summaryrefslogtreecommitdiff
path: root/app/src/main/java/se/leap
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2015-04-21 20:37:19 +0200
committerParménides GV <parmegv@sdf.org>2015-04-22 12:03:09 +0200
commite2b289726f3c1813f9fafecc94bc61a70dbdb899 (patch)
tree5a0515c13c922e91ad193694fd9550b37e37546e /app/src/main/java/se/leap
parent467abc3431e2ae148ea72e2c3b4c560473424c3f (diff)
Pinning connection to provider.json
Using AndroidPinning library from Moxie, I make sure the provider.json file Bitmask downloads is fetched from a pinned https connection, so that the api certificate fingerprint is the good one.
Diffstat (limited to 'app/src/main/java/se/leap')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/Provider.java14
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/ProviderManager.java52
2 files changed, 42 insertions, 24 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java
index ee06a586..54bfcc19 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java
@@ -32,6 +32,7 @@ public final class Provider implements Parcelable {
private JSONObject definition; // Represents our Provider's provider.json
private URL main_url;
+ private String certificate_pin;
final public static String
API_URL = "api_uri",
@@ -62,8 +63,9 @@ public final class Provider implements Parcelable {
this.main_url = main_url;
}
- public Provider(File provider_file) {
-
+ public Provider(URL main_url, String certificate_pin) {
+ this.main_url = main_url;
+ this.certificate_pin = certificate_pin;
}
public static final Parcelable.Creator<Provider> CREATOR
@@ -81,11 +83,9 @@ public final class Provider implements Parcelable {
try {
main_url = new URL(in.readString());
String definition_string = in.readString();
- if (definition_string != null)
+ if (!definition_string.isEmpty())
definition = new JSONObject((definition_string));
- } catch (MalformedURLException e) {
- e.printStackTrace();
- } catch (JSONException e) {
+ } catch (MalformedURLException | JSONException e) {
e.printStackTrace();
}
}
@@ -106,6 +106,8 @@ public final class Provider implements Parcelable {
return main_url;
}
+ protected String certificatePin() { return certificate_pin; }
+
protected String getName() {
// Should we pass the locale in, or query the system here?
String lang = Locale.getDefault().getLanguage();
diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
index 40fe8b5a..220a71c8 100644
--- a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
@@ -49,11 +49,14 @@ public class ProviderManager implements AdapteeCollection<Provider> {
Set<Provider> providers = new HashSet<Provider>();
try {
for (String file : relative_file_paths) {
- String main_url = extractMainUrlFromInputStream(assets_manager.open(directory + "/" + file));
- providers.add(new Provider(new URL(main_url)));
+ InputStream provider_file = assets_manager.open(directory + "/" + file);
+ String main_url = extractMainUrlFromInputStream(provider_file);
+ String certificate_pin = extractCertificatePinFromInputStream(provider_file);
+ if(certificate_pin.isEmpty())
+ providers.add(new Provider(new URL(main_url)));
+ else
+ providers.add(new Provider(new URL(main_url), certificate_pin));
}
- } catch (MalformedURLException e) {
- e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
@@ -75,30 +78,43 @@ public class ProviderManager implements AdapteeCollection<Provider> {
String main_url = extractMainUrlFromInputStream(new FileInputStream(external_files_dir.getAbsolutePath() + "/" + file));
providers.add(new Provider(new URL(main_url)));
}
- } catch (MalformedURLException e) {
- e.printStackTrace();
- } catch (FileNotFoundException e) {
+ } catch (MalformedURLException | FileNotFoundException e) {
e.printStackTrace();
}
return providers;
}
- private String extractMainUrlFromInputStream(InputStream input_stream_file_contents) {
+ private String extractMainUrlFromInputStream(InputStream input_stream) {
String main_url = "";
- byte[] bytes = new byte[0];
+
+ JSONObject file_contents = inputStreamToJson(input_stream);
+ if(file_contents != null)
+ main_url = file_contents.optString(Provider.MAIN_URL);
+ return main_url;
+ }
+
+ private String extractCertificatePinFromInputStream(InputStream input_stream) {
+ String certificate_pin = "";
+
+ JSONObject file_contents = inputStreamToJson(input_stream);
+ if(file_contents != null)
+ certificate_pin = file_contents.optString(Provider.CA_CERT_FINGERPRINT);
+
+ return certificate_pin;
+ }
+
+ private JSONObject inputStreamToJson(InputStream input_stream) {
+ JSONObject json = null;
try {
- bytes = new byte[input_stream_file_contents.available()];
- if (input_stream_file_contents.read(bytes) > 0) {
- JSONObject file_contents = new JSONObject(new String(bytes));
- main_url = file_contents.getString(Provider.MAIN_URL);
- }
- } catch (IOException e) {
- e.printStackTrace();
- } catch (JSONException e) {
+ byte[] bytes = new byte[input_stream.available()];
+ if (input_stream.read(bytes) > 0)
+ json = new JSONObject(new String(bytes));
+ input_stream.reset();
+ } catch (IOException | JSONException e) {
e.printStackTrace();
}
- return main_url;
+ return json;
}
public Set<Provider> providers() {