use TrustKit for SPKI pinning on Android 4.2+, continue using fingerp…

…rint pinning on older versions for now

AndroidManifest.xml

@@ -51,7 +51,7 @@
 
     <uses-feature android:name="android.hardware.touchscreen" android:required="false" />
 
-    <uses-sdk tools:overrideLibrary="android.support.customtabs, android.support.v13"/>
+    <uses-sdk tools:overrideLibrary="android.support.customtabs, android.support.v13, com.datatheorem.android.trustkit"/>
 
     <application
         android:name=".IRCCloudApplication"

build.gradle

@@ -333,7 +333,6 @@ dependencies {
     compile 'com.google.android.gms:play-services-identity:10.0.1'
     compile 'com.google.android.gms:play-services-ads:10.0.1'
     compile 'com.google.android.gms:play-services-gcm:10.0.1'
-    compile 'com.google.android.gms:play-services-wearable:10.0.1'
     compile 'com.google.android.apps.dashclock:dashclock-api:+'
     compile 'com.vandalsoftware.android:dslv:+'
     compile 'com.infstory:switch-preference-compat:1.0.+'
@@ -344,7 +343,8 @@ dependencies {
     compile 'com.raizlabs.android:DBFlow-Core:2.2.1'
     compile 'com.raizlabs.android:DBFlow:2.2.1'
     compile 'org.solovyev.android.views:linear-layout-manager:0.5@aar'
-    compile('com.crashlytics.sdk.android:crashlytics:2.6.6@aar') {
+    compile 'com.datatheorem.android.trustkit:trustkit:1.0.0'
+    compile('com.crashlytics.sdk.android:crashlytics:2.6.7@aar') {
         transitive = true;
     }
     compile fileTree(include: ['*.jar'], dir: 'libs')

irccloud-android.iml

@@ -66,9 +66,7 @@
       <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
       <sourceFolder url="file://$MODULE_DIR$/src/test/rs" isTestSource="true" />
       <sourceFolder url="file://$MODULE_DIR$/src/test/shaders" isTestSource="true" />
-      <excludeFolder url="file://$MODULE_DIR$/build/.DS_Store" />
       <excludeFolder url="file://$MODULE_DIR$/build/android-profile" />
-      <excludeFolder url="file://$MODULE_DIR$/build/filtered_resources" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/assets" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/blame" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/bundles" />
@@ -83,14 +81,12 @@
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/manifests" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/pre-dexed" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/proguard-files" />
-      <excludeFolder url="file://$MODULE_DIR$/build/intermediates/proguard-rules" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/res" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/rs" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/shaders" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/symbols" />
       <excludeFolder url="file://$MODULE_DIR$/build/intermediates/transforms" />
       <excludeFolder url="file://$MODULE_DIR$/build/outputs" />
-      <excludeFolder url="file://$MODULE_DIR$/build/reports" />
       <excludeFolder url="file://$MODULE_DIR$/build/tmp" />
     </content>
     <orderEntry type="jdk" jdkName="Android API 25 Platform" jdkType="Android SDK" />
@@ -100,7 +96,6 @@
     <orderEntry type="library" exported="" name="play-services-gass-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="design-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="baseLibrary-2.3.0" level="project" />
-    <orderEntry type="library" exported="" name="play-services-wearable-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="cardview-v7-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="linear-layout-manager-0.5" level="project" />
     <orderEntry type="library" exported="" name="jackson-annotations-2.8.0" level="project" />
@@ -112,34 +107,35 @@
     <orderEntry type="library" exported="" name="support-fragment-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="customtabs-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="dashclock-api-2.0.0" level="project" />
-    <orderEntry type="library" exported="" name="fabric-1.3.15" level="project" />
-    <orderEntry type="library" exported="" name="crashlytics-2.6.6" level="project" />
+    <orderEntry type="library" exported="" name="fabric-1.3.16" level="project" />
+    <orderEntry type="library" exported="" name="crashlytics-2.6.7" level="project" />
     <orderEntry type="library" exported="" name="handy-uri-templates-2.0.2" level="project" />
     <orderEntry type="library" exported="" name="play-services-basement-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="appcompat-v7-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="leakcanary-android-no-op-1.4" level="project" />
     <orderEntry type="library" exported="" name="recyclerview-v7-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="play-services-gcm-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="animated-vector-drawable-25.2.0" level="project" />
+    <orderEntry type="library" exported="" name="trustkit-1.0.0" level="project" />
     <orderEntry type="library" exported="" name="play-services-tasks-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="play-services-identity-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="DBFlow-Core-2.2.1" level="project" />
     <orderEntry type="library" exported="" name="transition-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="play-services-base-10.0.1" level="project" />
+    <orderEntry type="library" exported="" name="crashlytics-core-2.3.16" level="project" />
     <orderEntry type="library" exported="" name="adapters-1.3.1" level="project" />
-    <orderEntry type="library" exported="" name="crashlytics-core-2.3.15" level="project" />
     <orderEntry type="library" exported="" name="play-services-clearcut-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="play-services-auth-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="play-services-ads-lite-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="dslv-0.6.3" level="project" />
     <orderEntry type="library" exported="" name="jackson-databind-2.8.6" level="project" />
     <orderEntry type="library" exported="" name="play-services-iid-10.0.1" level="project" />
-    <orderEntry type="library" exported="" name="beta-1.2.3" level="project" />
+    <orderEntry type="library" exported="" name="beta-1.2.4" level="project" />
     <orderEntry type="library" exported="" name="play-services-ads-10.0.1" level="project" />
     <orderEntry type="library" exported="" name="support-v4-25.2.0" level="project" />
-    <orderEntry type="library" exported="" name="answers-1.3.11" level="project" />
     <orderEntry type="library" exported="" name="multiwindow-v1.3.2" level="project" />
     <orderEntry type="library" exported="" name="support-compat-25.2.0" level="project" />
+    <orderEntry type="library" exported="" name="answers-1.3.12" level="project" />
     <orderEntry type="library" exported="" name="support-media-compat-25.2.0" level="project" />
     <orderEntry type="library" exported="" name="jackson-core-2.8.6" level="project" />
     <orderEntry type="library" exported="" name="switch-preference-compat-1.0.0" level="project" />

