Merge branch 'develop' of ssh://leap.se:22/bitmask_android into develop

author: cyBerta <richy@cyborgsociety.org> 2013-12-20 18:37:13 +0100
committer: cyBerta <richy@cyborgsociety.org> 2013-12-20 18:37:13 +0100
commit: 8bc035e5785b8a14c26cdb6ab409242b66554992 (patch)
tree: 3abe8236fe9789b0aebcf50b4cf3c7ebfe0605e1 /src/se/leap/bitmaskclient/ProviderAPI.java
parent: a651099981ddc9ed5c17a25b2bb618b161cec048 (diff)
parent: 3f5d756fa1a37dba00c400ca2a6197af5af1071e (diff)
1 files changed, 87 insertions, 167 deletions
diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java
index 871a20dd..2a1cd29b 100644
--- a/src/se/leap/bitmaskclient/ProviderAPI.java
+++ b/src/se/leap/bitmaskclient/ProviderAPI.java
@@ -36,6 +36,7 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
@@ -68,7 +69,6 @@ import android.os.Handler;
 import android.os.ResultReceiver;
 import android.util.Base64;
 import android.util.Log;
-import android.widget.ProgressBar;
 import android.widget.Toast;
 
 /**
@@ -85,8 +85,7 @@ public class ProviderAPI extends IntentService {
 	private Handler mHandler;
 
     final public static String
-    DOWNLOAD_JSON_FILES_BUNDLE_EXTRA = "downloadJSONFiles",	
-    UPDATE_PROVIDER_DOTJSON = "updateProviderDotJSON",
+    SET_UP_PROVIDER = "setUpProvider",
     DOWNLOAD_NEW_PROVIDER_DOTJSON = "downloadNewProviderDotJSON",
     SRP_REGISTER = "srpRegister",
     SRP_AUTH = "srpAuth",
@@ -98,14 +97,13 @@ public class ProviderAPI extends IntentService {
     SESSION_ID_COOKIE_KEY = "session_id_cookie_key",
     SESSION_ID_KEY = "session_id",
     ERRORS = "errors",
-    UPDATE_ACTION = "update_action",
-    UPDATE_DATA = "update data"
+    UPDATE_PROGRESSBAR = "update_action",
+    CURRENT_PROGRESS = "update data",
+    TAG = "provider_api_tag"
     ;
 
     final public static int
     CUSTOM_PROVIDER_ADDED = 0,
-    CORRECTLY_DOWNLOADED_JSON_FILES = 1,
-    INCORRECTLY_DOWNLOADED_JSON_FILES = 2,
     SRP_AUTHENTICATION_SUCCESSFUL = 3,
     SRP_AUTHENTICATION_FAILED = 4,
     SRP_REGISTRATION_SUCCESSFUL = 5,
@@ -114,8 +112,8 @@ public class ProviderAPI extends IntentService {
     LOGOUT_FAILED = 8,
     CORRECTLY_DOWNLOADED_CERTIFICATE = 9,
     INCORRECTLY_DOWNLOADED_CERTIFICATE = 10,
-    CORRECTLY_UPDATED_PROVIDER_DOT_JSON = 11,
-    INCORRECTLY_UPDATED_PROVIDER_DOT_JSON = 12,
+    PROVIDER_OK = 11,
+    PROVIDER_NOK = 12,
     CORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 13,
     INCORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 14
     ;
@@ -142,26 +140,12 @@ public class ProviderAPI extends IntentService {
 		String action = command.getAction();
 		Bundle parameters = command.getBundleExtra(PARAMETERS);
 		
