Skip to content

Add null checks to DomainPinningPolicy #57

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nabla-c0d3 merged 1 commit into from
Jun 30, 2019
Merged

Add null checks to DomainPinningPolicy #57

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 14 additions & 14 deletions trustkit/src/main/java/com/datatheorem/android/trustkit/config/DomainPinningPolicy.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,22 @@ public final class DomainPinningPolicy {
if (publicKeyHashStrList == null)
publicKeyHashStrList = new HashSet<>();

// Parse boolean settings and handle default values
if (shouldEnforcePinning == null) {
this.shouldEnforcePinning = false;
} else {
this.shouldEnforcePinning = shouldEnforcePinning;
}
if (shouldIncludeSubdomains == null) {
this.shouldIncludeSubdomains = false;
} else {
this.shouldIncludeSubdomains = shouldIncludeSubdomains;
}


// Check if the configuration has a empty pin-set and still would enforce pinning
// TrustKit should not work if the configuration contains both (opposite behaviors)
if (publicKeyHashStrList.isEmpty() && shouldEnforcePinning) {
if (publicKeyHashStrList.isEmpty() && this.shouldEnforcePinning) {
throw new ConfigurationException("An empty pin-set was supplied "+
"for domain " + this.hostname + " with the enforcePinning set to true. " +
"An empty pin-set disables pinning and can't be use with enforcePinning set to true.");
Expand All @@ -65,7 +77,7 @@ public final class DomainPinningPolicy {
// Check if the configuration has at least two pins (including a backup pin)
// TrustKit should not work if the configuration contains only one pin
// more info (https://tools.ietf.org/html/rfc7469#page-21)
if (publicKeyHashStrList.size() < 2 && shouldEnforcePinning) {
if (publicKeyHashStrList.size() < 2 && this.shouldEnforcePinning) {
throw new ConfigurationException("Less than two pins were supplied "+
"for domain " + this.hostname + ". This might " +
"brick your App; please review the Getting Started guide in " +
Expand All @@ -91,18 +103,6 @@ public final class DomainPinningPolicy {
reportUris.add(DEFAULT_REPORTING_URL);
}

// Parse boolean settings and handle default values
if (shouldEnforcePinning == null) {
this.shouldEnforcePinning = false;
} else {
this.shouldEnforcePinning = shouldEnforcePinning;
}
if (shouldIncludeSubdomains == null) {
this.shouldIncludeSubdomains = false;
} else {
this.shouldIncludeSubdomains = shouldIncludeSubdomains;
}

this.expirationDate = expirationDate;
}

Expand Down