sks-keyservers.net".equalsIgnoreCase(servers.get(0).getUrl()) ||
|
||||
"hkps://pgp.mit.edu".equalsIgnoreCase(servers.get(0).getUrl());
|
||||
|
||||
HkpKeyserverAddress ubuntuKeyserver = HkpKeyserverAddress.createFromUri("hkps://keyserver.ubuntu.com");
|
||||
if (oldDefaults) {
|
||||
servers.add(0, ubuntuKeyserver);
|
||||
} else if (!servers.contains(ubuntuKeyserver)){
|
||||
servers.add(ubuntuKeyserver);
|
||||
}
|
||||
setKeyServers(servers);
|
||||
}
|
||||
|
||||
public void clear() {
|
||||
mSharedPreferences.edit().clear().commit();
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue