Merge branch 'develop'

README.md

@@ -9,7 +9,7 @@ Simply add to your pom.xml:
 <dependency>
         <groupId>me.figo</groupId>
         <artifactId>sdk</artifactId>
-        <version>1.4.6</version>
+        <version>1.5.0</version>
 </dependency>
 ```
 
@@ -73,6 +73,9 @@ session.setTrustManager(trustManager);
 // now do your API calls
 ```
 
+To connect to the staging system of figo, you need to set the `FIGO_API_FINGERPRINTS` environment variable with the staging SHA256 fingerprint (`D0039EF08FBD48678671CE9DA554248163D7D94DEDF16A55F052C70AAB7BB89D`)
+
+
 A more detailed documentation of the figo connect API can be found at http://docs.figo.io.
 
 Demos

pom.xml

@@ -4,7 +4,7 @@
 
 	<groupId>me.figo</groupId>
 	<artifactId>sdk</artifactId>
-	<version>1.4.6</version>
+	<version>1.5.0</version>
 	<packaging>jar</packaging>
 
 	<name>Figo Java SDK</name>

src/main/java/me/figo/FigoApi.java

@@ -41,6 +41,7 @@
 
 import com.google.gson.Gson;
 
+import me.figo.internal.FigoSocketFactory;
 import me.figo.internal.FigoTrustManager;
 import me.figo.internal.GsonAdapter;
 
@@ -157,8 +158,9 @@ protected void setupTrustManager(HttpURLConnection connection, X509TrustManager
             try {
                 final SSLContext sc = SSLContext.getInstance("SSL");
                 sc.init(null, new TrustManager[] { trustManager }, new java.security.SecureRandom());
-                ((HttpsURLConnection) connection).setSSLSocketFactory(sc.getSocketFactory());
-            } catch (NoSuchAlgorithmException e) {
+				FigoSocketFactory figoSocketFactory = new FigoSocketFactory(sc.getSocketFactory());
+				((HttpsURLConnection) connection).setSSLSocketFactory(figoSocketFactory);
+			} catch (NoSuchAlgorithmException e) {
                 throw new IOException("Connection setup failed", e);
             } catch (KeyManagementException e) {
                 throw new IOException("Connection setup failed", e);

src/main/java/me/figo/internal/FigoSocketFactory.java

@@ -0,0 +1,64 @@
+package me.figo.internal;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+public class FigoSocketFactory extends SSLSocketFactory {
+
+	private static final String[] ENABLED_PROTOCOLS = { "TLSv1.2" };
+
+	private SSLSocketFactory isf;
+
+	public FigoSocketFactory(SSLSocketFactory factory) {
+		isf = factory;
+	}
+
+	@Override
+	public String[] getDefaultCipherSuites() {
+		return isf.getDefaultCipherSuites();
+	}
+
+	@Override
+	public String[] getSupportedCipherSuites() {
+		return isf.getSupportedCipherSuites();
+	}
+
+	@Override
+	public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException {
+		return enableProtocols(isf.createSocket(socket, host, port, autoClose));
+	}
+
+	@Override
+	public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
+		return enableProtocols(isf.createSocket(host, port));
+	}
+
+	@Override
+	public Socket createSocket(String remoteHost, int remotePort, InetAddress localHost, int localPort)
+			throws IOException, UnknownHostException {
+		return enableProtocols(isf.createSocket(remoteHost, remotePort, localHost, localPort));
+	}
+
+	@Override
+	public Socket createSocket(InetAddress host, int port) throws IOException {
+		return enableProtocols(isf.createSocket(host, port));
+	}
+
+	@Override
+	public Socket createSocket(InetAddress remoteHost, int remotePort, InetAddress localHost, int localPort)
+			throws IOException {
+		return enableProtocols(isf.createSocket(remoteHost, remotePort, localHost, localPort));
+	}
+
+	private Socket enableProtocols(Socket socket) {
+		if (socket != null && socket instanceof SSLSocket) {
+			((SSLSocket) socket).setEnabledProtocols(ENABLED_PROTOCOLS);
+		}
+		return socket;
+	}
+}

src/main/java/me/figo/internal/FigoTrustManager.java

@@ -32,16 +32,16 @@
 import java.util.List;
 
 import javax.net.ssl.X509TrustManager;
+
 import org.apache.commons.codec.binary.Hex;
 
 public class FigoTrustManager implements X509TrustManager {
 
     private static final List<String> VALID_FINGERPRINTS = new ArrayList<String>(Arrays.asList(
-            "38AE4A326F16EA1581338BB0D8E4A635E727F107",                                                     
-            "DBE2E9158FC9903084FE36CAA61138D85A205D93"));
+            "070F14AEB94AFB3DF800E82B69A8515CEED2F5B1BA897BEF6432458F61CF9E33"));
 
