Fix lint checks around requirement of api 17

Author: Steve Shenouda

trustkit/src/main/java/com/datatheorem/android/trustkit/pinning/OkHttp2Helper.java

@@ -1,5 +1,7 @@
 package com.datatheorem.android.trustkit.pinning;
 
+import android.os.Build;
+
 import androidx.annotation.NonNull;
 import androidx.annotation.RequiresApi;
 
@@ -13,9 +15,16 @@
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.X509TrustManager;
 
-@RequiresApi(api = 17)
 public class OkHttp2Helper {
-    private static OkHttpRootTrustManager trustManager = new OkHttpRootTrustManager();
+    private static X509TrustManager trustManager;
+
+    static {
+        if (Build.VERSION.SDK_INT < 17) {
+            trustManager = SystemTrustManager.getInstance();
+        } else {
+            trustManager = new OkHttpRootTrustManager();
+        }
+    }
 
     /**
      * Retrieve an {@code SSLSSocketFactory} that implements SSL pinning validation based on the
@@ -46,7 +55,8 @@ public static SSLSocketFactory getSSLSocketFactory() {
      * later be used for Certificate Pinning.
      */
     @NonNull
+    @RequiresApi(api = 17)
     public static Interceptor getPinningInterceptor() {
-        return new OkHttp2PinningInterceptor(trustManager);
+        return new OkHttp2PinningInterceptor((OkHttpRootTrustManager)trustManager);
     }
 }

trustkit/src/main/java/com/datatheorem/android/trustkit/pinning/OkHttp3Helper.java

@@ -1,5 +1,7 @@
 package com.datatheorem.android.trustkit.pinning;
 
+import android.os.Build;
+
 import androidx.annotation.NonNull;
 import androidx.annotation.RequiresApi;
 
@@ -13,9 +15,16 @@
 import okhttp3.Interceptor;
 import okhttp3.Request;
 
-@RequiresApi(api = 17)
 public class OkHttp3Helper {
-    private static OkHttpRootTrustManager trustManager = new OkHttpRootTrustManager();
+    private static X509TrustManager trustManager;
+
+    static {
+        if (Build.VERSION.SDK_INT < 17) {
+            trustManager = SystemTrustManager.getInstance();
+        } else {
+            trustManager = new OkHttpRootTrustManager();
+        }
+    }
 
     /**
      * Retrieve an {@code SSLSSocketFactory} that implements SSL pinning validation based on the
@@ -46,15 +55,16 @@ public static SSLSocketFactory getSSLSocketFactory() {
      * Certificate Pinning.
      */
     @NonNull
+    @RequiresApi(api = 17)
     public static Interceptor getPinningInterceptor() {
-        return new OkHttp3PinningInterceptor(trustManager);
+        return new OkHttp3PinningInterceptor((OkHttpRootTrustManager)trustManager);
     }
 
     /**
      * Returns an instance of the {@link OkHttpRootTrustManager} used for Certificate Pinning.
      */
     @NonNull
-    public static OkHttpRootTrustManager getTrustManager() {
+    public static X509TrustManager getTrustManager() {
         return trustManager;
     }
 }

trustkit/src/main/java/com/datatheorem/android/trustkit/pinning/OkHttpRootTrustManager.java

@@ -1,6 +1,7 @@
 package com.datatheorem.android.trustkit.pinning;
 
 import android.net.http.X509TrustManagerExtensions;
+import android.os.Build;
 
 import androidx.annotation.NonNull;
 import androidx.annotation.RequiresApi;
@@ -19,7 +20,6 @@
  * <p>This trust manager delegates to the appropriate {@link PinningTrustManager} decided by the
  * hostname set by the {@link OkHttp3PinningInterceptor}.</p>
  */
-@RequiresApi(api = 17)
 class OkHttpRootTrustManager implements X509TrustManager {
     private final ThreadLocal<String> mServerHostname = new ThreadLocal<>();
 
@@ -33,14 +33,17 @@ public void checkServerTrusted(X509Certificate[] chain, String authType) throws
         String host = mServerHostname.get();
         DomainPinningPolicy serverConfig =
                 TrustKit.getInstance().getConfiguration().getPolicyForHostname(host);
-        //This check is needed for compatibility with the Platform default's implementation of
+        X509TrustManager trustManager = TrustKit.getInstance().getTrustManager(host);
+
+        //The first check is needed for compatibility with the Platform default's implementation of
         //the Trust Manager. For APIs 24 and greater, the Platform's default TrustManager states
         //that it requires usage of the hostname-aware version of checkServerTrusted for app's that
-        //implement Android's network_security_config file.
-        if (serverConfig == null) {
-            new X509TrustManagerExtensions(TrustKit.getInstance().getTrustManager(host)).checkServerTrusted(chain, authType, host);
+        //implement Android's network_security_config file. The 2nd check is to allow usage of the
+        //X509TrustManagerExtensions class. Any API below will default to the baseline trust manager.
+        if (serverConfig == null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
+            new X509TrustManagerExtensions(trustManager).checkServerTrusted(chain, authType, host);
         } else {
-            TrustKit.getInstance().getTrustManager(host).checkServerTrusted(chain, authType);
+            trustManager.checkServerTrusted(chain, authType);
         }
     }