summaryrefslogtreecommitdiff
path: root/app/src/insecure
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/insecure')
-rw-r--r--app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java58
1 files changed, 27 insertions, 31 deletions
diff --git a/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java b/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java
index 86250a6c..83a3044e 100644
--- a/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java
+++ b/app/src/insecure/java/se/leap/bitmaskclient/ProviderApiManager.java
@@ -88,30 +88,30 @@ public class ProviderApiManager extends ProviderApiManagerBase {
if (task != null) {
lastDangerOn = task.containsKey(ProviderListContent.ProviderItem.DANGER_ON) && task.getBoolean(ProviderListContent.ProviderItem.DANGER_ON);
+ }
- if (isEmpty(provider.getMainUrlString())) {
- setErrorResult(currentDownload, malformed_url, null);
- currentDownload.putParcelable(PROVIDER_KEY, provider);
- return currentDownload;
- }
-
- getPersistedProviderUpdates(provider);
- currentDownload = validateProviderDetails(provider);
+ if (isEmpty(provider.getMainUrlString()) || provider.getMainUrl().isDefault()) {
+ setErrorResult(currentDownload, malformed_url, null);
+ currentDownload.putParcelable(PROVIDER_KEY, provider);
+ return currentDownload;
+ }
- //provider details invalid
- if (currentDownload.containsKey(ERRORS)) {
- currentDownload.putParcelable(PROVIDER_KEY, provider);
- return currentDownload;
- }
+ getPersistedProviderUpdates(provider);
+ currentDownload = validateProviderDetails(provider);
- //no provider certificate available
- if (currentDownload.containsKey(BROADCAST_RESULT_KEY) && !currentDownload.getBoolean(BROADCAST_RESULT_KEY)) {
- resetProviderDetails(provider);
- }
+ //provider details invalid
+ if (currentDownload.containsKey(ERRORS)) {
+ currentDownload.putParcelable(PROVIDER_KEY, provider);
+ return currentDownload;
+ }
- go_ahead = true;
+ //no provider certificate available
+ if (currentDownload.containsKey(BROADCAST_RESULT_KEY) && !currentDownload.getBoolean(BROADCAST_RESULT_KEY)) {
+ resetProviderDetails(provider);
}
+ go_ahead = true;
+
if (!provider.hasDefinition())
currentDownload = getAndSetProviderJson(provider, lastDangerOn);
if (provider.hasDefinition() || (currentDownload.containsKey(BROADCAST_RESULT_KEY) && currentDownload.getBoolean(BROADCAST_RESULT_KEY))) {
@@ -150,10 +150,6 @@ public class ProviderApiManager extends ProviderApiManagerBase {
provider.define(providerJson);
-// preferences.edit().putString(Provider.KEY, providerJson.toString()).
-// putBoolean(PROVIDER_ALLOW_ANONYMOUS, providerJson.getJSONObject(Provider.SERVICE).getBoolean(PROVIDER_ALLOW_ANONYMOUS)).
-// putBoolean(PROVIDER_ALLOWED_REGISTERED, providerJson.getJSONObject(Provider.SERVICE).getBoolean(PROVIDER_ALLOWED_REGISTERED)).
-// putString(Provider.KEY + "." + providerDomain, providerJson.toString()).commit();
result.putBoolean(BROADCAST_RESULT_KEY, true);
} catch (JSONException e) {
String reason_to_fail = pickErrorMessage(providerDotJsonString);
@@ -251,13 +247,13 @@ public class ProviderApiManager extends ProviderApiManagerBase {
/**
* Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider.
* <p/>
- * If danger_on flag is true, SSL exceptions will be managed by futher methods that will try to use some bypass methods.
+ * If dangerOn flag is true, SSL exceptions will be managed by futher methods that will try to use some bypass methods.
*
- * @param string_url
- * @param danger_on if the user completely trusts this provider
+ * @param stringUrl
+ * @param dangerOn if the user completely trusts this provider
* @return
*/
- private String downloadWithCommercialCA(String string_url, boolean danger_on) {
+ private String downloadWithCommercialCA(String stringUrl, boolean dangerOn) {
String responseString;
JSONObject errorJson = new JSONObject();
@@ -268,14 +264,14 @@ public class ProviderApiManager extends ProviderApiManagerBase {
List<Pair<String, String>> headerArgs = getAuthorizationHeader();
- responseString = sendGetStringToServer(string_url, headerArgs, okHttpClient);
+ responseString = sendGetStringToServer(stringUrl, headerArgs, okHttpClient);
if (responseString != null && responseString.contains(ERRORS)) {
try {
// try to download with provider CA on certificate error
JSONObject responseErrorJson = new JSONObject(responseString);
- if (danger_on && responseErrorJson.getString(ERRORS).equals(resources.getString(R.string.certificate_error))) {
- responseString = downloadWithoutCA(string_url);
+ if (dangerOn && responseErrorJson.getString(ERRORS).equals(resources.getString(R.string.certificate_error))) {
+ responseString = downloadWithoutCA(stringUrl);
}
} catch (JSONException e) {
e.printStackTrace();
@@ -352,7 +348,7 @@ public class ProviderApiManager extends ProviderApiManagerBase {
* Downloads the string that's in the url with any certificate.
*/
// This method is totally insecure anyways. So no need to refactor that in order to use okHttpClient, force modern TLS etc.. DO NOT USE IN PRODUCTION!
- private String downloadWithoutCA(String url_string) {
+ private String downloadWithoutCA(String urlString) {
String string = "";
try {
@@ -382,7 +378,7 @@ public class ProviderApiManager extends ProviderApiManagerBase {
SSLContext context = SSLContext.getInstance("TLS");
context.init(new KeyManager[0], new TrustManager[]{new DefaultTrustManager()}, new SecureRandom());
- URL url = new URL(url_string);
+ URL url = new URL(urlString);
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
urlConnection.setHostnameVerifier(hostnameVerifier);