moonlight-stream/moonlight-android
1
0
Fork 0
mirror of https://github.com/moonlight-stream/moonlight-android.git synced 2026-02-16 10:31:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow pinning an existing trusted cert for testing

Browse Source
This commit is contained in:
Cameron Gutman
2019-08-20 17:58:37 -07:00
parent f28f9bc65f
commit 5199d90505
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
moonlight-common/src/main/java/com/limelight/nvstream/http/NvHTTP.java
View File

@@ -42,6 +42,7 @@ import com.limelight.nvstream.http.PairingManager.PairState;
import com.moonlight_stream.moonlight_common.BuildConfig;
import okhttp3.ConnectionPool;
import okhttp3.Handshake;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
@@ -81,10 +82,6 @@ public class NvHTTP {
throw new IllegalStateException("Should never be called");
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
if (certs.length != 1) {
throw new CertificateException("Invalid certificate chain length: "+certs.length);
}
// Check the server certificate if we've paired to this host
if (!certs[0].equals(NvHTTP.this.serverCert)) {
throw new CertificateException("Certificate mismatch");
@@ -288,6 +285,17 @@ public class NvHTTP {
}
}
public X509Certificate getCertificateIfTrusted() {
try {
Response resp = httpClient.newCall(new Request.Builder().url(baseUrlHttps).get().build()).execute();
Handshake handshake = resp.handshake();
if (handshake != null) {
return (X509Certificate)handshake.peerCertificates().get(0);
}
} catch (IOException ignored) {}
return null;
}
// Read timeout should be enabled for any HTTP query that requires no outside action
// on the GFE server. Examples of queries that DO require outside action are launch, resume, and quit.