summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/se/leap/leapclient/ConfigHelper.java70
-rw-r--r--src/se/leap/leapclient/ConfigurationWizard.java6
-rw-r--r--src/se/leap/leapclient/LeapHttpClient.java15
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java13
4 files changed, 90 insertions, 14 deletions
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index f5800a0e..b6526691 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -8,6 +8,12 @@ import java.io.FileNotFoundException;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import org.json.JSONException;
import org.json.JSONObject;
@@ -19,6 +25,7 @@ import android.util.Log;
public class ConfigHelper {
public static SharedPreferences shared_preferences;
+ private static KeyStore keystore_trusted;
final static String downloadJsonFilesBundleExtra = "downloadJSONFiles";
final static String downloadNewProviderDotJSON = "downloadNewProviderDotJSON";
@@ -90,4 +97,67 @@ public class ConfigHelper {
SharedPreferences shared_preferences) {
ConfigHelper.shared_preferences = shared_preferences;
}
+
+ public static void addTrustedCertificate(String provider, InputStream inputStream) {
+ CertificateFactory cf;
+ try {
+ cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert =
+ (X509Certificate)cf.generateCertificate(inputStream);
+ keystore_trusted.setCertificateEntry("provider", cert);
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ public static void addTrustedCertificate(String provider, String certificate) {
+ String filename_to_save = provider + "_certificate.cer";
+ saveFile(filename_to_save, certificate);
+ CertificateFactory cf;
+ try {
+ cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert =
+ (X509Certificate)cf.generateCertificate(openFileInputStream(filename_to_save));
+ keystore_trusted.setCertificateEntry("provider", cert);
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+ public static KeyStore getKeystore() {
+ return keystore_trusted;
+ }
+
+ public static void getNewKeystore(InputStream leap_keystore) {
+ try {
+ keystore_trusted = KeyStore.getInstance("BKS");
+ try {
+ // Initialize the keystore with the provided trusted certificates
+ // Also provide the password of the keystore
+ keystore_trusted.load(leap_keystore, "uer92jf".toCharArray());
+ } finally {
+ leap_keystore.close();
+ }
+ } catch (KeyStoreException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
}
diff --git a/src/se/leap/leapclient/ConfigurationWizard.java b/src/se/leap/leapclient/ConfigurationWizard.java
index dcefb271..69e13f19 100644
--- a/src/se/leap/leapclient/ConfigurationWizard.java
+++ b/src/se/leap/leapclient/ConfigurationWizard.java
@@ -1,6 +1,7 @@
package se.leap.leapclient;
import java.io.IOException;
+import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.Iterator;
import java.util.Scanner;
@@ -63,6 +64,11 @@ public class ConfigurationWizard extends Activity
loadPreseededProviders();
+ if(ConfigHelper.getKeystore() == null) {
+ InputStream keystore_input_stream = getResources().openRawResource(R.raw.leapkeystore);
+ ConfigHelper.getNewKeystore(keystore_input_stream);
+ }
+
// Only create our fragments if we're not restoring a saved instance
if ( savedInstanceState == null ){
// TODO Some welcome screen?
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java
index 9e1a541b..9ee0a95e 100644
--- a/src/se/leap/leapclient/LeapHttpClient.java
+++ b/src/se/leap/leapclient/LeapHttpClient.java
@@ -33,23 +33,16 @@ public class LeapHttpClient extends DefaultHttpClient {
private SSLSocketFactory newSslSocketFactory() {
try {
// Get an instance of the Bouncy Castle KeyStore format
- KeyStore trusted = KeyStore.getInstance("BKS");
- // Get the raw resource, which contains the keystore with
- // your trusted certificates (root and any intermediate certs)
- InputStream in = context.getResources().openRawResource(R.raw.leapkeystore);
- try {
- // Initialize the keystore with the provided trusted certificates
- // Also provide the password of the keystore
- trusted.load(in, "uer92jf".toCharArray());
- } finally {
- in.close();
- }
+ KeyStore trusted = ConfigHelper.getKeystore();
+
// Pass the keystore to the SSLSocketFactory. The factory is responsible
// for the verification of the server certificate.
SSLSocketFactory sf = new SSLSocketFactory(trusted);
+
// Hostname verification from certificate
// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+
return sf;
} catch (Exception e) {
throw new AssertionError(e);
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 1dc7c9f6..01cbd01c 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -1,6 +1,9 @@
package se.leap.leapclient;
import java.io.IOException;
+import java.net.URL;
+import java.security.Provider;
+import java.security.Security;
import java.util.Scanner;
import org.apache.http.HttpEntity;
@@ -38,14 +41,18 @@ public class ProviderAPI extends IntentService {
try {
JSONObject provider_json = new JSONObject("{ \"provider\" : \"" + provider_name + "\"}");
ConfigHelper.saveSharedPref(ConfigHelper.provider_key, provider_json);
- String cert_string = getStringFromProvider(cert_url);
+
+ /*String cert_string = getStringFromProvider(cert_url);
JSONObject cert_json = new JSONObject("{ \"certificate\" : \"" + cert_string + "\"}");
ConfigHelper.saveSharedPref(ConfigHelper.cert_key, cert_json);
+ ConfigHelper.addTrustedCertificate(provider_name, cert_string);*/
+ URL cacert = new URL(cert_url);
+ ConfigHelper.addTrustedCertificate(provider_name, cacert.openStream());
JSONObject eip_service_json = getJSONFromProvider(eip_service_json_url);
ConfigHelper.saveSharedPref(ConfigHelper.eip_service_key, eip_service_json);
receiver.send(ConfigHelper.CORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY);
} catch (IOException e) {
- // TODO Auto-generated catch block
+ // TODO It could happen that an https site used a certificate not trusted.
e.printStackTrace();
receiver.send(ConfigHelper.INCORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY);
} catch (JSONException e) {
@@ -69,7 +76,7 @@ public class ProviderAPI extends IntentService {
ProviderListContent.addItem(new ProviderItem(provider_name, ConfigHelper.openFileInputStream(filename), custom));
receiver.send(ConfigHelper.CUSTOM_PROVIDER_ADDED, Bundle.EMPTY);
} catch (IOException e) {
- // TODO Auto-generated catch block
+ // TODO It could happen that an https site used a certificate not trusted.
e.printStackTrace();
} catch (JSONException e) {
// TODO Auto-generated catch block