Add cert pinning during pairing

app/src/main/java/com/limelight/computers/ComputerDatabaseManager.java

@@ -1,5 +1,11 @@
 package com.limelight.computers;
 
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
@@ -23,6 +29,7 @@ public class ComputerDatabaseManager {
     private static final String REMOTE_ADDRESS_COLUMN_NAME = "RemoteAddress";
     private static final String MANUAL_ADDRESS_COLUMN_NAME = "ManualAddress";
     private static final String MAC_ADDRESS_COLUMN_NAME = "MacAddress";
+    private static final String SERVER_CERT_COLUMN_NAME = "ServerCert";
 
     private SQLiteDatabase computerDb;
 
@@ -43,13 +50,21 @@ public class ComputerDatabaseManager {
     }
 
     private void initializeDb(Context c) {
+        // Add cert column to the table if not present
+        try {
+            computerDb.execSQL(String.format((Locale)null,
+                    "ALTER TABLE %s ADD COLUMN %s TEXT",
+                    COMPUTER_TABLE_NAME, SERVER_CERT_COLUMN_NAME));
+        } catch (SQLiteException e) {}
+
+
         // Create tables if they aren't already there
         computerDb.execSQL(String.format((Locale)null,
-                "CREATE TABLE IF NOT EXISTS %s(%s TEXT PRIMARY KEY, %s TEXT NOT NULL, %s TEXT, %s TEXT, %s TEXT, %s TEXT)",
+                "CREATE TABLE IF NOT EXISTS %s(%s TEXT PRIMARY KEY, %s TEXT NOT NULL, %s TEXT, %s TEXT, %s TEXT, %s TEXT, %s TEXT)",
                 COMPUTER_TABLE_NAME,
                 COMPUTER_UUID_COLUMN_NAME, COMPUTER_NAME_COLUMN_NAME,
                 LOCAL_ADDRESS_COLUMN_NAME, REMOTE_ADDRESS_COLUMN_NAME, MANUAL_ADDRESS_COLUMN_NAME,
-                MAC_ADDRESS_COLUMN_NAME));
+                MAC_ADDRESS_COLUMN_NAME, SERVER_CERT_COLUMN_NAME));
 
         // Move all computers from the old DB (if any) to the new one
         List<ComputerDetails> oldComputers = LegacyDatabaseReader.migrateAllComputers(c);
@@ -70,6 +85,17 @@ public class ComputerDatabaseManager {
         values.put(REMOTE_ADDRESS_COLUMN_NAME, details.remoteAddress);
         values.put(MANUAL_ADDRESS_COLUMN_NAME, details.manualAddress);
         values.put(MAC_ADDRESS_COLUMN_NAME, details.macAddress);
+        try {
+            if (details.serverCert != null) {
+                values.put(SERVER_CERT_COLUMN_NAME, details.serverCert.getEncoded());
+            }
+            else {
+                values.put(SERVER_CERT_COLUMN_NAME, (byte[])null);
+            }
+        } catch (CertificateEncodingException e) {
+            values.put(SERVER_CERT_COLUMN_NAME, (byte[])null);
+            e.printStackTrace();
+        }
         return -1 != computerDb.insertWithOnConflict(COMPUTER_TABLE_NAME, null, values, SQLiteDatabase.CONFLICT_REPLACE);
     }
 
@@ -90,6 +116,17 @@ public class ComputerDatabaseManager {
         details.manualAddress = c.getString(4);
         details.macAddress = c.getString(5);
 
+        try {
+            byte[] derCertData = c.getBlob(6);
+
+            if (derCertData != null) {
+                details.serverCert = (X509Certificate) CertificateFactory.getInstance("X.509")
+                        .generateCertificate(new ByteArrayInputStream(derCertData));
+            }
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        }
+
         // This signifies we don't have dynamic state (like pair state)
         details.state = ComputerDetails.State.UNKNOWN;
 

app/src/main/java/com/limelight/computers/ComputerManagerService.java

@@ -435,8 +435,8 @@ public class ComputerManagerService extends Service {
         }
 
         try {
-            NvHTTP http = new NvHTTP(address, idManager.getUniqueId(),
-                    null, PlatformBinding.getCryptoProvider(ComputerManagerService.this));
+            NvHTTP http = new NvHTTP(address, idManager.getUniqueId(), details.serverCert,
+                    PlatformBinding.getCryptoProvider(ComputerManagerService.this));
 
             ComputerDetails newDetails = http.getComputerDetails();
 
@@ -698,7 +698,7 @@ public class ComputerManagerService extends Service {
 
                         try {
                             NvHTTP http = new NvHTTP(ServerHelper.getCurrentAddressFromComputer(computer), idManager.getUniqueId(),
-                                    null, PlatformBinding.getCryptoProvider(ComputerManagerService.this));
+                                    computer.serverCert, PlatformBinding.getCryptoProvider(ComputerManagerService.this));
 
                             String appList;
                             if (tuple != null) {