After downloading provider.json successfully, ConfigurationWizard now

can download eip-service.json and ca.crt without having the latter as a
predefined trusted certificate. It does not ask anything about trusting
the new certificate as far as selecting a custom provider means that the
user trusts that url.

Next step: make provider.json also downloadable from https address using
ca.cert not trusted.

1 files changed, 70 insertions, 0 deletions

diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index f5800a0e..b6526691 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -8,6 +8,12 @@ import java.io.FileNotFoundException;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -19,6 +25,7 @@ import android.util.Log;
 public class ConfigHelper {
     
     public static SharedPreferences shared_preferences;
+    private static KeyStore keystore_trusted;
 
 	final static String downloadJsonFilesBundleExtra = "downloadJSONFiles";
 	final static String downloadNewProviderDotJSON = "downloadNewProviderDotJSON";
@@ -90,4 +97,67 @@ public class ConfigHelper {
 			SharedPreferences shared_preferences) {
 		ConfigHelper.shared_preferences = shared_preferences;
 	}
+
+	public static void addTrustedCertificate(String provider, InputStream inputStream) {
+		CertificateFactory cf;
+		try {
+			cf = CertificateFactory.getInstance("X.509");
+			X509Certificate cert =
+					(X509Certificate)cf.generateCertificate(inputStream);
+			keystore_trusted.setCertificateEntry("provider", cert);
+		} catch (CertificateException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (KeyStoreException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+	}
+
+	public static void addTrustedCertificate(String provider, String certificate) {
+		String filename_to_save = provider + "_certificate.cer";
+		saveFile(filename_to_save, certificate);
+		CertificateFactory cf;
+		try {
+			cf = CertificateFactory.getInstance("X.509");
+			X509Certificate cert =
+					(X509Certificate)cf.generateCertificate(openFileInputStream(filename_to_save));
+			keystore_trusted.setCertificateEntry("provider", cert);
+		} catch (CertificateException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (KeyStoreException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+	}
+	
+	public static KeyStore getKeystore() {
+		return keystore_trusted;
+	}
+
+	public static void getNewKeystore(InputStream leap_keystore) {
+		try {
+			keystore_trusted = KeyStore.getInstance("BKS");
+			try {
+				// Initialize the keystore with the provided trusted certificates
+				// Also provide the password of the keystore
+				keystore_trusted.load(leap_keystore, "uer92jf".toCharArray());
+			} finally {
+				leap_keystore.close();
+			}
+		} catch (KeyStoreException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (NoSuchAlgorithmException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (CertificateException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+	}
 }