diff options
-rw-r--r-- | src/se/leap/leapclient/ProviderAPI.java | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index 37856f60..a5da4b42 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -392,15 +392,14 @@ public class ProviderAPI extends IntentService { } catch(SocketTimeoutException e) { displayToast(R.string.server_is_down_message); } catch (IOException e) { - if(provider_url != null && danger_on) { - json_file_content = getStringFromProviderWithoutValidate(provider_url); + if(provider_url != null) { + json_file_content = getStringFromProviderWithCACertAdded(provider_url, danger_on); } else { displayToast(R.string.certificate_error); } - displayToast(R.string.certificate_error); } catch (Exception e) { if(provider_url != null && danger_on) { - json_file_content = getStringFromProviderWithoutValidate(provider_url); + json_file_content = getStringFromProviderWithCACertAdded(provider_url, danger_on); } } @@ -433,7 +432,7 @@ public class ProviderAPI extends IntentService { } catch (MalformedURLException e) { displayToast(R.string.malformed_url); } catch (IOException e) { - json_string = getStringFromProviderWithCACertAdded(string_url); + json_string = getStringFromProviderIgnoringCertificate(string_url); } return json_string; @@ -442,15 +441,16 @@ public class ProviderAPI extends IntentService { /** * Tries to download the contents of the provided url using main certificate from choosen provider. * @param url + * @param danger_on true to download CA certificate in case it has not been downloaded. * @return an empty string if it fails, the url content if not. */ - private String getStringFromProviderWithCACertAdded(URL url) { + private String getStringFromProviderWithCACertAdded(URL url, boolean danger_on) { String json_file_content = ""; // Load CAs from an InputStream // (could be from a resource or ByteArrayInputStream or ...) String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.MAIN_CERT_KEY); - if(cert_string.isEmpty()) { + if(cert_string.isEmpty() && danger_on) { cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt"); ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string); } @@ -462,7 +462,7 @@ public class ProviderAPI extends IntentService { String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); - keyStore.setCertificateEntry("dangerous_certificate", dangerous_certificate); + keyStore.setCertificateEntry("provider_ca_certificate", dangerous_certificate); // Create a TrustManager that trusts the CAs in our KeyStore String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); @@ -485,8 +485,11 @@ public class ProviderAPI extends IntentService { displayToast(R.string.server_is_down_message); } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. - json_file_content = getStringFromProviderIgnoringCertificate(url); - displayToast(R.string.certificate_error); + if(danger_on) { + json_file_content = getStringFromProviderWithoutValidate(url); + } else { + displayToast(R.string.certificate_error); + } } catch (KeyStoreException e) { // TODO Auto-generated catch block e.printStackTrace(); @@ -536,6 +539,7 @@ public class ProviderAPI extends IntentService { } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. e.printStackTrace(); + displayToast(R.string.certificate_error); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); |