From 6cc48019aef5120366928b981219b0116de8c5a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Hu=CC=88ning?= <christian.huening@figo.io>
Date: Tue, 16 Apr 2019 14:31:57 +0200
Subject: [PATCH] remove certificate pinning and bump version to 3.2.0

---
 .vscode/settings.json                         |  8 ++++
 README.md                                     | 22 +--------
 pom.xml                                       |  2 +-
 src/main/java/me/figo/FigoApi.java            | 46 +++++++++----------
 .../me/figo/internal/FakeTrustManager.java    |  4 +-
 5 files changed, 32 insertions(+), 50 deletions(-)
 create mode 100644 .vscode/settings.json

diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..2421e38
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+    "files.exclude": {
+        "**/.classpath": true,
+        "**/.project": true,
+        "**/.settings": true,
+        "**/.factorypath": true
+    }
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 913d17e..e8c8dbf 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ Simply add to your pom.xml:
 <dependency>
         <groupId>me.figo</groupId>
         <artifactId>sdk</artifactId>
-        <version>3.1.8</version>
+        <version>3.2.0</version>
 </dependency>
 ```
 
@@ -56,26 +56,6 @@ session.setProxy(proxy);
 // now do your API calls
 ```
 
-You can add valid SSL fingerprints by adding them to the `FIGO_API_FINGERPRINTS` environment variable. Fingerprints
-need to be added in HEX format without column delimiters. A column delimiter is used to indicate the next element in
-the list of fingerprints.
-
-
-To disable the SSL certificate pinning (not recommended) do the following:
-```java
-// first create the FigoSession object
-FigoSession session = new FigoSession("ASHWLIkouP2O6_bgA2wWReRhletgWKHYjLqDaqb0LFfamim9RjexTo22ujRIP_cjLiRiSyQXyt2kM1eXU2XLFZQ0Hro15HikJQT_eNeT_9XQ");
-
-// create FakeTrustManager and add it to your FigoConnection or FigoSession
-X509TrustManager trustManager = FakeTrustManager();
-session.setTrustManager(trustManager);
-
-// now do your API calls
-```
-
-To connect to the staging system of figo, you need to set the `FIGO_API_FINGERPRINTS` environment variable with the staging SHA256 fingerprint (`B752322B4BDCC974B165A79E8DF944E5A1622DD34327A7AAF5F7B7FAD9C31B0A`)
-
-
 A more detailed documentation of the figo connect API can be found at http://docs.figo.io/v3/.
 
 Demos
diff --git a/pom.xml b/pom.xml
index d34f5e0..5c5d196 100755
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>me.figo</groupId>
     <artifactId>sdk</artifactId>
-    <version>3.1.8</version>
+    <version>3.2.0</version>
     <packaging>jar</packaging>
 
     <name>Figo Java SDK</name>
diff --git a/src/main/java/me/figo/FigoApi.java b/src/main/java/me/figo/FigoApi.java
index 01411d2..a216cdc 100644
--- a/src/main/java/me/figo/FigoApi.java
+++ b/src/main/java/me/figo/FigoApi.java
@@ -43,16 +43,16 @@
 
 import com.google.gson.Gson;
 
+import me.figo.internal.FakeTrustManager;
 import me.figo.internal.FigoSocketFactory;
-import me.figo.internal.FigoTrustManager;
 import me.figo.internal.GsonAdapter;
 
 /**
  *
- * 
+ *
  */
 public class FigoApi {
-    
+
     protected static final String API_FIGO_LIVE = "https://api.figo.me";
 	protected static final String API_FIGO_STAGE = "https://staging.figo.me";
 	private Logger logger = Logger.getLogger(this.getClass().getName());
@@ -61,9 +61,9 @@ public class FigoApi {
     private int timeout;
     private X509TrustManager trustManager;
     private Proxy proxy;
-    
+
     /**
-     * 
+     *
      * @param apiEndpoint
      * @param authorization
      * @param timeout
@@ -72,13 +72,13 @@ public FigoApi(String apiEndpoint, String authorization, int timeout) {
         this.apiEndpoint = apiEndpoint;
         this.authorization = authorization;
         this.timeout = timeout;
-        this.trustManager = new FigoTrustManager();
+        this.trustManager = new FakeTrustManager();
     }
 
