diff options
author | cyBerta <cyberta@riseup.net> | 2018-01-04 13:23:58 +0100 |
---|---|---|
committer | cyBerta <cyberta@riseup.net> | 2018-01-04 13:23:58 +0100 |
commit | 81a732702f7b3125ac543f92d8a5ec33cce972fe (patch) | |
tree | 26cec1d4d553e84abe29dd030b2c59e32f6aa2ef /app/src/main/java/se/leap | |
parent | 67c375afcd7d2e62cdf761f4934860938ae29235 (diff) |
8773 preseeded providers implementation for insecure flavor
Diffstat (limited to 'app/src/main/java/se/leap')
4 files changed, 82 insertions, 21 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java b/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java index 1d675499..2c169e3d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java +++ b/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java @@ -216,6 +216,8 @@ public abstract class BaseConfigurationWizard extends Activity String provider_json_string = preferences.getString(Provider.KEY, ""); if (!provider_json_string.isEmpty()) selected_provider.define(new JSONObject(provider_json_string)); + String caCert = preferences.getString(Provider.CA_CERT, ""); + selected_provider.setCACert(caCert); } catch (JSONException e) { e.printStackTrace(); } @@ -301,6 +303,20 @@ public abstract class BaseConfigurationWizard extends Activity preferences.edit().remove(Provider.KEY).remove(Constants.PROVIDER_ALLOW_ANONYMOUS).remove(Constants.PROVIDER_KEY).apply(); } + @Override + public void updateProviderDetails() { + mConfigState.setAction(SETTING_UP_PROVIDER); + Intent provider_API_command = new Intent(this, ProviderAPI.class); + + provider_API_command.setAction(ProviderAPI.UPDATE_PROVIDER_DETAILS); + provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver); + Bundle parameters = new Bundle(); + parameters.putString(Provider.MAIN_URL, selected_provider.getMainUrl().toString()); + provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters); + + startService(provider_API_command); + } + private void askDashboardToQuitApp() { Intent ask_quit = new Intent(); ask_quit.putExtra(Dashboard.ACTION_QUIT, Dashboard.ACTION_QUIT); diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java index 71a0e149..ae07bc25 100644 --- a/app/src/main/java/se/leap/bitmaskclient/Provider.java +++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java @@ -70,14 +70,18 @@ public final class Provider implements Parcelable { this.mainUrl.setUrl(mainUrl); } - public Provider(URL mainUrl, String caCert, /*String certificatePin,*/ String definition) { + public Provider(URL mainUrl, String caCert, String definition) { this.mainUrl.setUrl(mainUrl); - this.caCert = caCert; - try { - this.definition = new JSONObject(definition); - parseDefinition(this.definition); - } catch (JSONException e) { - e.printStackTrace(); + if (caCert != null) { + this.caCert = caCert; + } + if (definition != null) { + try { + this.definition = new JSONObject(definition); + parseDefinition(this.definition); + } catch (JSONException | NullPointerException e) { + e.printStackTrace(); + } } } diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java b/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java index dfc48bee..0013d2c2 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java +++ b/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java @@ -665,9 +665,6 @@ public abstract class ProviderApiBase extends IntentService { try { response = okHttpClient.newCall(request).execute(); - if (!response.isSuccessful()){ - return formatErrorMessage(error_json_exception_user_message); - } InputStream inputStream = response.body().byteStream(); Scanner scanner = new Scanner(inputStream).useDelimiter("\\A"); @@ -760,6 +757,42 @@ public abstract class ProviderApiBase extends IntentService { return result; } + protected void checkPersistedProviderUpdates() { + String providerDomain = getProviderDomain(providerDefinition); + if (hasUpdatedProviderDetails(providerDomain)) { + providerCaCert = getPersistedProviderCA(providerDomain); + providerDefinition = getPersistedProviderDefinition(providerDomain); + providerCaCertFingerprint = getPersistedCaCertFingerprint(providerDomain); + providerApiUrl = getApiUrlWithVersion(providerDefinition); + } + } + + protected Bundle validateProviderDetails() { + Bundle result = validateCertificateForProvider(providerCaCert, providerDefinition, lastProviderMainUrl); + + //invalid certificate or no certificate + if (result.containsKey(ERRORS) || (result.containsKey(RESULT_KEY) && !result.getBoolean(RESULT_KEY)) ) { + return result; + } + + //valid certificate: skip download, save loaded provider CA cert and provider definition directly + try { + preferences.edit().putString(Provider.KEY, providerDefinition.toString()). + putBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS, providerDefinition.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS)). + putBoolean(Constants.PROVIDER_ALLOWED_REGISTERED, providerDefinition.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOWED_REGISTERED)). + putString(Provider.CA_CERT, providerCaCert).commit(); + CA_CERT_DOWNLOADED = true; + PROVIDER_JSON_DOWNLOADED = true; + result.putBoolean(RESULT_KEY, true); + } catch (JSONException e) { + e.printStackTrace(); + result.putBoolean(RESULT_KEY, false); + result = setErrorResult(result, getString(R.string.warning_corrupted_provider_details), ERROR_CORRUPTED_PROVIDER_JSON.toString()); + } + + return result; + } + protected Bundle validateCertificateForProvider(String cert_string, JSONObject providerDefinition, String mainUrl) { Bundle result = new Bundle(); result.putBoolean(RESULT_KEY, false); diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java index cf703631..92d5da9f 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java +++ b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java @@ -58,19 +58,27 @@ public class ProviderManager implements AdapteeCollection<Provider> { private Set<Provider> providersFromAssets(String directory, String[] relative_file_paths) { Set<Provider> providers = new HashSet<Provider>(); - try { - for (String file : relative_file_paths) { - String provider = file.substring(0, file.length() - ".url".length()); - InputStream provider_file = assets_manager.open(directory + "/" + file); - String mainUrl = extractMainUrlFromInputStream(provider_file); - String certificate = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".pem")); - String providerDefinition = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".json")); - providers.add(new Provider(new URL(mainUrl), certificate, providerDefinition)); + for (String file : relative_file_paths) { + String mainUrl = null; + String certificate = null; + String providerDefinition = null; + try { + String provider = file.substring(0, file.length() - ".url".length()); + InputStream provider_file = assets_manager.open(directory + "/" + file); + mainUrl = extractMainUrlFromInputStream(provider_file); + certificate = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".pem")); + providerDefinition = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".json")); + } catch (IOException e) { + e.printStackTrace(); + } + try { + providers.add(new Provider(new URL(mainUrl), certificate, providerDefinition)); + } catch (MalformedURLException e) { + e.printStackTrace(); + } } - } catch (IOException e) { - e.printStackTrace(); - } + return providers; } |