New certificates are added without creating files

LeapHttpClient can fetch the main CA certificate downloaded from the provider and add it to its in-memory keystore, without saving the certificate in a file. This is a very important feature, I think it can be cherry picked (it has little modifications, and very localized). It's very important because authentication does not work without this bug fix in the latest branches, because I removed the code that saved the certificate in a file but didn't test the authentication part.
author: Parménides GV <parmegv@sdf.org> 2013-07-02 19:38:48 +0200
committer: Sean Leonard <meanderingcode@aetherislands.net> 2013-07-12 14:27:04 -0600
commit: dacf638f7dd15e291cdb23a6cf8317e1dd80ed29 (patch)
tree: 4cb589d197781c1d2ee6f427a9ca239b8abeb3f2
parent: 4dcdb0a2a50722e008395e54ff9228c1d39c231e (diff)
2 files changed, 35 insertions, 22 deletions
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index 007db95c..c5a37be5 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -1,5 +1,6 @@
 package se.leap.leapclient;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -19,6 +20,7 @@ import org.json.JSONObject;
 import android.content.Context;
 import android.content.SharedPreferences;
 import android.os.Environment;
+import android.util.Base64;
 
 /**
  * Stores constants, and implements auxiliary methods used across all LEAP Android classes.
@@ -256,6 +258,31 @@ public class ConfigHelper {
 			SharedPreferences shared_preferences) {
 		ConfigHelper.shared_preferences = shared_preferences;
 	}
+	
+	public static X509Certificate parseX509CertificateFromString(String certificate_string) {
+		java.security.cert.Certificate certificate = null;
+		CertificateFactory cf;
+		try {
+			cf = CertificateFactory.getInstance("X.509");
+
+			certificate_string = certificate_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
+			byte[] cert_bytes = Base64.decode(certificate_string, Base64.DEFAULT);
+			InputStream caInput =  new ByteArrayInputStream(cert_bytes);
+			try {
+				certificate = cf.generateCertificate(caInput);
+				System.out.println("ca=" + ((X509Certificate) certificate).getSubjectDN());
+			} finally {
+				caInput.close();
+			}
+		} catch (CertificateException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (IOException e) {
+			return null;
+		}
+		
+		return (X509Certificate) certificate;
+	}
 
 	/**
 	 * Adds a new X509 certificate given its input stream and its provider name
@@ -284,26 +311,23 @@ public class ConfigHelper {
 	 * @param certificate
 	 */
 	public static void addTrustedCertificate(String provider, String certificate) {
-		String filename_to_save = provider + "_certificate.cer";
-		CertificateFactory cf;
+
 		try {
-			cf = CertificateFactory.getInstance("X.509");
-			X509Certificate cert =
-					(X509Certificate)cf.generateCertificate(openFileInputStream(filename_to_save));
+			X509Certificate cert = ConfigHelper.parseX509CertificateFromString(certificate);
 			if(keystore_trusted == null) {
 				keystore_trusted = KeyStore.getInstance("BKS");
 				keystore_trusted.load(null);
 			}
 			keystore_trusted.setCertificateEntry(provider, cert);
-		} catch (CertificateException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
 		} catch (KeyStoreException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
 		} catch (NoSuchAlgorithmException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
+		} catch (CertificateException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
 		} catch (IOException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index f3ea5f2e..25a14bb5 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -452,21 +452,10 @@ public class ProviderAPI extends IntentService {
 		if(cert_string.isEmpty()) {
 			cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt");
 			ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string);
-		} 
-		CertificateFactory cf;
+		}
+		
 		try {
-			cf = CertificateFactory.getInstance("X.509");
-
-			cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
-			byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT);
-			InputStream caInput =  new ByteArrayInputStream(cert_bytes);
-			java.security.cert.Certificate dangerous_certificate;
-			try {
-				dangerous_certificate = cf.generateCertificate(caInput);
-				System.out.println("dangerous certificate =" + ((X509Certificate) dangerous_certificate).getSubjectDN());
-			} finally {
-				caInput.close();
-			}
+			java.security.cert.Certificate dangerous_certificate = ConfigHelper.parseX509CertificateFromString(cert_string);
 
 			// Create a KeyStore containing our trusted CAs
 			String keyStoreType = KeyStore.getDefaultType();
author	Parménides GV <parmegv@sdf.org>	2013-07-02 19:38:48 +0200
committer	Sean Leonard <meanderingcode@aetherislands.net>	2013-07-12 14:27:04 -0600
commit	dacf638f7dd15e291cdb23a6cf8317e1dd80ed29 (patch)
tree	4cb589d197781c1d2ee6f427a9ca239b8abeb3f2
parent	4dcdb0a2a50722e008395e54ff9228c1d39c231e (diff)