res/xml/network_security_config.xml

@@ -22,5 +22,6 @@
             <pin digest="SHA-256">A0us4Wg8ZwLOrXMWm8W4BsECg+dz98ntmZZAmm8if9c=</pin>
             <pin digest="SHA-256">hPUhE79j0hDUJDg/Zy+yqkLt/lJKEa9PWb0vrnp2oyQ=</pin>
         </pin-set>
+        <trustkit-config enforcePinning="true"/>
     </domain-config>
 </network-security-config>

src/com/irccloud/android/IRCCloudApplicationBase.java

@@ -35,6 +35,7 @@
 import android.webkit.WebView;
 
 import com.crashlytics.android.Crashlytics;
+import com.datatheorem.android.trustkit.TrustKit;
 import com.irccloud.android.data.collection.ImageList;
 import com.irccloud.android.data.collection.ServersList;
 import com.irccloud.android.data.model.Buffer;
@@ -55,6 +56,8 @@ public class IRCCloudApplicationBase extends Application {
     @Override
     public void onCreate() {
         super.onCreate();
+        if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1)
+            TrustKit.initializeWithNetworkSecurityConfiguration(getApplicationContext(), R.xml.network_security_config);
         Fabric.with(this, new Crashlytics());
         Crashlytics.log(Log.INFO, "IRCCloud", "Crashlytics Initialized");
         FlowManager.init(this);

src/com/irccloud/android/NetworkConnection.java

@@ -41,6 +41,7 @@
 
 import com.codebutler.android_websockets.WebSocketClient;
 import com.crashlytics.android.Crashlytics;
+import com.datatheorem.android.trustkit.TrustKit;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonToken;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -563,7 +564,7 @@ public NetworkConnection() {
         WifiManager wfm = (WifiManager) IRCCloudApplication.getInstance().getApplicationContext().getSystemService(Context.WIFI_SERVICE);
         wifiLock = wfm.createWifiLock(TAG);
 
-        if(Build.VERSION.SDK_INT < Build.VERSION_CODES.N) {
+        if(Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1) {
             kms = new X509ExtendedKeyManager[1];
             kms[0] = new X509ExtendedKeyManager() {
                 @Override
@@ -1230,6 +1231,12 @@ public synchronized void connect(boolean ignoreNetworkState) {
             client.disconnect();
         }
 
+        if(Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
+            TrustManager[] trustManagers = new TrustManager[1];
+            trustManagers[0] = TrustKit.getInstance().getTrustManager(IRCCLOUD_HOST);
+            WebSocketClient.setTrustManagers(trustManagers);
+        }
+
         client = new WebSocketClient(URI.create(url), new WebSocketClient.Listener() {
             @Override
             public void onConnect() {
@@ -3085,8 +3092,10 @@ public String fetch(URL url, String postdata, String sk, String token, HashMap<S
 
         if (url.getProtocol().toLowerCase().equals("https")) {
             HttpsURLConnection https = (HttpsURLConnection) ((proxy != null) ? url.openConnection(proxy) : url.openConnection(Proxy.NO_PROXY));
-            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.N && url.getHost().equals(IRCCLOUD_HOST))
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1 && url.getHost().equals(IRCCLOUD_HOST))
                 https.setSSLSocketFactory(IRCCloudSocketFactory);
+            else
+                https.setSSLSocketFactory(TrustKit.getInstance().getSSLSocketFactory(url.getHost()));
             conn = https;
         } else {
             conn = (HttpURLConnection) ((proxy != null) ? url.openConnection(proxy) : url.openConnection(Proxy.NO_PROXY));
@@ -3320,8 +3329,10 @@ protected Boolean doInBackground(URL... url) {
 
                 if (url[0].getProtocol().toLowerCase().equals("https")) {
                     HttpsURLConnection https = (proxy != null) ? (HttpsURLConnection) url[0].openConnection(proxy) : (HttpsURLConnection) url[0].openConnection(Proxy.NO_PROXY);
-                    if(Build.VERSION.SDK_INT < Build.VERSION_CODES.N)
+                    if(Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1)
                         https.setSSLSocketFactory(IRCCloudSocketFactory);
+                    else
+                        https.setSSLSocketFactory(TrustKit.getInstance().getSSLSocketFactory(url[0].getHost()));
                     conn = https;
                 } else {
                     conn = (HttpURLConnection) ((proxy != null) ? url[0].openConnection(proxy) : url[0].openConnection(Proxy.NO_PROXY));
@@ -3506,7 +3517,7 @@ public static void printStackTraceToCrashlytics(Exception e) {
         }
     }
 
-    private class FetchConfigTask extends AsyncTask<Void, Void, Void> {
+    private class FetchConfigTask extends AsyncTaskEx<Void, Void, Void> {
 
         @Override
         protected Void doInBackground(Void... voids) {