From 0429b3f7dd4a6037fa11df64bfdd176ea378e6bf Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 4 Sep 2014 23:24:40 -0400
Subject: [PATCH] remove HTTPS pinning and TOFU until the bugs get worked out

This reverts to only using standard HTTPS verification based on Certificate
Authorities.  This means that self-signed certificates will not work at all
since that is what MemorizingTrustManager was providing.  It seems to me
that this was originally working because MemorizingTrustManager was not
correctly validating.  I couldn't figure out why PinningTrustManager alone
was not working. But we need to get good stable release out!

I'm leaving all the plumbing in place because this stuff should be included
once its all fixed and working properly.  You can see where it was added
here: 254327f9a7700c8196e61f53801f1f12ac825806

refs #80 https://gitlab.com/fdroid/fdroidclient/issues/80
---
 CHANGELOG.md                         |  4 +++
 src/org/fdroid/fdroid/FDroidApp.java | 43 +---------------------------
 2 files changed, 5 insertions(+), 42 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 244efb5ea..ecc318da5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+
+* reverted self-signed support since it was broken, only HTTPS certificates
+  with proper CA signatures will work for now
+
 ### 0.71 (2014-08-05)
 
 * Added "local repo" support to host an F-Droid repo on the device itself, with
diff --git a/src/org/fdroid/fdroid/FDroidApp.java b/src/org/fdroid/fdroid/FDroidApp.java
index 0fd33551d..249e32d94 100644
--- a/src/org/fdroid/fdroid/FDroidApp.java
+++ b/src/org/fdroid/fdroid/FDroidApp.java
@@ -40,7 +40,6 @@ import android.os.Message;
 import android.os.Messenger;
 import android.os.RemoteException;
 import android.preference.PreferenceManager;
-import android.util.Log;
 import android.widget.Toast;
 
 import com.nostra13.universalimageloader.cache.disc.impl.LimitedAgeDiscCache;
@@ -49,8 +48,6 @@ import com.nostra13.universalimageloader.core.ImageLoader;
 import com.nostra13.universalimageloader.core.ImageLoaderConfiguration;
 import com.nostra13.universalimageloader.utils.StorageUtils;
 
-import de.duenndns.ssl.MemorizingTrustManager;
-
 import org.fdroid.fdroid.Preferences.ChangeListener;
 import org.fdroid.fdroid.compat.PRNGFixes;
 import org.fdroid.fdroid.data.AppProvider;
@@ -59,18 +56,10 @@ import org.fdroid.fdroid.data.Repo;
 import org.fdroid.fdroid.localrepo.LocalRepoService;
 import org.fdroid.fdroid.net.IconDownloader;
 import org.fdroid.fdroid.net.WifiStateChangeService;
-import org.thoughtcrime.ssl.pinning.PinningTrustManager;
-import org.thoughtcrime.ssl.pinning.SystemKeyStore;
 
 import java.io.File;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
 import java.util.Set;
 
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-
 public class FDroidApp extends Application {
 
     // for the local repo on this device, all static since there is only one
@@ -192,37 +181,7 @@ public class FDroidApp extends Application {
             .build();
         ImageLoader.getInstance().init(config);
 
-        try {
-            SSLContext sc = SSLContext.getInstance("TLS");
-
-            // MemorizingTrustManager -> PinningTrustManager -> Prompt User
-            /*
-             * The current HTTPS trust model is to first check if a site's key
-             * is TOFUed, then check if it is pinned and valid with the CA, then
-             * prompt the user. There is currently no way to only check the CA
-             * for validity. Ultimately, that should probably not be needed if
-             * the repo URLs can include the HTTPS pin info in the same way that
-             * the repo fingerprint is specified. Then it can be added to the
-             * TOFU/POP keystore when the user accepts the Add Repo dialog
-             */
-            PinningTrustManager pinMgr = new PinningTrustManager(
-                    SystemKeyStore.getInstance(getApplicationContext()),
-                    FDroidCertPins.getPinList(),
-                    0);
-            MemorizingTrustManager memMgr = new MemorizingTrustManager(getApplicationContext(), pinMgr);
-
-            /*
-             * initialize a SSLContext with the outermost trust manager, use
-             * this context to set the default SSL socket factory for the
-             * HTTPSURLConnection class.
-             */
-            sc.init(null, new TrustManager[] {memMgr}, new java.security.SecureRandom());
-            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-        } catch (KeyManagementException e) {
-            Log.e("FDroid", "Unable to set up trust manager chain. KeyManagementException");
-        } catch (NoSuchAlgorithmException e) {
-            Log.e("FDroid", "Unable to set up trust manager chain. NoSuchAlgorithmException");
-        }
+        // TODO reintroduce PinningTrustManager and MemorizingTrustManager
 
         // initialized the local repo information
         WifiManager wifiManager = (WifiManager) getSystemService(WIFI_SERVICE);