diff options
author | Parménides GV <parmegv@sdf.org> | 2013-02-04 18:44:38 +0100 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2013-02-04 18:44:38 +0100 |
commit | 8ab36864e2a393df077073f8618a4fc55c307522 (patch) | |
tree | 10c071d54d8b97f929194a8429d413a9e962c5ea | |
parent | d2bd18ef560d95974117604af899b3a9fcc16dab (diff) |
Secure HTTP working with certificates downloaded from api.bitmask.net
and bitmask.net.
Both prefs are downloaded and parsed to SharedPreferences.
-rw-r--r-- | res/raw/leapkeystore.bks | bin | 0 -> 2866 bytes | |||
-rw-r--r-- | src/se/leap/leapclient/ConfigHelper.java | 1 | ||||
-rw-r--r-- | src/se/leap/leapclient/LeapHttpClient.java | 58 | ||||
-rw-r--r-- | src/se/leap/leapclient/ProviderAPI.java | 35 |
4 files changed, 72 insertions, 22 deletions
diff --git a/res/raw/leapkeystore.bks b/res/raw/leapkeystore.bks Binary files differnew file mode 100644 index 00000000..56f6758b --- /dev/null +++ b/res/raw/leapkeystore.bks diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java index 174ff79f..9b857b0d 100644 --- a/src/se/leap/leapclient/ConfigHelper.java +++ b/src/se/leap/leapclient/ConfigHelper.java @@ -1,5 +1,6 @@ package se.leap.leapclient; + import org.json.JSONException; import org.json.JSONObject; diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java new file mode 100644 index 00000000..41cb7879 --- /dev/null +++ b/src/se/leap/leapclient/LeapHttpClient.java @@ -0,0 +1,58 @@ +package se.leap.leapclient; + +import java.io.InputStream; +import java.security.KeyStore; + +import org.apache.http.conn.ClientConnectionManager; +import org.apache.http.conn.scheme.PlainSocketFactory; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.conn.SingleClientConnManager; + +import android.content.Context; + +public class LeapHttpClient extends DefaultHttpClient { + final Context context; + + public LeapHttpClient(Context context) { + this.context = context; + } + + @Override + protected ClientConnectionManager createClientConnectionManager() { + SchemeRegistry registry = new SchemeRegistry(); + registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); + // Register for port 443 our SSLSocketFactory with our keystore + // to the ConnectionManager + registry.register(new Scheme("https", newSslSocketFactory(), 443)); + return new SingleClientConnManager(getParams(), registry); + } + + private SSLSocketFactory newSslSocketFactory() { + try { + // Get an instance of the Bouncy Castle KeyStore format + KeyStore trusted = KeyStore.getInstance("BKS"); + // Get the raw resource, which contains the keystore with + // your trusted certificates (root and any intermediate certs) + InputStream in = context.getResources().openRawResource(R.raw.leapkeystore); + try { + // Initialize the keystore with the provided trusted certificates + // Also provide the password of the keystore + trusted.load(in, "uer92jf".toCharArray()); + } finally { + in.close(); + } + // Pass the keystore to the SSLSocketFactory. The factory is responsible + // for the verification of the server certificate. + SSLSocketFactory sf = new SSLSocketFactory(trusted); + // Hostname verification from certificate + // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 + sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); + return sf; + } catch (Exception e) { + throw new AssertionError(e); + } + } +} diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index 40638180..d487ebe3 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -1,15 +1,12 @@ package se.leap.leapclient; -import java.io.BufferedInputStream; import java.io.IOException; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.net.URL; -import java.net.URLConnection; import java.util.Scanner; -import javax.net.ssl.HttpsURLConnection; - +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.impl.client.DefaultHttpClient; import org.json.JSONException; import org.json.JSONObject; @@ -48,23 +45,17 @@ public class ProviderAPI extends IntentService { } private JSONObject getFromProvider(String json_url) throws IOException, JSONException { - URL url = new URL(json_url); + String json_file_content = ""; - URLConnection urlConnection = null; - if (url.getProtocol().equalsIgnoreCase("https")) { - urlConnection = (HttpsURLConnection) url.openConnection(); - } else if (url.getProtocol().equalsIgnoreCase("http")) { - urlConnection = (HttpURLConnection) url.openConnection(); - } - - try { - InputStream in = new BufferedInputStream( - urlConnection.getInputStream()); - json_file_content = new Scanner(in).useDelimiter("\\A").next(); - } finally { - ((HttpURLConnection) urlConnection).disconnect(); - } + DefaultHttpClient client = new LeapHttpClient(getApplicationContext()); + HttpGet get = new HttpGet(json_url); + // Execute the GET call and obtain the response + HttpResponse getResponse = client.execute(get); + HttpEntity responseEntity = getResponse.getEntity(); + + json_file_content = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next(); + return new JSONObject(json_file_content); } |