-		if(action.equalsIgnoreCase(DOWNLOAD_JSON_FILES_BUNDLE_EXTRA)) {
-			Bundle result = downloadJsonFiles(parameters);
+		if(action.equalsIgnoreCase(SET_UP_PROVIDER)) {
+			Bundle result = setUpProvider(parameters);
 			if(result.getBoolean(RESULT_KEY)) {
-				receiver.send(CORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY);
-			} else {
-				receiver.send(INCORRECTLY_DOWNLOADED_JSON_FILES, result);
-			}
-		} else if(action.equalsIgnoreCase(UPDATE_PROVIDER_DOTJSON)) {
-			Bundle result = updateProviderDotJSON(parameters);
-			if(result.getBoolean(RESULT_KEY)) {
-				receiver.send(CORRECTLY_UPDATED_PROVIDER_DOT_JSON, result);
+				receiver.send(PROVIDER_OK, result);
 			} else { 
-				receiver.send(INCORRECTLY_UPDATED_PROVIDER_DOT_JSON, Bundle.EMPTY);
-			}
-		} else if (action.equalsIgnoreCase(DOWNLOAD_NEW_PROVIDER_DOTJSON)) {
-			Bundle result = downloadNewProviderDotJSON(parameters);
-			if(result.getBoolean(RESULT_KEY)) {
-				receiver.send(CORRECTLY_UPDATED_PROVIDER_DOT_JSON, result);
-			} else {
-				receiver.send(INCORRECTLY_DOWNLOADED_JSON_FILES, result);
+				receiver.send(PROVIDER_NOK, Bundle.EMPTY);
 			}
 		} else if (action.equalsIgnoreCase(SRP_AUTH)) {
 			Bundle session_id_bundle = authenticateBySRP(parameters);
@@ -184,63 +168,6 @@ public class ProviderAPI extends IntentService {
 			}
 		}
 	}
-
-	/**
-	 * Downloads the main cert and the eip-service.json files given through the task parameter
-	 * @param task
-	 * @return true if eip-service.json was parsed as a JSON object correctly.
-	 */
-	private Bundle downloadJsonFiles(Bundle task) {
-		Bundle result = new Bundle();
-		String cert_url = task.getString(Provider.CA_CERT);
-		String eip_service_json_url = task.getString(EIP.KEY);
-		boolean danger_on = task.getBoolean(ProviderItem.DANGER_ON);
-		try {
-			String cert_string = downloadWithCommercialCA(cert_url, danger_on);
-
-			if(ConfigHelper.checkErroneousDownload(cert_string)) {
-				JSONObject possible_errors = new JSONObject(cert_string);
-				String reason_to_fail = "";
-				if(cert_string.isEmpty())
-					reason_to_fail = "Empty certificate downloaded";
-				else
-				reason_to_fail = possible_errors.getString(ERRORS);
-				result.putString(ERRORS, reason_to_fail);
-				result.putBoolean(RESULT_KEY, false);
-			} else {
-				X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string);
-				cert_string = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
-				ConfigHelper.saveSharedPref(Provider.CA_CERT, "-----BEGIN CERTIFICATE-----\n"+cert_string+"-----END CERTIFICATE-----");
-			}
-		} catch (JSONException e) {
-			e.printStackTrace();
-			result.putBoolean(RESULT_KEY, false);
-		} catch (CertificateException e) {
-			// TODO Auto-generated catch block
-			e.printStackTrace();
-			result.putBoolean(RESULT_KEY, false);
-		}
-
-		try {
-			String eip_service_string = downloadWithCommercialCA(eip_service_json_url, danger_on);
-			JSONObject eip_service_json = new JSONObject(eip_service_string);
-			if(eip_service_json.has(ERRORS)) {
-				String reason_to_fail = eip_service_json.getString(ERRORS);
-				result.putString(ERRORS, reason_to_fail);
-				result.putBoolean(RESULT_KEY, false);
-			}
-			else {
-				ConfigHelper.saveSharedPref(EIP.KEY, eip_service_json);
-				ConfigHelper.saveSharedPref(EIP.PARSED_SERIAL, 0);
-			}
-
-			result.putBoolean(RESULT_KEY, true);
-		} catch (JSONException e) {
-			result.putBoolean(RESULT_KEY, false);
-		}
-		
-		return result;
-	}
 	
 	/**
 	 * Starts the authentication process using SRP protocol.
@@ -339,9 +266,9 @@ public class ProviderAPI extends IntentService {
 	 */
 	private void broadcast_progress(int progress) {
 		Intent intentUpdate = new Intent();
-		intentUpdate.setAction(UPDATE_ACTION);
+		intentUpdate.setAction(UPDATE_PROGRESSBAR);
 		intentUpdate.addCategory(Intent.CATEGORY_DEFAULT);
-		intentUpdate.putExtra(UPDATE_DATA, progress);
+		intentUpdate.putExtra(CURRENT_PROGRESS, progress);
 		sendBroadcast(intentUpdate);
 	}
 
@@ -492,85 +419,85 @@ public class ProviderAPI extends IntentService {
 	 * @param task containing a boolean meaning if the provider is custom or not, another boolean meaning if the user completely trusts this provider, the provider name and its provider.json url.
 	 * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if the update was successful. 
 	 */
-	private Bundle updateProviderDotJSON(Bundle task) {
+	private Bundle setUpProvider(Bundle task) {
 		Bundle result = new Bundle();
-		boolean custom = task.getBoolean(ProviderItem.CUSTOM);
+		int progress = 0;
 		boolean danger_on = task.getBoolean(ProviderItem.DANGER_ON);
-		String provider_json_url = task.getString(Provider.DOT_JSON_URL);
-		String provider_name = task.getString(Provider.NAME);
+		String provider_main_url = task.getString(Provider.MAIN_URL);
+		if(downloadCACert(provider_main_url, danger_on)) {
+			broadcast_progress(progress++);
+			result.putBoolean(RESULT_KEY, true);
+			if(getAndSetProviderJson(provider_main_url)) {
+				broadcast_progress(progress++);
+				if(getAndSetEipServiceJson())
+					broadcast_progress(progress++);
+			}
+		}
+		return result;
+	}
+	
+	private boolean downloadCACert(String provider_main_url, boolean danger_on) {
+		String cert_string = downloadWithCommercialCA(provider_main_url + "/ca.crt", danger_on);
+		if(validCertificate(cert_string))
+			ConfigHelper.saveSharedPref(Provider.CA_CERT, cert_string);
+		else
+			return false;
 		
