diff options
author | Parménides GV <parmegv@sdf.org> | 2013-02-04 18:44:38 +0100 |
---|---|---|
committer | Parménides GV <parmegv@sdf.org> | 2013-02-04 18:44:38 +0100 |
commit | 8ab36864e2a393df077073f8618a4fc55c307522 (patch) | |
tree | 10c071d54d8b97f929194a8429d413a9e962c5ea /src/se/leap/leapclient/LeapHttpClient.java | |
parent | d2bd18ef560d95974117604af899b3a9fcc16dab (diff) |
Secure HTTP working with certificates downloaded from api.bitmask.net
and bitmask.net.
Both prefs are downloaded and parsed to SharedPreferences.
Diffstat (limited to 'src/se/leap/leapclient/LeapHttpClient.java')
-rw-r--r-- | src/se/leap/leapclient/LeapHttpClient.java | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java new file mode 100644 index 00000000..41cb7879 --- /dev/null +++ b/src/se/leap/leapclient/LeapHttpClient.java @@ -0,0 +1,58 @@ +package se.leap.leapclient; + +import java.io.InputStream; +import java.security.KeyStore; + +import org.apache.http.conn.ClientConnectionManager; +import org.apache.http.conn.scheme.PlainSocketFactory; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.conn.ssl.SSLSocketFactory; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.conn.SingleClientConnManager; + +import android.content.Context; + +public class LeapHttpClient extends DefaultHttpClient { + final Context context; + + public LeapHttpClient(Context context) { + this.context = context; + } + + @Override + protected ClientConnectionManager createClientConnectionManager() { + SchemeRegistry registry = new SchemeRegistry(); + registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); + // Register for port 443 our SSLSocketFactory with our keystore + // to the ConnectionManager + registry.register(new Scheme("https", newSslSocketFactory(), 443)); + return new SingleClientConnManager(getParams(), registry); + } + + private SSLSocketFactory newSslSocketFactory() { + try { + // Get an instance of the Bouncy Castle KeyStore format + KeyStore trusted = KeyStore.getInstance("BKS"); + // Get the raw resource, which contains the keystore with + // your trusted certificates (root and any intermediate certs) + InputStream in = context.getResources().openRawResource(R.raw.leapkeystore); + try { + // Initialize the keystore with the provided trusted certificates + // Also provide the password of the keystore + trusted.load(in, "uer92jf".toCharArray()); + } finally { + in.close(); + } + // Pass the keystore to the SSLSocketFactory. The factory is responsible + // for the verification of the server certificate. + SSLSocketFactory sf = new SSLSocketFactory(trusted); + // Hostname verification from certificate + // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 + sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER); + return sf; + } catch (Exception e) { + throw new AssertionError(e); + } + } +} |