summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/Provider.java32
1 files changed, 7 insertions, 25 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java
index 7104143c..98662783 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java
@@ -90,9 +90,8 @@ public final class Provider implements Parcelable {
}
if (definition != null) {
try {
- this.definition = new JSONObject(definition);
- parseDefinition(this.definition);
- } catch (JSONException | NullPointerException e) {
+ define(new JSONObject(definition));
+ } catch (JSONException e) {
e.printStackTrace();
}
}
@@ -133,26 +132,8 @@ public final class Provider implements Parcelable {
}
public boolean define(JSONObject providerJson) {
- /*
- * fix against "api_uri": "https://calyx.net.malicious.url.net:4430",
- * This method aims to prevent attacks where the provider.json file got manipulated by a third party.
- * The main url should not change.
- */
-
- try {
- String providerApiUrl = providerJson.getString(Provider.API_URL);
- String providerDomain = providerJson.getString(Provider.DOMAIN);
- if (getMainUrlString().contains(providerDomain) && providerApiUrl.contains(providerDomain + ":")) {
- definition = providerJson;
- parseDefinition(definition);
- return true;
- } else {
- return false;
- }
- } catch (JSONException e) {
- e.printStackTrace();
- return false;
- }
+ definition = providerJson;
+ return parseDefinition(definition);
}
public JSONObject getDefinition() {
@@ -345,7 +326,7 @@ public final class Provider implements Parcelable {
}
}
- private void parseDefinition(JSONObject definition) {
+ private boolean parseDefinition(JSONObject definition) {
try {
String pin = definition.getString(CA_CERT_FINGERPRINT);
this.certificatePin = pin.split(":")[1].trim();
@@ -354,8 +335,9 @@ public final class Provider implements Parcelable {
this.allowAnonymous = definition.getJSONObject(Provider.SERVICE).getBoolean(PROVIDER_ALLOW_ANONYMOUS);
this.allowRegistered = definition.getJSONObject(Provider.SERVICE).getBoolean(PROVIDER_ALLOWED_REGISTERED);
this.apiVersion = getDefinition().getString(Provider.API_VERSION);
+ return true;
} catch (JSONException | ArrayIndexOutOfBoundsException | MalformedURLException e) {
- e.printStackTrace();
+ return false;
}
}