From 50cf425a5ba207f6f7d436e35c70989041876d48 Mon Sep 17 00:00:00 2001
From: Jonathan Fisher <jonathanfisher@mb000258.lan>
Date: Tue, 10 Nov 2020 14:48:24 +0000
Subject: [PATCH] log server certs, add link to drews tofu notes

---
 README.md                                              |  2 ++
 .../oppen/ariane/io/gemini/GeminiDatasourceTests.kt    |  7 +++++--
 .../java/oppen/ariane/io/gemini/GeminiDatasource.kt    | 10 ++++++----
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 809f4da..efa204e 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,8 @@ Ariane uses TLS but does not implement TOFU at all:
 
 > Clients can validate TLS connections however they like (including not at all) but the strongly RECOMMENDED approach is to implement a lightweight "TOFU" certificate-pinning system which treats self-signed certificates as first- class citizens
 
+See [Drew's note on TOFU](https://drewdevault.com/2020/09/21/Gemini-TOFU.html)
+
 ## Client TLS
 
 > Although rarely seen on the web, TLS permits clients to identify themselves to servers using certificates
diff --git a/app/src/androidTest/java/oppen/ariane/io/gemini/GeminiDatasourceTests.kt b/app/src/androidTest/java/oppen/ariane/io/gemini/GeminiDatasourceTests.kt
index 132b9bb..fa6883c 100644
--- a/app/src/androidTest/java/oppen/ariane/io/gemini/GeminiDatasourceTests.kt
+++ b/app/src/androidTest/java/oppen/ariane/io/gemini/GeminiDatasourceTests.kt
@@ -25,10 +25,13 @@ class GeminiDatasourceTests {
         "gemini://idiomdrottning.org"
     )
 
-    private val capsuleIndex = 3
+    private var capsuleIndex = 0
 
     @Before
-    private fun setup(){
+    fun setup(){
+        val capsule = capsules.random()
+        println("Using $capsule for Gemini tests")
+        capsuleIndex = capsules.indexOf(capsule)
         gemini = Datasource.factory(InstrumentationRegistry.getInstrumentation().targetContext)
     }
 
diff --git a/app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt b/app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt
index 1b40cc2..5f2eb25 100644
--- a/app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt
+++ b/app/src/main/java/oppen/ariane/io/gemini/GeminiDatasource.kt
@@ -37,7 +37,6 @@ class GeminiDatasource(
 
         when (uri.scheme) {
             GEMINI_SCHEME -> {
-
                 val cached = RuntimeCache.get(uri)
                 if(cached != null){
                     last = uri
@@ -100,10 +99,9 @@ class GeminiDatasource(
 
     /**
      *
-     * This was largely copied from
+     * This was originally largely copied from:
 
         https://framagit.org/waweic/gemini-client/-/blob/master/app/src/main/java/rocks/ism/decentral/geminiclient/GeminiConnection.kt
-
      *
      */
 
@@ -113,7 +111,11 @@ class GeminiDatasource(
             }
 
             override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
-
+                println("checkServerTrusted()")
+                println("checkServerTrusted() authType: $authType")
+                chain?.forEach { cert ->
+                    println("checkServerTrusted() cert: ${cert.subjectDN}")
+                }
             }
 
             override fun getAcceptedIssuers(): Array<X509Certificate> {