From 10c5d151d3e027b79681b989d10cdfa8b51c9008 Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Mon, 18 Nov 2019 19:12:04 +0100
Subject: [PATCH] delete cached posh file after not being able to verify

---
 .../services/MemorizingTrustManager.java       | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java b/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java
index c393a9f22..bb028f96c 100644
--- a/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java
+++ b/src/main/java/eu/siacs/conversations/services/MemorizingTrustManager.java
@@ -179,7 +179,7 @@ public class MemorizingTrustManager {
 		File dir = app.getDir(KEYSTORE_DIR, Context.MODE_PRIVATE);
 		keyStoreFile = new File(dir + File.separator + KEYSTORE_FILE);
 
-		poshCacheDir = app.getFilesDir().getAbsolutePath()+"/posh_cache/";
+		poshCacheDir = app.getCacheDir().getAbsolutePath()+"/posh_cache/";
 
 		appKeyStore = loadAppKeyStore();
 	}
@@ -427,14 +427,18 @@ public class MemorizingTrustManager {
 			} catch (CertificateException e) {
 				boolean trustSystemCAs = !PreferenceManager.getDefaultSharedPreferences(master).getBoolean("dont_trust_system_cas", false);
 				if (domain != null && isServer && trustSystemCAs && !isIp(domain)) {
-					String hash = getBase64Hash(chain[0],"SHA-256");
-					List<String> fingerprints = getPoshFingerprints(domain);
-					if (hash != null && fingerprints.contains(hash)) {
-						Log.d("mtm","trusted cert fingerprint of "+domain+" via posh");
-						return;
+					final String hash = getBase64Hash(chain[0],"SHA-256");
+					final List<String> fingerprints = getPoshFingerprints(domain);
+					if (hash != null && fingerprints.size() > 0) {
+						if (fingerprints.contains(hash)) {
+							Log.d("mtm","trusted cert fingerprint of "+domain+" via posh");
+							return;
+						}
+						if (getPoshCacheFile(domain).delete()) {
+							Log.d("mtm", "deleted posh file for "+domain+" after not being able to verify");
+						}
 					}
 				}
-				e.printStackTrace();
 				if (interactive) {
 					interactCert(chain, authType, e);
 				} else {