Added danger mode: we can bypass dev.bitmask.net hostname io exception.

8 files changed, 72 insertions, 11 deletions

diff --git a/res/layout/new_provider_dialog.xml b/res/layout/new_provider_dialog.xml
index 28122867..19b8f442 100644
--- a/res/layout/new_provider_dialog.xml
+++ b/res/layout/new_provider_dialog.xml
@@ -15,4 +15,10 @@
         android:layout_marginBottom="4dp"
         android:hint="@string/new_provider_uri" />
 
+    <CheckBox
+        android:id="@+id/danger_checkbox"
+        android:layout_width="wrap_content"
+        android:layout_height="wrap_content"
+        android:text="@string/danger_checkbox" />
+
 </LinearLayout>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 6e84bed2..eac73bc7 100755
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -269,5 +269,6 @@
     <string name="password_ask">Enter your password</string>
     <string name="log_in_button">Log in</string>
     <string name="login_button">Log In</string>
+    <string name="danger_checkbox">Trust completely</string>
 
 </resources>
\ No newline at end of file
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index de14eed6..78c71cc4 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -42,7 +42,8 @@ public class ConfigHelper {
 	final static String eip_service_key = "eip";
 	public static final String PREFERENCES_KEY = "LEAPPreferences";
 	public static final String user_directory = "leap_android";
-	public static String provider_main_url = "provider_main_url";
+	final public static String provider_main_url = "provider_main_url";
+	final public static String danger_on = "danger_on";
 	final public static String api_url_key = "srp_server_url";
 	final public static String username_key = "username";
 	final public static String password_key = "password";
diff --git a/src/se/leap/leapclient/ConfigurationWizard.java b/src/se/leap/leapclient/ConfigurationWizard.java
index 417752e2..9edaa288 100644
--- a/src/se/leap/leapclient/ConfigurationWizard.java
+++ b/src/se/leap/leapclient/ConfigurationWizard.java
@@ -183,7 +183,7 @@ public class ConfigurationWizard extends Activity
 	}

 

 	@Override

-	public void saveProvider(String provider_main_url) {

+	public void saveProvider(String provider_main_url, boolean danger_on) {

 		providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());

 		providerAPI_result_receiver.setReceiver(this);

 		

@@ -193,6 +193,7 @@ public class ConfigurationWizard extends Activity
 		method_and_parameters.putString(ConfigHelper.provider_main_url, provider_main_url);

 

 		provider_API_command.putExtra(ConfigHelper.downloadNewProviderDotJSON, method_and_parameters);

+		provider_API_command.putExtra(ConfigHelper.danger_on, danger_on);

 		provider_API_command.putExtra("receiver", providerAPI_result_receiver);

 		

 		startService(provider_API_command);

diff --git a/src/se/leap/leapclient/Dashboard.java b/src/se/leap/leapclient/Dashboard.java
index 815df18f..a169c9d4 100644
--- a/src/se/leap/leapclient/Dashboard.java
+++ b/src/se/leap/leapclient/Dashboard.java
@@ -18,6 +18,7 @@ import android.os.Handler;
 import android.view.Menu;
 import android.view.MenuItem;
 import android.view.View;
+import android.view.ViewGroup;
 import android.view.ViewStub;
 import android.widget.CompoundButton;
 import android.widget.Switch;
@@ -138,7 +139,8 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 			startActivity(intent);
 			return true;
 		case R.id.login_button:
-			
+			View view = ((ViewGroup)findViewById(android.R.id.content)).getChildAt(0);
+			logInDialog(view);
 			return true;
 		default:
 				return super.onOptionsItemSelected(item);
diff --git a/src/se/leap/leapclient/LogInDialog.java b/src/se/leap/leapclient/LogInDialog.java
index b9583d8a..61526c69 100644
--- a/src/se/leap/leapclient/LogInDialog.java
+++ b/src/se/leap/leapclient/LogInDialog.java
@@ -17,7 +17,7 @@ public class LogInDialog extends DialogFragment {
         public void authenticate(String username, String password);
     }
 
-	LogInDialogInterface interface_with_ConfigurationWizard;
+	LogInDialogInterface interface_with_Dashboard;
 
 	public static DialogFragment newInstance() {
 		LogInDialog dialog_fragment = new LogInDialog();
@@ -30,7 +30,7 @@ public class LogInDialog extends DialogFragment {
         // Verify that the host activity implements the callback interface
         try {
             // Instantiate the NoticeDialogListener so we can send events to the host
-        	interface_with_ConfigurationWizard = (LogInDialogInterface) activity;
+        	interface_with_Dashboard = (LogInDialogInterface) activity;
         } catch (ClassCastException e) {
             // The activity doesn't implement the interface, throw exception
             throw new ClassCastException(activity.toString()
@@ -50,7 +50,7 @@ public class LogInDialog extends DialogFragment {
 					String username = username_field.getText().toString().trim();
 					String password = password_field.getText().toString().trim();
 					if(validPassword(password)) {
-						interface_with_ConfigurationWizard.authenticate(username, password);
+						interface_with_Dashboard.authenticate(username, password);
 						Toast.makeText(getActivity().getApplicationContext(), "It seems your URL is well formed", Toast.LENGTH_LONG).show();
 					} else {
 						password_field.setText("");
@@ -68,6 +68,6 @@ public class LogInDialog extends DialogFragment {
 	}
 
