summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-02-04 18:44:38 +0100
committerParménides GV <parmegv@sdf.org>2013-02-04 18:44:38 +0100
commit8ab36864e2a393df077073f8618a4fc55c307522 (patch)
tree10c071d54d8b97f929194a8429d413a9e962c5ea
parentd2bd18ef560d95974117604af899b3a9fcc16dab (diff)
Secure HTTP working with certificates downloaded from api.bitmask.net
and bitmask.net. Both prefs are downloaded and parsed to SharedPreferences.
-rw-r--r--res/raw/leapkeystore.bksbin0 -> 2866 bytes
-rw-r--r--src/se/leap/leapclient/ConfigHelper.java1
-rw-r--r--src/se/leap/leapclient/LeapHttpClient.java58
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java35
4 files changed, 72 insertions, 22 deletions
diff --git a/res/raw/leapkeystore.bks b/res/raw/leapkeystore.bks
new file mode 100644
index 00000000..56f6758b
--- /dev/null
+++ b/res/raw/leapkeystore.bks
Binary files differ
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index 174ff79f..9b857b0d 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -1,5 +1,6 @@
package se.leap.leapclient;
+
import org.json.JSONException;
import org.json.JSONObject;
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java
new file mode 100644
index 00000000..41cb7879
--- /dev/null
+++ b/src/se/leap/leapclient/LeapHttpClient.java
@@ -0,0 +1,58 @@
+package se.leap.leapclient;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.PlainSocketFactory;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.SingleClientConnManager;
+
+import android.content.Context;
+
+public class LeapHttpClient extends DefaultHttpClient {
+ final Context context;
+
+ public LeapHttpClient(Context context) {
+ this.context = context;
+ }
+
+ @Override
+ protected ClientConnectionManager createClientConnectionManager() {
+ SchemeRegistry registry = new SchemeRegistry();
+ registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
+ // Register for port 443 our SSLSocketFactory with our keystore
+ // to the ConnectionManager
+ registry.register(new Scheme("https", newSslSocketFactory(), 443));
+ return new SingleClientConnManager(getParams(), registry);
+ }
+
+ private SSLSocketFactory newSslSocketFactory() {
+ try {
+ // Get an instance of the Bouncy Castle KeyStore format
+ KeyStore trusted = KeyStore.getInstance("BKS");
+ // Get the raw resource, which contains the keystore with
+ // your trusted certificates (root and any intermediate certs)
+ InputStream in = context.getResources().openRawResource(R.raw.leapkeystore);
+ try {
+ // Initialize the keystore with the provided trusted certificates
+ // Also provide the password of the keystore
+ trusted.load(in, "uer92jf".toCharArray());
+ } finally {
+ in.close();
+ }
+ // Pass the keystore to the SSLSocketFactory. The factory is responsible
+ // for the verification of the server certificate.
+ SSLSocketFactory sf = new SSLSocketFactory(trusted);
+ // Hostname verification from certificate
+ // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
+ sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+ return sf;
+ } catch (Exception e) {
+ throw new AssertionError(e);
+ }
+ }
+}
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 40638180..d487ebe3 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -1,15 +1,12 @@
package se.leap.leapclient;
-import java.io.BufferedInputStream;
import java.io.IOException;
-import java.io.InputStream;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.net.URLConnection;
import java.util.Scanner;
-import javax.net.ssl.HttpsURLConnection;
-
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.DefaultHttpClient;
import org.json.JSONException;
import org.json.JSONObject;
@@ -48,23 +45,17 @@ public class ProviderAPI extends IntentService {
}
private JSONObject getFromProvider(String json_url) throws IOException, JSONException {
- URL url = new URL(json_url);
+
String json_file_content = "";
- URLConnection urlConnection = null;
- if (url.getProtocol().equalsIgnoreCase("https")) {
- urlConnection = (HttpsURLConnection) url.openConnection();
- } else if (url.getProtocol().equalsIgnoreCase("http")) {
- urlConnection = (HttpURLConnection) url.openConnection();
- }
-
- try {
- InputStream in = new BufferedInputStream(
- urlConnection.getInputStream());
- json_file_content = new Scanner(in).useDelimiter("\\A").next();
- } finally {
- ((HttpURLConnection) urlConnection).disconnect();
- }
+ DefaultHttpClient client = new LeapHttpClient(getApplicationContext());
+ HttpGet get = new HttpGet(json_url);
+ // Execute the GET call and obtain the response
+ HttpResponse getResponse = client.execute(get);
+ HttpEntity responseEntity = getResponse.getEntity();
+
+ json_file_content = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
+
return new JSONObject(json_file_content);
}