summaryrefslogtreecommitdiff
path: root/src/se/leap/leapclient/LeapHttpClient.java
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-02-04 18:44:38 +0100
committerParménides GV <parmegv@sdf.org>2013-02-04 18:44:38 +0100
commit8ab36864e2a393df077073f8618a4fc55c307522 (patch)
tree10c071d54d8b97f929194a8429d413a9e962c5ea /src/se/leap/leapclient/LeapHttpClient.java
parentd2bd18ef560d95974117604af899b3a9fcc16dab (diff)
Secure HTTP working with certificates downloaded from api.bitmask.net
and bitmask.net. Both prefs are downloaded and parsed to SharedPreferences.
Diffstat (limited to 'src/se/leap/leapclient/LeapHttpClient.java')
-rw-r--r--src/se/leap/leapclient/LeapHttpClient.java58
1 files changed, 58 insertions, 0 deletions
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java
new file mode 100644
index 00000000..41cb7879
--- /dev/null
+++ b/src/se/leap/leapclient/LeapHttpClient.java
@@ -0,0 +1,58 @@
+package se.leap.leapclient;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.PlainSocketFactory;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.SingleClientConnManager;
+
+import android.content.Context;
+
+public class LeapHttpClient extends DefaultHttpClient {
+ final Context context;
+
+ public LeapHttpClient(Context context) {
+ this.context = context;
+ }
+
+ @Override
+ protected ClientConnectionManager createClientConnectionManager() {
+ SchemeRegistry registry = new SchemeRegistry();
+ registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
+ // Register for port 443 our SSLSocketFactory with our keystore
+ // to the ConnectionManager
+ registry.register(new Scheme("https", newSslSocketFactory(), 443));
+ return new SingleClientConnManager(getParams(), registry);
+ }
+
+ private SSLSocketFactory newSslSocketFactory() {
+ try {
+ // Get an instance of the Bouncy Castle KeyStore format
+ KeyStore trusted = KeyStore.getInstance("BKS");
+ // Get the raw resource, which contains the keystore with
+ // your trusted certificates (root and any intermediate certs)
+ InputStream in = context.getResources().openRawResource(R.raw.leapkeystore);
+ try {
+ // Initialize the keystore with the provided trusted certificates
+ // Also provide the password of the keystore
+ trusted.load(in, "uer92jf".toCharArray());
+ } finally {
+ in.close();
+ }
+ // Pass the keystore to the SSLSocketFactory. The factory is responsible
+ // for the verification of the server certificate.
+ SSLSocketFactory sf = new SSLSocketFactory(trusted);
+ // Hostname verification from certificate
+ // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
+ sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+ return sf;
+ } catch (Exception e) {
+ throw new AssertionError(e);
+ }
+ }
+}