Refactor TLSCertificatePinning certInputStream Accessor (#1036)

* Refactor TLSCertificatePinning to initialize certs only once and move exception annotation to proper location.

* Update CHANGELOG.

* Create new ByteArrayInputStream using factory method so that both BraintreeHttpClient and BraintreeGraphQLClient can have their own certificate byte array input stream.

BraintreeCore/src/main/java/com/braintreepayments/api/BraintreeGraphQLClient.kt

@@ -1,6 +1,7 @@
 package com.braintreepayments.api
 
 import java.util.Locale
+import javax.net.ssl.SSLException
 
 internal class BraintreeGraphQLClient(
     private val httpClient: HttpClient = createDefaultHttpClient()
@@ -78,8 +79,10 @@ internal class BraintreeGraphQLClient(
 
     companion object {
 
+        @Throws(SSLException::class)
         private fun createDefaultHttpClient(): HttpClient {
-            val socketFactory = TLSSocketFactory(TLSCertificatePinning.certInputStream)
+            val socketFactory =
+                TLSSocketFactory(TLSCertificatePinning.createCertificateInputStream())
             return HttpClient(socketFactory, BraintreeGraphQLResponseParser())
         }
     }

BraintreeCore/src/main/java/com/braintreepayments/api/BraintreeHttpClient.kt

@@ -4,6 +4,7 @@ import android.net.Uri
 import com.braintreepayments.api.HttpClient.RetryStrategy
 import org.json.JSONException
 import org.json.JSONObject
+import javax.net.ssl.SSLException
 
 /**
  * Network request class that handles Braintree request specifics and threading.
@@ -178,8 +179,10 @@ internal class BraintreeHttpClient(
         private const val USER_AGENT_HEADER = "User-Agent"
         private const val CLIENT_KEY_HEADER = "Client-Key"
 
+        @Throws(SSLException::class)
         private fun createDefaultHttpClient(): HttpClient {
-            val socketFactory = TLSSocketFactory(TLSCertificatePinning.certInputStream)
+            val socketFactory =
+                TLSSocketFactory(TLSCertificatePinning.createCertificateInputStream())
             return HttpClient(socketFactory, BraintreeHttpResponseParser())
         }
     }

BraintreeCore/src/main/java/com/braintreepayments/api/TLSCertificatePinning.kt

@@ -1,9 +1,7 @@
 package com.braintreepayments.api
 
 import java.io.ByteArrayInputStream
-import java.io.InputStream
 import java.nio.charset.StandardCharsets
-import javax.net.ssl.SSLException
 
 /**
  * THIS CODE IS GENERATED BY 'codify_certificates.sh' in Braintree Github Enterprise repo
@@ -714,7 +712,7 @@ CkPa1mnI2g7vVq2d66WZmpsDtY1EwUya7vmZTxw7BFlntV7lrVxPLhUbq1wJGIbT
 uEnXgUGZxnLYZfCNsC/UAQxvKKpxBLWus/n1InM/97HfA31WJsvQ
 -----END CERTIFICATE-----"""
 
-    @get:Throws(SSLException::class)
-    val certInputStream: InputStream
-        get() = ByteArrayInputStream(CERTIFICATES.toByteArray(StandardCharsets.UTF_8))
+    private val certificateByteArray = CERTIFICATES.toByteArray(StandardCharsets.UTF_8)
+
+    fun createCertificateInputStream() = ByteArrayInputStream(certificateByteArray)
 }

CHANGELOG.md

@@ -8,6 +8,7 @@
   * Fix `PayPalNativeCheckoutAccountNonce` Null Pointer Exception by ensuring that all `@NonNull` values are initialized with a non-null value.
 * BraintreeCore
   * Use TLS 1.3 for all HTTP requests, when available
+  * Refactor TLSCertificatePinning `certInputStream` property to initialize a `ByteArrayInputStream` once instead of every time the property is accessed.
 
 ## 4.47.0 (2024-06-06)
 

SharedUtils/src/main/java/com/braintreepayments/api/TLSSocketFactory.java

@@ -13,7 +13,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
-import java.util.Collections;
 
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;