Update certificates to latest version, making sure there are no comme…

…nts (this breaks on Android). Check if no certificates are present before returning ssl context.
tinify · Jan 18, 2017 · d0b801e · d0b801e
1 parent 651e62c
commit d0b801e
Show file tree

Hide file tree

Showing 4 changed files with 490 additions and 907 deletions.
diff --git a/src/main/java/com/tinify/Client.java b/src/main/java/com/tinify/Client.java
@@ -79,6 +79,7 @@ public final Response request(final Method method, final String endpoint) throws
     }
 
     public final Response request(final Method method, final String endpoint, final Options options) throws Exception {
+        /* OkHttp does not support null request bodies if the method is POST. */
         if (method.equals(Method.GET)) {
             return request(method, endpoint, options.isEmpty() ? null : RequestBody.create(JSON, options.toJson()));
         } else {

diff --git a/src/main/java/com/tinify/SSLContext.java b/src/main/java/com/tinify/SSLContext.java
@@ -19,18 +19,21 @@ public static SSLSocketFactory getSocketFactory() {
             CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
             Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(certificateStream());
 
-            // Put the certificates a new key store.
-            char[] password = "password".toCharArray(); // Any password will work.
-            KeyStore keyStore = newEmptyKeyStore(password);
+            KeyStore keyStore = newEmptyKeyStore();
             int index = 0;
             for (Certificate certificate : certificates) {
                 String certificateAlias = Integer.toString(index++);
                 keyStore.setCertificateEntry(certificateAlias, certificate);
             }
 
+            if (keyStore.size() == 0) {
+                /* The resource stream was empty, no certificates were found. */
+                throw new ConnectionException("Unable to load any CA certificates.", null);
+            }
+
             KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
                     KeyManagerFactory.getDefaultAlgorithm());
-            keyManagerFactory.init(keyStore, password);
+            keyManagerFactory.init(keyStore, null);
             TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                     TrustManagerFactory.getDefaultAlgorithm());
             trustManagerFactory.init(keyStore);
@@ -49,11 +52,11 @@ public static InputStream certificateStream() throws IOException {
         return SSLContext.class.getResourceAsStream("/cacert.pem");
     }
 
-    private static KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException {
+    private static KeyStore newEmptyKeyStore() throws GeneralSecurityException {
         try {
             KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-            InputStream in = null; // By convention, 'null' creates an empty key store.
-            keyStore.load(in, password);
+            /* By convention, a null InputStream creates an empty key store. */
+            keyStore.load(null, null);
             return keyStore;
         } catch (IOException e) {
             throw new AssertionError(e);