5 files changed, 105 insertions, 28 deletions

diff --git a/src/se/leap/bitmaskclient/ConfigurationWizard.java b/src/se/leap/bitmaskclient/ConfigurationWizard.java
index 36d90318..6c02d612 100644
--- a/src/se/leap/bitmaskclient/ConfigurationWizard.java
+++ b/src/se/leap/bitmaskclient/ConfigurationWizard.java
@@ -163,7 +163,20 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
 					mProgressBar.incrementProgressBy(1);

 				}

 

-				downloadJSONFiles(provider_json, danger_on);

+

+				if (ConfigHelper.getBoolFromSharedPref(EIP.ALLOWED_ANON)){

+					mConfigState.putExtra(SERVICES_RETRIEVED, true);

+					downloadAnonCert();

+				} else {

+					mProgressBar.incrementProgressBy(1);

+				    mProgressBar.setVisibility(ProgressBar.GONE);

+				    progressbar_description.setVisibility(TextView.GONE);

+				    //refreshProviderList(0);

+					//Toast.makeText(getApplicationContext(), R.string.success, Toast.LENGTH_LONG).show();

+					setResult(RESULT_OK);

+					showProviderDetails(getCurrentFocus());

+				}

+				//downloadJSONFiles(provider_json, danger_on);

 			} catch (JSONException e) {

 				// TODO Auto-generated catch block

 				e.printStackTrace();

@@ -236,7 +249,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
 	    int provider_index = getProviderIndex(id);

 	    startProgressBar(provider_index);

 	    mSelectedProvider = selected_provider;

-	    updateProviderDotJson(mSelectedProvider.providerMainUrl(), mSelectedProvider.completelyTrusted());

+	    updateProviderDotJson(mSelectedProvider.providerMainUrl(), true);

     }

     

     @Override

@@ -331,7 +344,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
 	        	boolean custom = false;

 	        	provider_name = url_filepath.subSequence(0, url_filepath.indexOf(".")).toString();

 	        	if(ProviderListContent.ITEMS.isEmpty()) //TODO I have to implement a way of checking if a provider new or is already present in that ITEMS list

-	        		ProviderListContent.addItem(new ProviderItem(provider_name, asset_manager.open(url_files_folder + "/" + url_filepath), custom, false));

+	        		ProviderListContent.addItem(new ProviderItem(provider_name, asset_manager.open(url_files_folder + "/" + url_filepath)));
 	        	loaded_preseeded_providers = true;

 	        }

 		} catch (IOException e) {

@@ -445,7 +458,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
 	

 	private void showProvider(final String provider_main_url, final boolean danger_on) {

 		String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");

-		final ProviderItem added_provider = new ProviderItem(provider_name, provider_main_url, danger_on);

+		final ProviderItem added_provider = new ProviderItem(provider_name, provider_main_url);

 		

 		//ProviderListContent.addItem(added_provider);

 		provider_list_fragment.addItem(added_provider);

diff --git a/src/se/leap/bitmaskclient/Dashboard.java b/src/se/leap/bitmaskclient/Dashboard.java
index 65ff2800..0ae7085a 100644
--- a/src/se/leap/bitmaskclient/Dashboard.java
+++ b/src/se/leap/bitmaskclient/Dashboard.java
@@ -243,6 +243,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 				}
 				eipStop();
 			}
+			ConfigHelper.removeFromSharedPref(Provider.KEY);
 			startActivityForResult(new Intent(this,ConfigurationWizard.class), SWITCH_PROVIDER);
 			return true;
 		case R.id.login_button:
diff --git a/src/se/leap/bitmaskclient/Provider.java b/src/se/leap/bitmaskclient/Provider.java
index f36e5946..598999fd 100644
--- a/src/se/leap/bitmaskclient/Provider.java
+++ b/src/se/leap/bitmaskclient/Provider.java
@@ -99,7 +99,7 @@ public final class Provider implements Serializable {
 		preferences = activity.getSharedPreferences(Dashboard.SHARED_PREFERENCES,Context.MODE_PRIVATE);
 		// Inflate our provider.json data
 		try {
-			definition = new JSONObject( preferences.getString("provider", "") );
+			definition = new JSONObject( preferences.getString(Provider.KEY, "") );
 		} catch (JSONException e) {
 			// TODO: handle exception
 			
diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java
index 8542aa92..6003fa6c 100644
--- a/src/se/leap/bitmaskclient/ProviderAPI.java
+++ b/src/se/leap/bitmaskclient/ProviderAPI.java
@@ -36,6 +36,7 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
@@ -68,7 +69,6 @@ import android.os.Handler;
 import android.os.ResultReceiver;
 import android.util.Base64;
 import android.util.Log;
-import android.widget.ProgressBar;
 import android.widget.Toast;
 
