summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-06-13 21:12:24 +0200
committerParménides GV <parmegv@sdf.org>2013-06-13 21:12:24 +0200
commitbffd21a326bcb86d814dd3fe2caf5295ea705f2d (patch)
tree6465b9816f90c1a7bf216aed62ccca63652563ed /src
parenta4e731679c3e28eefd839da45b76130a0de29112 (diff)
Bypasses self signed certificates.
It's working against cdev.bitmask.net and bitmask.net. Look at #2840 for further explanation about self signed certificates. I've also removed some file dependant configuration (when a provider was custom, ConfigurationWizard still tried to read from file a provider.json that now I store in memory via ProviderItem class).
Diffstat (limited to 'src')
-rw-r--r--src/se/leap/leapclient/ConfigurationWizard.java3
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java126
-rw-r--r--src/se/leap/leapclient/ProviderListContent.java2
3 files changed, 94 insertions, 37 deletions
diff --git a/src/se/leap/leapclient/ConfigurationWizard.java b/src/se/leap/leapclient/ConfigurationWizard.java
index 1dc00938..6f26adcc 100644
--- a/src/se/leap/leapclient/ConfigurationWizard.java
+++ b/src/se/leap/leapclient/ConfigurationWizard.java
@@ -188,8 +188,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
// FIXME!! We should we be updating our seeded providers list at ConfigurationWizard onStart() ?
// I think yes, but if so, where does this list live? leap.se, as it's the non-profit project for the software?
// If not, we should just be getting names/urls, and fetching the provider.json like in custom entries
- provider_contents = new Scanner(ConfigHelper.openFileInputStream(current_provider_item.provider_json_filename)).useDelimiter("\\A").next();
- provider_json = new JSONObject(provider_contents);
+ provider_json = current_provider_item.provider_json;
ConfigHelper.saveSharedPref(ConfigHelper.PROVIDER_KEY, provider_json);
ConfigHelper.saveSharedPref(ConfigHelper.ALLOWED_ANON, provider_json.getJSONObject(ConfigHelper.SERVICE_KEY).getBoolean(ConfigHelper.ALLOWED_ANON));
ConfigHelper.saveSharedPref(ConfigHelper.DANGER_ON, current_provider_item.danger_on);
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 471eb6cf..f98e4361 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -26,6 +26,8 @@ import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
@@ -247,34 +249,6 @@ public class ProviderAPI extends IntentService {
return true;
}
-
- private String getStringFromProviderWithoutValidate(
- URL provider_json_url) {
-
- String json_string = "";
- HostnameVerifier hostnameVerifier = new HostnameVerifier() {
- @Override
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
- };
-
- // Tell the URLConnection to use our HostnameVerifier
- try {
- HttpsURLConnection urlConnection =
- (HttpsURLConnection)provider_json_url.openConnection();
- urlConnection.setHostnameVerifier(hostnameVerifier);
- json_string = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next();
- } catch (MalformedURLException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- json_string = getStringFromProviderWithCACertAdded(provider_json_url);
- //e.printStackTrace();
- }
- return json_string;
- }
private String getStringFromProvider(String string_url, boolean danger_on) {
@@ -307,25 +281,56 @@ public class ProviderAPI extends IntentService {
return json_file_content;
}
+ private String getStringFromProviderWithoutValidate(
+ URL provider_json_url) {
+
+ String json_string = "";
+ HostnameVerifier hostnameVerifier = new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ };
+
+ try {
+ HttpsURLConnection urlConnection =
+ (HttpsURLConnection)provider_json_url.openConnection();
+ urlConnection.setHostnameVerifier(hostnameVerifier);
+ json_string = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next();
+ } catch (MalformedURLException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ json_string = getStringFromProviderWithCACertAdded(provider_json_url);
+ //e.printStackTrace();
+ }
+
+ return json_string;
+ }
+
private String getStringFromProviderWithCACertAdded(URL url) {
String json_file_content = "";
-
+
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
+ String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.MAIN_CERT_KEY);
+ if(cert_string.isEmpty()) {
+ cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt");
+ ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string);
+ }
CertificateFactory cf;
try {
cf = CertificateFactory.getInstance("X.509");
- String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.MAIN_CERT_KEY);
cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT);
InputStream caInput = new ByteArrayInputStream(cert_bytes);
java.security.cert.Certificate ca;
try {
- ca = cf.generateCertificate(caInput);
- System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
+ ca = cf.generateCertificate(caInput);
+ System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
- caInput.close();
+ caInput.close();
}
// Create a KeyStore containing our trusted CAs
@@ -345,7 +350,7 @@ public class ProviderAPI extends IntentService {
// Tell the URLConnection to use a SocketFactory from our SSLContext
HttpsURLConnection urlConnection =
- (HttpsURLConnection)url.openConnection();
+ (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
json_file_content = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next();
} catch (CertificateException e) {
@@ -364,10 +369,61 @@ public class ProviderAPI extends IntentService {
// TODO Auto-generated catch block
e.printStackTrace();
}
-
return json_file_content;
}
+ private String downloadCertificateWithoutTrusting(String certificate_url_string) {
+
+ String cert_string = "";
+ HostnameVerifier hostnameVerifier = new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ };
+
+ TrustManager[] trustAllCerts = new TrustManager[]{
+ new X509TrustManager() {
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+ public void checkClientTrusted( java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ public void checkServerTrusted( java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ }
+ };
+
+ try {
+ URL certificate_url = new URL(certificate_url_string);
+ HttpsURLConnection urlConnection =
+ (HttpsURLConnection)certificate_url.openConnection();
+ urlConnection.setHostnameVerifier(hostnameVerifier);
+
+ SSLContext sc = SSLContext.getInstance("TLS");
+ sc.init(null, trustAllCerts, new java.security.SecureRandom());
+
+ urlConnection.setSSLSocketFactory(sc.getSocketFactory());
+
+ cert_string = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next();
+
+ } catch (MalformedURLException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // This should never happen
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ return cert_string;
+ }
+
private JSONObject getJSONFromProvider(String json_url, boolean danger_on) throws JSONException {
String json_file_content = getStringFromProvider(json_url, danger_on);
return new JSONObject(json_file_content);
diff --git a/src/se/leap/leapclient/ProviderListContent.java b/src/se/leap/leapclient/ProviderListContent.java
index 10dce578..4cf0a5ff 100644
--- a/src/se/leap/leapclient/ProviderListContent.java
+++ b/src/se/leap/leapclient/ProviderListContent.java
@@ -40,6 +40,7 @@ public class ProviderListContent {
public String id;
public String name;
public String provider_json_url;
+ public JSONObject provider_json;
public String provider_json_filename;
public String eip_service_json_url;
public String cert_json_url;
@@ -83,6 +84,7 @@ public class ProviderListContent {
id = name;
this.name = name;
this.provider_json_url = provider_json_url;
+ this.provider_json = provider_json;
eip_service_json_url = provider_json.getString("api_uri") + "/" + provider_json.getString("api_version") + "/" + ConfigHelper.EIP_SERVICE_API_PATH;
cert_json_url = (String) provider_json.get("ca_cert_uri");
this.custom = custom;