-		try {
-			String provider_dot_json_string = downloadWithCommercialCA(provider_json_url, danger_on);
-			if(provider_dot_json_string.isEmpty()) {
-				result.putBoolean(RESULT_KEY, false);
-			} else {
-				JSONObject provider_json = new JSONObject(provider_dot_json_string);
-				if(provider_json.has(ERRORS)) {
-					String reason_to_fail = provider_json.getString(ERRORS);
-					result.putString(ERRORS, reason_to_fail);
-					result.putBoolean(RESULT_KEY, false);
-				} else {
-					ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON));
-
-					//ProviderListContent.addItem(new ProviderItem(provider_name, provider_json_url, provider_json, custom, danger_on));
-					result.putBoolean(RESULT_KEY, true);
-					result.putString(Provider.KEY, provider_json.toString());
-					result.putBoolean(ProviderItem.DANGER_ON, danger_on);
-				}
+		return true;
+	}
+	
+	private boolean validCertificate(String cert_string) {
+		boolean result = false;
+		if(!ConfigHelper.checkErroneousDownload(cert_string)) {
+			X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string);
+			try {
+				Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
+				result = true;
+			} catch (CertificateEncodingException e) {
+				Log.d(TAG, e.getLocalizedMessage());
 			}
-		} catch (JSONException e) {
-			result.putBoolean(RESULT_KEY, false);
 		}
 		
 		return result;
 	}
+	
+	private boolean getAndSetProviderJson(String provider_main_url) {
+		boolean result = false;
 
-	/**
-	 * Downloads a custom provider provider.json file
-	 * @param task containing a boolean meaning if the user completely trusts this provider, and the provider main url entered in the new custom provider dialog.
-	 * @return true if provider.json file was successfully parsed as a JSON object.
-	 */
-	private Bundle downloadNewProviderDotJSON(Bundle task) {
-		Bundle result = new Bundle();
-		boolean custom = true;
-		boolean danger_on = task.getBoolean(ProviderItem.DANGER_ON);
-		
-		String provider_main_url = (String) task.get(Provider.MAIN_URL);
-		String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");
-		String provider_json_url = guessProviderDotJsonURL(provider_main_url);
-		
-		String provider_json_string = downloadWithCommercialCA(provider_json_url, danger_on);
-		try {
-			if(provider_json_string.isEmpty()) {
-				result.putBoolean(RESULT_KEY, false);
-			} else {
-				JSONObject provider_json = new JSONObject(provider_json_string);
+		String provider_dot_json_string = downloadWithProviderCA(provider_main_url + "/provider.json", true);
 
-				if(provider_json.has(ERRORS)) {
-					String reason_to_fail = provider_json.getString(ERRORS);
-					result.putString(ERRORS, reason_to_fail);
-					result.putBoolean(RESULT_KEY, false);
-				} else {
-					ConfigHelper.saveSharedPref(Provider.KEY, provider_json);
-					ConfigHelper.saveSharedPref(ProviderItem.DANGER_ON, danger_on);
-					ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON));
-					ProviderItem added_provider = new ProviderItem(provider_name, provider_json_url, provider_json, custom, danger_on);
-					ProviderListContent.addItem(added_provider);
-
-					result.putString(Provider.NAME, added_provider.getName());
-					result.putBoolean(RESULT_KEY, true);
-					result.putString(Provider.KEY, provider_json.toString());
-					result.putBoolean(ProviderItem.DANGER_ON, danger_on);
-				}
-			}
+		try {
+			JSONObject provider_json = new JSONObject(provider_dot_json_string);
+			String name = provider_json.getString(Provider.NAME);
+			//TODO setProviderName(name);
+			
+			ConfigHelper.saveSharedPref(Provider.KEY, provider_json);
+			ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON));
+			ProviderItem added_provider = new ProviderItem(name, provider_main_url);
+			
+			result = true;
 		} catch (JSONException e) {
-			result.putBoolean(RESULT_KEY, false);
-			result.putString(ERRORS, "Corrupt download");
 		}
-		
 		return result;
 	}
+
 	
