From 9e939131b7e054054aa78fb30634cb6b489d1ae9 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 26 Aug 2015 22:42:12 +0200
Subject: [PATCH 1/3] Utils.calcFingerprint() should always return null if
 given null

#334 https://gitlab.com/fdroid/fdroidclient/issues/334
---
 F-Droid/src/org/fdroid/fdroid/Utils.java                      | 4 ++++
 F-Droid/src/org/fdroid/fdroid/net/WifiStateChangeService.java | 4 ----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/F-Droid/src/org/fdroid/fdroid/Utils.java b/F-Droid/src/org/fdroid/fdroid/Utils.java
index cde1f8a8b..e2bc69ab3 100644
--- a/F-Droid/src/org/fdroid/fdroid/Utils.java
+++ b/F-Droid/src/org/fdroid/fdroid/Utils.java
@@ -339,6 +339,8 @@ public final class Utils {
     }
 
     public static String calcFingerprint(Certificate cert) {
+        if (cert == null)
+            return null;
         try {
             return calcFingerprint(cert.getEncoded());
         } catch (CertificateEncodingException e) {
@@ -347,6 +349,8 @@ public final class Utils {
     }
 
     public static String calcFingerprint(byte[] key) {
+        if (key == null)
+            return null;
         String ret = null;
         if (key.length < 256) {
             Log.e(TAG, "key was shorter than 256 bytes (" + key.length + "), cannot be valid!");
diff --git a/F-Droid/src/org/fdroid/fdroid/net/WifiStateChangeService.java b/F-Droid/src/org/fdroid/fdroid/net/WifiStateChangeService.java
index 7fa094999..398e65d59 100644
--- a/F-Droid/src/org/fdroid/fdroid/net/WifiStateChangeService.java
+++ b/F-Droid/src/org/fdroid/fdroid/net/WifiStateChangeService.java
@@ -123,10 +123,6 @@ public class WifiStateChangeService extends Service {
                 // the fingerprint for the local repo's signing key
                 LocalRepoKeyStore localRepoKeyStore = LocalRepoKeyStore.get(context);
                 Certificate localCert = localRepoKeyStore.getCertificate();
-                // We were not able to generate/get a certificate
-                if (localCert == null) {
-                    return null;
-                }
                 FDroidApp.repo.fingerprint = Utils.calcFingerprint(localCert);
 
                 /*

From 04e318c9ca122868c205551fa0af617fe9b2c754 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Wed, 26 Aug 2015 22:42:42 +0200
Subject: [PATCH 2/3] force swap X.509 cert generation to use English/Gregorian
 times
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When using locales that use different calendars, like Farsi, Arabic,
Hebrew, etc. there was a crash in spongycastle's X.509 generation because
it was trying to parse a Farsi date string as English.

fixes #334 https://gitlab.com/fdroid/fdroidclient/issues/334

Here's the original stacktrace:
    java.lang.IllegalArgumentException: invalid date string: Unparseable date: "ñõðøòñðóñõõóGMT+00:00" (at offset 0)
            at org.spongycastle.asn1.ASN1UTCTime.<init>(ASN1UTCTime.java:115)
            at org.spongycastle.asn1.DERUTCTime.<init>(DERUTCTime.java:23)
            at org.spongycastle.asn1.x509.Time.<init>(Time.java:67)
            at org.spongycastle.cert.X509v3CertificateBuilder.<init>(X509v3CertificateBuilder.java:40)
            at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.generateSelfSignedCertChain(LocalRepoKeyStore.java:301)
            at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.generateSelfSignedCertChain(LocalRepoKeyStore.java:281)
            at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.<init>(LocalRepoKeyStore.java:136)
            at org.fdroid.fdroid.localrepo.LocalRepoKeyStore.get(LocalRepoKeyStore.java:73)
            at org.fdroid.fdroid.net.WifiStateChangeService$WaitForWifiAsyncTask.doInBackground(WifiStateChangeService.java:124)
            at org.fdroid.fdroid.net.WifiStateChangeService$WaitForWifiAsyncTask.doInBackground(WifiStateChangeService.java:62)
---
 .../fdroid/localrepo/LocalRepoKeyStore.java    | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java b/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java
index 548043b1c..a38fb559c 100644
--- a/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java
+++ b/F-Droid/src/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java
@@ -10,6 +10,7 @@ import org.spongycastle.asn1.x500.X500Name;
 import org.spongycastle.asn1.x509.GeneralName;
 import org.spongycastle.asn1.x509.GeneralNames;
 import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.spongycastle.asn1.x509.Time;
 import org.spongycastle.asn1.x509.X509Extension;
 import org.spongycastle.cert.X509CertificateHolder;
 import org.spongycastle.cert.X509v3CertificateBuilder;
@@ -41,6 +42,8 @@ import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Calendar;
 import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Locale;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
@@ -291,17 +294,22 @@ public class LocalRepoKeyStore {
         SubjectPublicKeyInfo subPubKeyInfo = new SubjectPublicKeyInfo(
                 ASN1Sequence.getInstance(pubKey.getEncoded()));
 
