New certificates are added without creating files

LeapHttpClient can fetch the main CA certificate downloaded from the
provider and add it to its in-memory keystore, without saving the
certificate in a file.

This is a very important feature, I think it can be cherry picked (it has
little modifications, and very localized).
It's very important because authentication does not work without this
bug fix in the latest branches, because I removed the code that saved
the certificate in a file but didn't test the authentication part.

1 files changed, 3 insertions, 14 deletions

diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index f3ea5f2e..25a14bb5 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -452,21 +452,10 @@ public class ProviderAPI extends IntentService {
 		if(cert_string.isEmpty()) {
 			cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt");
 			ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string);
-		} 
-		CertificateFactory cf;
+		}
+		
 		try {
-			cf = CertificateFactory.getInstance("X.509");
-
-			cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
-			byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT);
-			InputStream caInput =  new ByteArrayInputStream(cert_bytes);
-			java.security.cert.Certificate dangerous_certificate;
-			try {
-				dangerous_certificate = cf.generateCertificate(caInput);
-				System.out.println("dangerous certificate =" + ((X509Certificate) dangerous_certificate).getSubjectDN());
-			} finally {
-				caInput.close();
-			}
+			java.security.cert.Certificate dangerous_certificate = ConfigHelper.parseX509CertificateFromString(cert_string);
 
 			// Create a KeyStore containing our trusted CAs
 			String keyStoreType = KeyStore.getDefaultType();