+	private boolean getAndSetEipServiceJson() {
+		boolean result = false;
+
+		try {
+			JSONObject provider_json = ConfigHelper.getJsonFromSharedPref(Provider.KEY);
+			String eip_service_url = provider_json.getString(Provider.API_URL) +  "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH;
+			String eip_service_json_string = downloadWithProviderCA(eip_service_url, true);
+			JSONObject eip_service_json = new JSONObject(eip_service_json_string);
+			eip_service_json.getInt(Provider.API_RETURN_SERIAL);
+
+			ConfigHelper.saveSharedPref(EIP.KEY, eip_service_json);
+			result = true;
+		} catch (JSONException e) {
+		}
+		return result;
+	}
 	/**
 	 * Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider.
 	 * 
@@ -596,13 +523,13 @@ public class ProviderAPI extends IntentService {
 			json_file_content = formatErrorMessage(R.string.server_is_down_message);
 		} catch (IOException e) {
 			if(provider_url != null) {
-				json_file_content = downloadWithProviderCA(provider_url, danger_on);
+				json_file_content = downloadWithProviderCA(string_url, danger_on);
 			} else {
 				json_file_content = formatErrorMessage(R.string.certificate_error);
 			}
 		} catch (Exception e) {
 			if(provider_url != null && danger_on) {
-				json_file_content = downloadWithProviderCA(provider_url, danger_on);
+				json_file_content = downloadWithProviderCA(string_url, danger_on);
 			}
 		}
 
@@ -610,15 +537,16 @@ public class ProviderAPI extends IntentService {
 	}
 
 	/**
-	 * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider.
-	 * @param url
+	 * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. 
+	 * @param url as a string
 	 * @param danger_on true to download CA certificate in case it has not been downloaded.
 	 * @return an empty string if it fails, the url content if not. 
 	 */
-	private String downloadWithProviderCA(URL url, boolean danger_on) {
+	private String downloadWithProviderCA(String url_string, boolean danger_on) {
 		String json_file_content = "";
 
 		try {
+			URL url = new URL(url_string);
 			// Tell the URLConnection to use a SocketFactory from our SSLContext
 			HttpsURLConnection urlConnection =
 					(HttpsURLConnection)url.openConnection();
@@ -632,7 +560,7 @@ public class ProviderAPI extends IntentService {
 		} catch (IOException e) {
 			// The downloaded certificate doesn't validate our https connection.
 			if(danger_on) {
-				json_file_content = downloadWithoutCA(url);
+				json_file_content = downloadWithoutCA(url_string);
 			} else {
 				json_file_content = formatErrorMessage(R.string.certificate_error);
 			}
@@ -675,7 +603,7 @@ public class ProviderAPI extends IntentService {
 	/**
 	 * Downloads the string that's in the url with any certificate.
 	 */
-	private String downloadWithoutCA(URL url) {
+	private String downloadWithoutCA(String url_string) {
 		String string = "";
 		try {
 
@@ -703,6 +631,7 @@ public class ProviderAPI extends IntentService {
 			SSLContext context = SSLContext.getInstance("TLS");
 			context.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
 
+			URL url = new URL(url_string);
 			HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
 			urlConnection.setSSLSocketFactory(context.getSocketFactory());
 			urlConnection.setHostnameVerifier(hostnameVerifier);
@@ -724,15 +653,6 @@ public class ProviderAPI extends IntentService {
 		}
 		return string;
 	}
-
-	/**
-	 * Tries to guess the provider.json url given the main provider url.
-	 * @param provider_main_url
-	 * @return the guessed provider.json url
-	 */
-	private String guessProviderDotJsonURL(String provider_main_url) {
-		return provider_main_url + "/provider.json";
-	}
 	
 	/**
 	 * Logs out from the api url retrieved from the task.
@@ -794,7 +714,7 @@ public class ProviderAPI extends IntentService {
 			String new_cert_string_url = provider_main_url.toString() + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE;
 
 			boolean danger_on = ConfigHelper.getBoolFromSharedPref(ProviderItem.DANGER_ON);
-			String cert_string = downloadWithCommercialCA(new_cert_string_url, danger_on);
+			String cert_string = downloadWithProviderCA(new_cert_string_url, true);
 			if(!cert_string.isEmpty()) {
 				if(ConfigHelper.checkErroneousDownload(cert_string)) {
 					String reason_to_fail = provider_json.getString(ERRORS);
author	cyBerta <richy@cyborgsociety.org>	2013-12-20 18:37:13 +0100
committer	cyBerta <richy@cyborgsociety.org>	2013-12-20 18:37:13 +0100
commit	8bc035e5785b8a14c26cdb6ab409242b66554992 (patch)
tree	3abe8236fe9789b0aebcf50b4cf3c7ebfe0605e1 /src/se/leap/bitmaskclient/ProviderAPI.java
parent	a651099981ddc9ed5c17a25b2bb618b161cec048 (diff)
parent	3f5d756fa1a37dba00c400ca2a6197af5af1071e (diff)