 	boolean validPassword(String entered_password) {
-		return !(entered_password.length() > 8);
+		return entered_password.length() > 8;
 	}
 }
diff --git a/src/se/leap/leapclient/NewProviderDialog.java b/src/se/leap/leapclient/NewProviderDialog.java
index 88e4711c..61018463 100644
--- a/src/se/leap/leapclient/NewProviderDialog.java
+++ b/src/se/leap/leapclient/NewProviderDialog.java
@@ -8,13 +8,14 @@ import android.content.DialogInterface;
 import android.os.Bundle;
 import android.view.LayoutInflater;
 import android.view.View;
+import android.widget.CheckBox;
 import android.widget.EditText;
 import android.widget.Toast;
 
 public class NewProviderDialog extends DialogFragment {
 	
 	public interface NewProviderDialogInterface {
-        public void saveProvider(String url_provider);
+        public void saveProvider(String url_provider, boolean danger_on);
     }
 
 	NewProviderDialogInterface interface_with_ConfigurationWizard;
@@ -43,13 +44,16 @@ public class NewProviderDialog extends DialogFragment {
 		LayoutInflater inflater = getActivity().getLayoutInflater();
 		View new_provider_dialog_view = inflater.inflate(R.layout.new_provider_dialog, null);
 		final EditText url_input_field = (EditText)new_provider_dialog_view.findViewById(R.id.new_provider_url);
+		final CheckBox danger_checkbox = (CheckBox)new_provider_dialog_view.findViewById(R.id.danger_checkbox);
+		
 		builder.setView(new_provider_dialog_view)
 			.setMessage(R.string.introduce_new_provider)
 			.setPositiveButton(R.string.save, new DialogInterface.OnClickListener() {
 				public void onClick(DialogInterface dialog, int id) {
 					String entered_url = url_input_field.getText().toString().trim();
+					boolean danger_on = danger_checkbox.isChecked();
 					if(validURL(entered_url)) {
-						interface_with_ConfigurationWizard.saveProvider(entered_url);
+						interface_with_ConfigurationWizard.saveProvider(entered_url, danger_on);
 						Toast.makeText(getActivity().getApplicationContext(), "It seems your URL is well formed", Toast.LENGTH_LONG).show();
 					} else {
 						url_input_field.setText("");
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 0b114e38..63db18e1 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -9,6 +9,10 @@ import java.net.URL;
 import java.net.UnknownHostException;
 import java.util.Scanner;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
+
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.ClientProtocolException;
@@ -195,6 +199,8 @@ public class ProviderAPI extends IntentService {
 
 	private boolean downloadNewProviderDotJSON(Bundle task) {
 		boolean custom = true;
+		boolean danger_on = ((Boolean)task.get(ConfigHelper.danger_on)).booleanValue();
+		
 		String provider_main_url = (String) task.get(ConfigHelper.provider_main_url);
 		String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");
 		String provider_json_url = guessURL(provider_main_url);
@@ -203,7 +209,7 @@ public class ProviderAPI extends IntentService {
 			provider_json = getJSONFromProvider(provider_json_url);
 		} catch (IOException e) {
 			// It could happen that an https site used a certificate not trusted.
-			provider_json = downloadNewProviderDotJsonWithoutCert(provider_json_url);
+			provider_json = downloadNewProviderDotJsonWithoutCert(provider_json_url, danger_on);
 		} catch (JSONException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
@@ -223,7 +229,7 @@ public class ProviderAPI extends IntentService {
 	}
 
 	private JSONObject downloadNewProviderDotJsonWithoutCert(
-			String provider_json_url) {
+			String provider_json_url, boolean danger_on) {
 		JSONObject provider_json = null;
 		try {
 			URL provider_url = new URL(provider_json_url);
@@ -234,6 +240,12 @@ public class ProviderAPI extends IntentService {
 		} catch (UnknownHostException e1) {
 			e1.printStackTrace();
 		} catch (IOException e1) {
+			if(danger_on) {
+				provider_json = downloadNewProviderDotJsonWithoutValidate(provider_json_url);
+			}
+			else {
+				//TODO Show error message advising to check the checkbox if the url is completely trusted.
+			}
 			e1.printStackTrace();
 		} catch (JSONException e1) {
 			e1.printStackTrace();
@@ -241,6 +253,40 @@ public class ProviderAPI extends IntentService {
 		return provider_json;
 	}
 
+	private JSONObject downloadNewProviderDotJsonWithoutValidate(
+			String provider_json_url) {
+		JSONObject provider_json = null;
+		HostnameVerifier hostnameVerifier = new HostnameVerifier() {
+		    @Override
+		    public boolean verify(String hostname, SSLSession session) {
+		        HostnameVerifier hostname_verifier =
+		            HttpsURLConnection.getDefaultHostnameVerifier();
+		        return hostname_verifier.verify("", session);
+		    }
+		};
+
+		// Tell the URLConnection to use our HostnameVerifier
+		try {
+			URL url = new URL(provider_json_url);
+			HttpsURLConnection urlConnection =
+				    (HttpsURLConnection)url.openConnection();
+				urlConnection.setHostnameVerifier(hostnameVerifier);
+				String provider_json_string = new Scanner(url.openStream()).useDelimiter("\\A").next();
+				provider_json = new JSONObject(provider_json_string);
+		} catch (MalformedURLException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (JSONException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		return provider_json;
+
+	}
+
 	private String guessURL(String provider_main_url) {
 		return provider_main_url + "/provider.json";
 	}