diff options
author | Parménides GV <parmegv@sdf.org> | 2015-04-22 12:32:57 +0200 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2015-04-22 12:32:57 +0200 |
commit | e5e9ac6e43b9cdec0f362711bb33747ab73fc297 (patch) | |
tree | 8728c5416b29ca4b66438eb64d06f974f0117e37 /app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java | |
parent | 467abc3431e2ae148ea72e2c3b4c560473424c3f (diff) | |
parent | 7d6d55cb62fcdc1e3a36f2634f0399b2d77db263 (diff) |
Merge branch 'feature/bitmask-for-android-should-pin-some-prooviders-ca's-cert-fingerprint#6877' into develop
Diffstat (limited to 'app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java')
-rw-r--r-- | app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java | 43 |
1 files changed, 39 insertions, 4 deletions
diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index 890262ce..a96556bc 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -34,6 +34,7 @@ import javax.net.ssl.*; import org.apache.http.client.*; import org.json.*; +import org.thoughtcrime.ssl.pinning.util.*; import se.leap.bitmaskclient.ProviderListContent.ProviderItem; import se.leap.bitmaskclient.eip.*; @@ -87,6 +88,7 @@ public class ProviderAPI extends IntentService { private static boolean go_ahead = true; private static SharedPreferences preferences; private static String provider_api_url; + private static String provider_ca_cert_fingerprint; private Resources resources; public static void stop() { @@ -504,13 +506,19 @@ public class ProviderAPI extends IntentService { Bundle current_download = new Bundle(); if (task != null && task.containsKey(Provider.MAIN_URL)) { - last_provider_main_url = task.getString(Provider.MAIN_URL); + last_provider_main_url = task.containsKey(Provider.MAIN_URL) ? + task.getString(Provider.MAIN_URL) : + ""; + provider_ca_cert_fingerprint = task.containsKey(Provider.CA_CERT_FINGERPRINT) ? + task.getString(Provider.CA_CERT_FINGERPRINT) : + ""; + CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false; go_ahead = true; } if (!PROVIDER_JSON_DOWNLOADED) - current_download = getAndSetProviderJson(last_provider_main_url); + current_download = getAndSetProviderJson(last_provider_main_url, provider_ca_cert_fingerprint); if (PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { broadcastProgress(progress++); PROVIDER_JSON_DOWNLOADED = true; @@ -602,11 +610,16 @@ public class ProviderAPI extends IntentService { return hexData.toString(); } - private Bundle getAndSetProviderJson(String provider_main_url) { + private Bundle getAndSetProviderJson(String provider_main_url, String provider_ca_cert_fingerprint) { Bundle result = new Bundle(); if (go_ahead) { - String provider_dot_json_string = downloadWithCommercialCA(provider_main_url + "/provider.json"); + String provider_dot_json_string; + + if(provider_ca_cert_fingerprint.isEmpty()) + provider_dot_json_string = downloadWithCommercialCA(provider_main_url + "/provider.json"); + else + provider_dot_json_string = downloadWithCommercialCA(provider_main_url + "/provider.json", provider_ca_cert_fingerprint); try { JSONObject provider_json = new JSONObject(provider_dot_json_string); @@ -672,6 +685,28 @@ public class ProviderAPI extends IntentService { return error_message; } + private String downloadWithCommercialCA(String url_string, String ca_cert_fingerprint) { + String result = ""; + + int seconds_of_timeout = 2; + String[] pins = new String[] {ca_cert_fingerprint}; + try { + URL url = new URL(url_string); + HttpsURLConnection connection = PinningHelper.getPinnedHttpsURLConnection(Dashboard.getContext(), pins, url); + connection.setConnectTimeout(seconds_of_timeout * 1000); + if (!LeapSRPSession.getToken().isEmpty()) + connection.addRequestProperty(LeapSRPSession.AUTHORIZATION_HEADER, "Token token = " + LeapSRPSession.getToken()); + result = new Scanner(connection.getInputStream()).useDelimiter("\\A").next(); + } catch (IOException e) { + if(e instanceof SSLHandshakeException) + result = formatErrorMessage(R.string.error_security_pinnedcertificate); + else + result = formatErrorMessage(R.string.error_io_exception_user_message); + } + + return result; + } + /** * Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider. * |