     /**
-     * @return the list of trusted certificate fingerprints using SHA1
+     * @return the list of trusted certificate fingerprints using SHA256
      */
     public static List<String> getTrustedFingerprints() {
         return VALID_FINGERPRINTS;
@@ -50,7 +50,7 @@ public static List<String> getTrustedFingerprints() {
     /**
      * Add a fingerprint to the trusted list, e.g. when using a custom figo deployment.
      * 
-     * @param fingerprint the SHA1 hash of the SSL certificate in upper case
+     * @param fingerprint the SHA256 hash of the SSL certificate in upper case
      */
     public static void addTrustedFingerprint(String fingerprint) {
         VALID_FINGERPRINTS.add(fingerprint);
@@ -71,15 +71,15 @@ public void checkServerTrusted(X509Certificate[] certs, String authType) throws
             throw new CertificateException("No certificate found");
         } else {
             String thumbprint = getThumbPrint(certs[0]);
-            if (!VALID_FINGERPRINTS.contains(thumbprint) && !this.getFingerprintsFromEnv().contains(thumbprint)){
-                throw new CertificateException();
+			if (!VALID_FINGERPRINTS.contains(thumbprint) && !getFingerprintsFromEnv().contains(thumbprint)) {
+                throw new CertificateException("Fingerprint does not match certificate");
             }
         }
     }
 
     private static String getThumbPrint(X509Certificate cert) {
         try {
-            MessageDigest md = MessageDigest.getInstance("SHA-1");
+            MessageDigest md = MessageDigest.getInstance("SHA-256");
             byte[] der = cert.getEncoded();
             md.update(der);
             byte[] digest = md.digest();
@@ -93,6 +93,9 @@ private static String getThumbPrint(X509Certificate cert) {
 
     private static List<String> getFingerprintsFromEnv()    {
         String fingerprintList = System.getenv("FIGO_API_FINGERPRINTS");
-        return Arrays.asList(fingerprintList.split(":"));
+        if(fingerprintList!=null)
+        	return Arrays.asList(fingerprintList.split(":"));
+        else
+        	return new ArrayList<>();
     }
 }

src/test/java/me/figo/SessionTest.java

@@ -31,9 +31,6 @@
 import java.util.HashMap;
 import java.util.List;
 
-import org.junit.Before;
-import org.junit.Test;
-
 import me.figo.internal.FakeTrustManager;
 import me.figo.models.Account;
 import me.figo.models.Notification;
@@ -44,13 +41,18 @@
 import me.figo.models.Transaction;
 import me.figo.models.User;
 
+import org.junit.Before;
+import org.junit.Test;
+
 public class SessionTest {
 
     FigoSession sut = null;
 
     @Before
     public void setUp() throws Exception {
-        sut = new FigoSession("ASHWLIkouP2O6_bgA2wWReRhletgWKHYjLqDaqb0LFfamim9RjexTo22ujRIP_cjLiRiSyQXyt2kM1eXU2XLFZQ0Hro15HikJQT_eNeT_9XQ");
+		sut = new FigoSession(
+				"ASHWLIkouP2O6_bgA2wWReRhletgWKHYjLqDaqb0LFfamim9RjexTo22ujRIP_cjLiRiSyQXyt2kM1eXU2XLFZQ0Hro15HikJQT_eNeT_9XQ",
+				30000);
     }
 
     @Test
@@ -140,7 +142,7 @@ public void testGetErrorMessage() throws IOException {
             fail(acc.getName());
         }
         catch(FigoException e)  {
-            assertEquals("Entry not found.", e.getErrorMessage());
+			assertEquals("Entry not found.", e.getErrorMessage());
             assertEquals(null, e.getErrorDescription());
         }
     }