     public FigoApi(String authorization, int timeout)   {
         this.authorization = authorization;
         this.timeout = timeout;
-        this.trustManager = new FigoTrustManager();
+        this.trustManager = new FakeTrustManager();
         String endpointEnv = System.getenv("FIGO_API_ENDPOINT");
         if (endpointEnv != null)  {
             this.apiEndpoint = endpointEnv;
@@ -87,19 +87,15 @@ public FigoApi(String authorization, int timeout)   {
             this.apiEndpoint = API_FIGO_LIVE;
         }
     }
-    
-    public void setTrustManager(X509TrustManager trustManager)	{
-    	this.trustManager = trustManager;
-    }
-    
+
     public void setProxy(Proxy proxy)	{
     	this.proxy = proxy;
     }
-    
-    
+
+
     /**
      * Helper method for making a OAuth2-compliant API call
-     * 
+     *
      * @param path
      *            path on the server to call
      * @param data
@@ -111,7 +107,7 @@ public void setProxy(Proxy proxy)	{
      * @param <T>
      *            Type of expected response
      * @return the parsed result of the request
-     * 
+     *
      * @exception FigoException Base class for all figoExceptions
      * @exception IOException IOException
      */
@@ -126,10 +122,10 @@ public <T> T queryApi(String path, Object data, String method, Type typeOfT) thr
         else	{
         	connection = (HttpURLConnection) url.openConnection();
         }
-        
+
         connection.setConnectTimeout(timeout);
         connection.setReadTimeout(timeout);
-        
+
         setupTrustManager(connection, trustManager);
 
         connection.setRequestMethod(method);
@@ -152,7 +148,7 @@ public <T> T queryApi(String path, Object data, String method, Type typeOfT) thr
     /**
      * Method to configure TrustManager.
      * @param connection
-     * 
+     *
      * @exception IOException IOException
      */
     protected void setupTrustManager(HttpURLConnection connection, X509TrustManager trustManager) throws IOException {
@@ -177,7 +173,7 @@ protected void setupTrustManager(HttpURLConnection connection, X509TrustManager
      * @param connection
      * @param typeOfT
      * @return
-     * 
+     *
      * @exception FigoException Base class for all figoExceptions
      * @exception IOException IOException
      */
@@ -199,10 +195,10 @@ private void logError(FigoException.ErrorResponse errorResponse, HttpURLConnecti
 			errorString += " " + connection.getRequestMethod() + " " + connection.getURL().toString();
 		logger.log(Level.SEVERE, errorString);
 	}
-    
+
     /**
      * Handle the response of a request by decoding its JSON payload
-     * 
+     *
      * @param stream
      *            Stream containing the JSON data
      * @param typeOfT
@@ -223,10 +219,10 @@ protected <T> T handleResponse(InputStream stream, Type typeOfT) {
         // decode JSON payload
         return createGson().fromJson(body, typeOfT);
     }
-    
+
     /**
      * Instantiate the GSON class. Meant to be overridden in order to provide custom Gson settings.
-     * 
+     *
      * @return GSON instance
      */
     protected Gson createGson() {
@@ -239,7 +235,7 @@ public String getApiEndpoint() {
 
     /**
      * The timeout used for queries.
-     * @return 
+     * @return
      */
     public int getTimeout() {
         return timeout;
diff --git a/src/main/java/me/figo/internal/FakeTrustManager.java b/src/main/java/me/figo/internal/FakeTrustManager.java
index d67ddac..7f58b93 100644
--- a/src/main/java/me/figo/internal/FakeTrustManager.java
+++ b/src/main/java/me/figo/internal/FakeTrustManager.java
@@ -29,11 +29,9 @@
 
 /**
  * Use this implementation if you don't want to do certificate pinning
- * WARNING: Do not implement this in production code you are ever going to use on a network you do not entirely trust. 
- *
  */
 public class FakeTrustManager implements X509TrustManager {
-    
+
     @Override
     public java.security.cert.X509Certificate[] getAcceptedIssuers() {
         return null;