Allow insecure connections to fix issue #11 (#13)

babylonhealth · Jun 8, 2019 · b780735 · b780735
1 parent 52718ba
commit b780735
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/lib/src/main/kotlin/com/babylon/certificatetransparency/VerificationResult.kt b/lib/src/main/kotlin/com/babylon/certificatetransparency/VerificationResult.kt
@@ -50,6 +50,13 @@ sealed class VerificationResult {
              */
             override fun toString() = "Success: SCT trusted logs $scts"
         }
+
+        data class InsecureConnection(val host: String) : Success() {
+            /**
+             * Returns a string representation of the object.
+             */
+            override fun toString() = "Success: SCT not enabled for insecure connection to $host"
+        }
     }
 
     /**

diff --git a/...m/babylon/certificatetransparency/internal/verifier/CertificateTransparencyInterceptor.kt b/...m/babylon/certificatetransparency/internal/verifier/CertificateTransparencyInterceptor.kt
@@ -25,6 +25,7 @@ import okhttp3.Interceptor
 import okhttp3.Response
 import java.security.cert.X509Certificate
 import javax.net.ssl.SSLPeerUnverifiedException
+import javax.net.ssl.SSLSocket
 import javax.net.ssl.X509TrustManager
 
 internal class CertificateTransparencyInterceptor(
@@ -39,7 +40,11 @@ internal class CertificateTransparencyInterceptor(
         val host = chain.request().url().host()
         val certs = chain.connection()?.handshake()?.peerCertificates()?.map { it as X509Certificate } ?: emptyList()
 
-        val result = verifyCertificateTransparency(host, certs)
+        val result = if (chain.connection()?.socket() is SSLSocket) {
+            verifyCertificateTransparency(host, certs)
+        } else {
+            VerificationResult.Success.InsecureConnection(host)
+        }
 
         logger?.log(host, result)
 

diff --git a/...lon/certificatetransparency/internal/CertificateTransparencyInterceptorIntegrationTest.kt b/...lon/certificatetransparency/internal/CertificateTransparencyInterceptorIntegrationTest.kt
@@ -62,6 +62,17 @@ class CertificateTransparencyInterceptorIntegrationTest {
         client.newCall(request).execute()
     }
 
+    @Test
+    fun insecureConnectionAllowed() {
+        val client = OkHttpClient.Builder().addNetworkInterceptor(networkInterceptor).build()
+
+        val request = Request.Builder()
+            .url("http://www.babylonhealth.com")
+            .build()
+
+        client.newCall(request).execute()
+    }
+
     @Test
     fun letsEncryptAllowed() {
         val client = OkHttpClient.Builder().addNetworkInterceptor(networkInterceptor).build()