 /**
@@ -99,7 +99,8 @@ public class ProviderAPI extends IntentService {
     SESSION_ID_KEY = "session_id",
     ERRORS = "errors",
     UPDATE_ACTION = "update_action",
-    UPDATE_DATA = "update data"
+    UPDATE_DATA = "update data",
+    TAG = "provider_api_tag"
     ;
 
     final public static int
@@ -489,9 +490,13 @@ public class ProviderAPI extends IntentService {
 		Bundle result = new Bundle();
 		boolean danger_on = task.getBoolean(ProviderItem.DANGER_ON);
 		String provider_main_url = task.getString(Provider.MAIN_URL);
-		String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");
-		String provider_json_url = provider_main_url + "/provider.json";
-		
+		if(downloadCACert(provider_main_url, danger_on)) {
+			result.putBoolean(RESULT_KEY, true);
+			if(getAndSetProviderJson(provider_main_url)) 
+				if(getAndSetEipServiceJson())
+					;
+		}
+		/*
 		try {
 			String provider_dot_json_string = downloadWithCommercialCA(provider_json_url, danger_on);
 			if(provider_dot_json_string.isEmpty()) {
@@ -514,10 +519,72 @@ public class ProviderAPI extends IntentService {
 			result.putBoolean(RESULT_KEY, false);
 			result.putString(ERRORS, "Corrupt download");
 		}
+		*/
+		return result;
+	}
+	
+	private boolean downloadCACert(String provider_main_url, boolean danger_on) {
+		String cert_string = downloadWithCommercialCA(provider_main_url + "/ca.crt", danger_on);
+		if(validCertificate(cert_string))
+			ConfigHelper.saveSharedPref(Provider.CA_CERT, "-----BEGIN CERTIFICATE-----\n"+cert_string+"-----END CERTIFICATE-----");
+		else
+			return false;
 		
+		return true;
+	}
+	
+	private boolean validCertificate(String cert_string) {
+		boolean result = false;
+		if(!cert_string.isEmpty()) {
+			X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string);
+			try {
+				Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
+				result = true;
+			} catch (CertificateEncodingException e) {
+				Log.d(TAG, e.getLocalizedMessage());
+			}
+		}
+		
+		return result;
+	}
+	
+	private boolean getAndSetProviderJson(String provider_main_url) {
+		boolean result = false;
+
+		String provider_dot_json_string = downloadWithProviderCA(provider_main_url + "/provider.json", true);
+
+		try {
+			JSONObject provider_json = new JSONObject(provider_dot_json_string);
+			String name = provider_json.getString(Provider.NAME);
+			//TODO setProviderName(name);
+			
+			ConfigHelper.saveSharedPref(Provider.KEY, provider_json);
+			ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON));
+			ProviderItem added_provider = new ProviderItem(name, provider_main_url);
+			
+			result = true;
+		} catch (JSONException e) {
+		}
 		return result;
 	}
+
 	
+	private boolean getAndSetEipServiceJson() {
+		boolean result = false;
+
+		try {
+			JSONObject provider_json = ConfigHelper.getJsonFromSharedPref(Provider.KEY);
+			String eip_service_url = provider_json.getString(Provider.API_URL) +  "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH;
+			String eip_service_json_string = downloadWithProviderCA(eip_service_url, true);
+			JSONObject eip_service_json = new JSONObject(eip_service_json_string);
+			eip_service_json.getInt(Provider.API_RETURN_SERIAL);
+
+			ConfigHelper.saveSharedPref(EIP.KEY, eip_service_json);
+			result = true;
+		} catch (JSONException e) {
+		}
+		return result;
+	}
 	/**
 	 * Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider.
 	 * 
@@ -543,13 +610,13 @@ public class ProviderAPI extends IntentService {
 			json_file_content = formatErrorMessage(R.string.server_is_down_message);
 		} catch (IOException e) {
 			if(provider_url != null) {
-				json_file_content = downloadWithProviderCA(provider_url, danger_on);
+				json_file_content = downloadWithProviderCA(string_url, danger_on);
 			} else {
 				json_file_content = formatErrorMessage(R.string.certificate_error);
 			}
 		} catch (Exception e) {
 			if(provider_url != null && danger_on) {
-				json_file_content = downloadWithProviderCA(provider_url, danger_on);
+				json_file_content = downloadWithProviderCA(string_url, danger_on);
 			}
 		}
 
