diff options
author | Parménides GV <parmegv@sdf.org> | 2013-06-13 21:12:24 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2013-06-13 21:12:24 +0200 |
commit | bffd21a326bcb86d814dd3fe2caf5295ea705f2d (patch) | |
tree | 6465b9816f90c1a7bf216aed62ccca63652563ed | |
parent | a4e731679c3e28eefd839da45b76130a0de29112 (diff) |
Bypasses self signed certificates.
It's working against cdev.bitmask.net and bitmask.net. Look at #2840 for
further explanation about self signed certificates.
I've also removed some file dependant configuration (when a provider was
custom, ConfigurationWizard still tried to read from file a
provider.json that now I store in memory via ProviderItem class).
-rw-r--r-- | src/se/leap/leapclient/ConfigurationWizard.java | 3 | ||||
-rw-r--r-- | src/se/leap/leapclient/ProviderAPI.java | 126 | ||||
-rw-r--r-- | src/se/leap/leapclient/ProviderListContent.java | 2 |
3 files changed, 94 insertions, 37 deletions
diff --git a/src/se/leap/leapclient/ConfigurationWizard.java b/src/se/leap/leapclient/ConfigurationWizard.java index 1dc00938..6f26adcc 100644 --- a/src/se/leap/leapclient/ConfigurationWizard.java +++ b/src/se/leap/leapclient/ConfigurationWizard.java @@ -188,8 +188,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn // FIXME!! We should we be updating our seeded providers list at ConfigurationWizard onStart() ?
// I think yes, but if so, where does this list live? leap.se, as it's the non-profit project for the software?
// If not, we should just be getting names/urls, and fetching the provider.json like in custom entries
- provider_contents = new Scanner(ConfigHelper.openFileInputStream(current_provider_item.provider_json_filename)).useDelimiter("\\A").next();
- provider_json = new JSONObject(provider_contents);
+ provider_json = current_provider_item.provider_json;
ConfigHelper.saveSharedPref(ConfigHelper.PROVIDER_KEY, provider_json);
ConfigHelper.saveSharedPref(ConfigHelper.ALLOWED_ANON, provider_json.getJSONObject(ConfigHelper.SERVICE_KEY).getBoolean(ConfigHelper.ALLOWED_ANON));
ConfigHelper.saveSharedPref(ConfigHelper.DANGER_ON, current_provider_item.danger_on);
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index 471eb6cf..f98e4361 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -26,6 +26,8 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; @@ -247,34 +249,6 @@ public class ProviderAPI extends IntentService { return true; } - - private String getStringFromProviderWithoutValidate( - URL provider_json_url) { - - String json_string = ""; - HostnameVerifier hostnameVerifier = new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - }; - - // Tell the URLConnection to use our HostnameVerifier - try { - HttpsURLConnection urlConnection = - (HttpsURLConnection)provider_json_url.openConnection(); - urlConnection.setHostnameVerifier(hostnameVerifier); - json_string = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next(); - } catch (MalformedURLException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - json_string = getStringFromProviderWithCACertAdded(provider_json_url); - //e.printStackTrace(); - } - return json_string; - } private String getStringFromProvider(String string_url, boolean danger_on) { @@ -307,25 +281,56 @@ public class ProviderAPI extends IntentService { return json_file_content; } + private String getStringFromProviderWithoutValidate( + URL provider_json_url) { + + String json_string = ""; + HostnameVerifier hostnameVerifier = new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; + + try { + HttpsURLConnection urlConnection = + (HttpsURLConnection)provider_json_url.openConnection(); + urlConnection.setHostnameVerifier(hostnameVerifier); + json_string = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next(); + } catch (MalformedURLException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + json_string = getStringFromProviderWithCACertAdded(provider_json_url); + //e.printStackTrace(); + } + + return json_string; + } + private String getStringFromProviderWithCACertAdded(URL url) { String json_file_content = ""; - + // Load CAs from an InputStream // (could be from a resource or ByteArrayInputStream or ...) + String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.MAIN_CERT_KEY); + if(cert_string.isEmpty()) { + cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt"); + ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string); + } CertificateFactory cf; try { cf = CertificateFactory.getInstance("X.509"); - String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.MAIN_CERT_KEY); cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim(); byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT); InputStream caInput = new ByteArrayInputStream(cert_bytes); java.security.cert.Certificate ca; try { - ca = cf.generateCertificate(caInput); - System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); + ca = cf.generateCertificate(caInput); + System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN()); } finally { - caInput.close(); + caInput.close(); } // Create a KeyStore containing our trusted CAs @@ -345,7 +350,7 @@ public class ProviderAPI extends IntentService { // Tell the URLConnection to use a SocketFactory from our SSLContext HttpsURLConnection urlConnection = - (HttpsURLConnection)url.openConnection(); + (HttpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); json_file_content = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next(); } catch (CertificateException e) { @@ -364,10 +369,61 @@ public class ProviderAPI extends IntentService { // TODO Auto-generated catch block e.printStackTrace(); } - return json_file_content; } + private String downloadCertificateWithoutTrusting(String certificate_url_string) { + + String cert_string = ""; + HostnameVerifier hostnameVerifier = new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }; + + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return null; + } + public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) { + } + public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) { + } + } + }; + + try { + URL certificate_url = new URL(certificate_url_string); + HttpsURLConnection urlConnection = + (HttpsURLConnection)certificate_url.openConnection(); + urlConnection.setHostnameVerifier(hostnameVerifier); + + SSLContext sc = SSLContext.getInstance("TLS"); + sc.init(null, trustAllCerts, new java.security.SecureRandom()); + + urlConnection.setSSLSocketFactory(sc.getSocketFactory()); + + cert_string = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next(); + + } catch (MalformedURLException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // This should never happen + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (KeyManagementException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + return cert_string; + } + private JSONObject getJSONFromProvider(String json_url, boolean danger_on) throws JSONException { String json_file_content = getStringFromProvider(json_url, danger_on); return new JSONObject(json_file_content); diff --git a/src/se/leap/leapclient/ProviderListContent.java b/src/se/leap/leapclient/ProviderListContent.java index 10dce578..4cf0a5ff 100644 --- a/src/se/leap/leapclient/ProviderListContent.java +++ b/src/se/leap/leapclient/ProviderListContent.java @@ -40,6 +40,7 @@ public class ProviderListContent { public String id;
public String name;
public String provider_json_url;
+ public JSONObject provider_json;
public String provider_json_filename;
public String eip_service_json_url;
public String cert_json_url;
@@ -83,6 +84,7 @@ public class ProviderListContent { id = name;
this.name = name;
this.provider_json_url = provider_json_url;
+ this.provider_json = provider_json;
eip_service_json_url = provider_json.getString("api_uri") + "/" + provider_json.getString("api_version") + "/" + ConfigHelper.EIP_SERVICE_API_PATH;
cert_json_url = (String) provider_json.get("ca_cert_uri");
this.custom = custom;
|