8827 - discussion

* validate urls before changing anything in Provider.define()
* save private key and vpn cert after login/signup

1 files changed, 7 insertions, 1 deletions

diff --git a/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java b/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java
index d57dfe6d..1c5247c0 100644
--- a/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java
+++ b/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java
@@ -52,10 +52,12 @@ import static se.leap.bitmaskclient.Constants.BROADCAST_RESULT_KEY;
 import static se.leap.bitmaskclient.Constants.PROVIDER_KEY;
 import static se.leap.bitmaskclient.Constants.PROVIDER_VPN_CERTIFICATE;
 import static se.leap.bitmaskclient.DownloadFailedDialog.DOWNLOAD_ERRORS.ERROR_CERTIFICATE_PINNING;
+import static se.leap.bitmaskclient.DownloadFailedDialog.DOWNLOAD_ERRORS.ERROR_CORRUPTED_PROVIDER_JSON;
 import static se.leap.bitmaskclient.ProviderAPI.ERRORS;
 import static se.leap.bitmaskclient.R.string.certificate_error;
 import static se.leap.bitmaskclient.R.string.malformed_url;
 import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_cert;
+import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_details;
 
 /**
  * Created by cyberta on 04.01.18.
@@ -145,7 +147,11 @@ public class ProviderApiManager extends ProviderApiManagerBase {
         try {
             JSONObject providerJson = new JSONObject(providerDotJsonString);
 
-            provider.define(providerJson);
+            if (provider.define(providerJson)) {
+                result.putBoolean(BROADCAST_RESULT_KEY, true);
+            } else {
+                return setErrorResult(result, warning_corrupted_provider_details, ERROR_CORRUPTED_PROVIDER_JSON.toString());
+            }
 
             result.putBoolean(BROADCAST_RESULT_KEY, true);
         } catch (JSONException e) {