-        Date startDate = new Date(); // now
+        Date now = new Date(); // now
 
-        Calendar c = Calendar.getInstance();
-        c.setTime(startDate);
+        /* force it to use a English/Gregorian dates for the cert, hardly anyone
+           ever looks at the cert metadata anyway, and its very likely that they
+           understand English/Gregorian dates */
+        Calendar c = new GregorianCalendar(Locale.ENGLISH);
+        c.setTime(now);
         c.add(Calendar.YEAR, 1);
-        Date endDate = c.getTime();
+        Time startTime = new Time(now, Locale.ENGLISH);
+        Time endTime = new Time(c.getTime(), Locale.ENGLISH);
 
         X509v3CertificateBuilder v3CertGen = new X509v3CertificateBuilder(
                 subject,
                 BigInteger.valueOf(rand.nextLong()),
-                startDate, endDate,
+                startTime,
+                endTime,
                 subject,
                 subPubKeyInfo);
 

From 303de3d972eacdda8ac6c4f5ea984ca8d3f1cd64 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 27 Aug 2015 00:17:39 +0200
Subject: [PATCH 3/3] temporarily disable broken HTTPS support in swap

Right now, turning on HTTPS really just prevents things from working.  It
is not fully required, since swapping is only local connections, so not
easily susceptible to mass eavesdropping, though it would be nice.  I'm
leaving the rest of the plumbing for this here intact for when we come back
to getting swap always using HTTPS.

closes #378 https://gitlab.com/fdroid/fdroidclient/issues/378
---
 F-Droid/res/xml/preferences.xml                               | 4 ----
 F-Droid/src/org/fdroid/fdroid/Preferences.java                | 2 +-
 .../fdroid/fdroid/views/fragments/PreferencesFragment.java    | 1 -
 3 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/F-Droid/res/xml/preferences.xml b/F-Droid/res/xml/preferences.xml
index 0de38fb22..453c2e2a3 100644
--- a/F-Droid/res/xml/preferences.xml
+++ b/F-Droid/res/xml/preferences.xml
@@ -52,10 +52,6 @@
 		<EditTextPreference
 		    android:key="localRepoName"
 		    android:title="@string/local_repo_name" />
-		<CheckBoxPreference
-		    android:defaultValue="false"
-		    android:key="localRepoHttps"
-		    android:title="@string/local_repo_https" />
 	</PreferenceCategory>
 	<PreferenceCategory android:title="@string/proxy" >
         <CheckBoxPreference
diff --git a/F-Droid/src/org/fdroid/fdroid/Preferences.java b/F-Droid/src/org/fdroid/fdroid/Preferences.java
index fc8963c68..ae21febbb 100644
--- a/F-Droid/src/org/fdroid/fdroid/Preferences.java
+++ b/F-Droid/src/org/fdroid/fdroid/Preferences.java
@@ -152,7 +152,7 @@ public class Preferences implements SharedPreferences.OnSharedPreferenceChangeLi
     }
 
     public boolean isLocalRepoHttpsEnabled() {
-        return preferences.getBoolean(PREF_LOCAL_REPO_HTTPS, DEFAULT_LOCAL_REPO_HTTPS);
+        return false; // disabled until it works well
     }
 
     private String getDefaultLocalRepoName() {
diff --git a/F-Droid/src/org/fdroid/fdroid/views/fragments/PreferencesFragment.java b/F-Droid/src/org/fdroid/fdroid/views/fragments/PreferencesFragment.java
index c9373dd16..338c117b7 100644
--- a/F-Droid/src/org/fdroid/fdroid/views/fragments/PreferencesFragment.java
+++ b/F-Droid/src/org/fdroid/fdroid/views/fragments/PreferencesFragment.java
@@ -39,7 +39,6 @@ public class PreferencesFragment extends PreferenceFragment
         Preferences.PREF_IGN_TOUCH,
         Preferences.PREF_LOCAL_REPO_BONJOUR,
         Preferences.PREF_LOCAL_REPO_NAME,
-        Preferences.PREF_LOCAL_REPO_HTTPS,
         Preferences.PREF_LANGUAGE,
         Preferences.PREF_CACHE_APK,
         Preferences.PREF_EXPERT,