@@ -557,15 +624,16 @@ public class ProviderAPI extends IntentService {
 	}
 
 	/**
-	 * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider.
-	 * @param url
+	 * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. 
+	 * @param url as a string
 	 * @param danger_on true to download CA certificate in case it has not been downloaded.
 	 * @return an empty string if it fails, the url content if not. 
 	 */
-	private String downloadWithProviderCA(URL url, boolean danger_on) {
+	private String downloadWithProviderCA(String url_string, boolean danger_on) {
 		String json_file_content = "";
 
 		try {
+			URL url = new URL(url_string);
 			// Tell the URLConnection to use a SocketFactory from our SSLContext
 			HttpsURLConnection urlConnection =
 					(HttpsURLConnection)url.openConnection();
@@ -579,7 +647,7 @@ public class ProviderAPI extends IntentService {
 		} catch (IOException e) {
 			// The downloaded certificate doesn't validate our https connection.
 			if(danger_on) {
-				json_file_content = downloadWithoutCA(url);
+				json_file_content = downloadWithoutCA(url_string);
 			} else {
 				json_file_content = formatErrorMessage(R.string.certificate_error);
 			}
@@ -622,7 +690,7 @@ public class ProviderAPI extends IntentService {
 	/**
 	 * Downloads the string that's in the url with any certificate.
 	 */
-	private String downloadWithoutCA(URL url) {
+	private String downloadWithoutCA(String url_string) {
 		String string = "";
 		try {
 
@@ -650,6 +718,7 @@ public class ProviderAPI extends IntentService {
 			SSLContext context = SSLContext.getInstance("TLS");
 			context.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
 
+			URL url = new URL(url_string);
 			HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
 			urlConnection.setSSLSocketFactory(context.getSocketFactory());
 			urlConnection.setHostnameVerifier(hostnameVerifier);
@@ -741,7 +810,7 @@ public class ProviderAPI extends IntentService {
 			String new_cert_string_url = provider_main_url.toString() + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE;
 
 			boolean danger_on = ConfigHelper.getBoolFromSharedPref(ProviderItem.DANGER_ON);
-			String cert_string = downloadWithCommercialCA(new_cert_string_url, danger_on);
+			String cert_string = downloadWithProviderCA(new_cert_string_url, true);
 			if(!cert_string.isEmpty()) {
 				if(ConfigHelper.checkErroneousDownload(cert_string)) {
 					String reason_to_fail = provider_json.getString(ERRORS);
diff --git a/src/se/leap/bitmaskclient/ProviderListContent.java b/src/se/leap/bitmaskclient/ProviderListContent.java
index af61dbd6..b13c5db4 100644
--- a/src/se/leap/bitmaskclient/ProviderListContent.java
+++ b/src/se/leap/bitmaskclient/ProviderListContent.java
@@ -62,8 +62,7 @@ public class ProviderListContent {
 		final public static String CUSTOM = "custom";

 		final public static String DANGER_ON = "danger_on";

 		private String provider_main_url;

-		private String name;

-		private boolean danger_on = false;
+		private String name;
 

 		/**

 		 * @param name of the provider

@@ -71,7 +70,7 @@ public class ProviderListContent {
 		 * @param custom if it's a new provider entered by the user or not

 		 * @param danger_on if the user trusts completely the new provider

 		 */

-		public ProviderItem(String name, InputStream urls_file_input_stream, boolean custom, boolean danger_on) {

+		public ProviderItem(String name, InputStream urls_file_input_stream) {

 

 			try {

 				byte[] urls_file_bytes = new byte[urls_file_input_stream.available()];

@@ -80,7 +79,6 @@ public class ProviderListContent {
 				JSONObject file_contents = new JSONObject(urls_file_content);
 				provider_main_url = file_contents.getString(Provider.MAIN_URL);

 				this.name = name;

-				this.danger_on = danger_on;

 			} catch (JSONException e) {

 				// TODO Auto-generated catch block

 				e.printStackTrace();

@@ -95,12 +93,10 @@ public class ProviderListContent {
 		 * @param provider_main_url used to download provider.json file of the provider

 		 * @param provider_json already downloaded

 		 * @param custom if it's a new provider entered by the user or not

-		 * @param danger_on if the user trusts completely the new provider

 		 */
-		public ProviderItem(String name, String provider_main_url, boolean danger_on) {

+		public ProviderItem(String name, String provider_main_url) {

 			this.name = name;

-			this.provider_main_url = provider_main_url;

-			this.danger_on = danger_on;
+			this.provider_main_url = provider_main_url;
 		}

 		

 		public String name() { return name; }

@@ -114,7 +110,5 @@ public class ProviderListContent {
 				return provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("/.*", "");

 			}

 		}

-		

-		public boolean completelyTrusted() { return danger_on; }

 	}

 }