4 files changed, 44 insertions, 24 deletions

diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java
index ee06a586..54bfcc19 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java
@@ -32,6 +32,7 @@ public final class Provider implements Parcelable {
 
     private JSONObject definition; // Represents our Provider's provider.json
     private URL main_url;
+    private String certificate_pin;
 
     final public static String
             API_URL = "api_uri",
@@ -62,8 +63,9 @@ public final class Provider implements Parcelable {
         this.main_url = main_url;
     }
 
-    public Provider(File provider_file) {
-
+    public Provider(URL main_url, String certificate_pin) {
+        this.main_url = main_url;
+        this.certificate_pin = certificate_pin;
     }
 
     public static final Parcelable.Creator<Provider> CREATOR
@@ -81,11 +83,9 @@ public final class Provider implements Parcelable {
         try {
             main_url = new URL(in.readString());
             String definition_string = in.readString();
-            if (definition_string != null)
+            if (!definition_string.isEmpty())
                 definition = new JSONObject((definition_string));
-        } catch (MalformedURLException e) {
-            e.printStackTrace();
-        } catch (JSONException e) {
+        } catch (MalformedURLException | JSONException e) {
             e.printStackTrace();
         }
     }
@@ -106,6 +106,8 @@ public final class Provider implements Parcelable {
         return main_url;
     }
 
+    protected String certificatePin() { return certificate_pin; }
+
     protected String getName() {
         // Should we pass the locale in, or query the system here?
         String lang = Locale.getDefault().getLanguage();
diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
index 40fe8b5a..220a71c8 100644
--- a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
+++ b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java
@@ -49,11 +49,14 @@ public class ProviderManager implements AdapteeCollection<Provider> {
         Set<Provider> providers = new HashSet<Provider>();
         try {
             for (String file : relative_file_paths) {
-                String main_url = extractMainUrlFromInputStream(assets_manager.open(directory + "/" + file));
-                providers.add(new Provider(new URL(main_url)));
+                InputStream provider_file = assets_manager.open(directory + "/" + file);
+                String main_url = extractMainUrlFromInputStream(provider_file);
+                String certificate_pin = extractCertificatePinFromInputStream(provider_file);
+                if(certificate_pin.isEmpty())
+                    providers.add(new Provider(new URL(main_url)));
+                else
+                    providers.add(new Provider(new URL(main_url), certificate_pin));
             }
-        } catch (MalformedURLException e) {
-            e.printStackTrace();
         } catch (IOException e) {
             e.printStackTrace();
         }
@@ -75,30 +78,43 @@ public class ProviderManager implements AdapteeCollection<Provider> {
                 String main_url = extractMainUrlFromInputStream(new FileInputStream(external_files_dir.getAbsolutePath() + "/" + file));
                 providers.add(new Provider(new URL(main_url)));
             }
-        } catch (MalformedURLException e) {
-            e.printStackTrace();
-        } catch (FileNotFoundException e) {
+        } catch (MalformedURLException | FileNotFoundException e) {
             e.printStackTrace();
         }
 
         return providers;
     }
 
-    private String extractMainUrlFromInputStream(InputStream input_stream_file_contents) {
+    private String extractMainUrlFromInputStream(InputStream input_stream) {
         String main_url = "";
-        byte[] bytes = new byte[0];
+
+        JSONObject file_contents = inputStreamToJson(input_stream);
+        if(file_contents != null)
+            main_url = file_contents.optString(Provider.MAIN_URL);
+        return main_url;
+    }
+
+    private String extractCertificatePinFromInputStream(InputStream input_stream) {
+        String certificate_pin = "";
+
+        JSONObject file_contents = inputStreamToJson(input_stream);
+        if(file_contents != null)
+            certificate_pin = file_contents.optString(Provider.CA_CERT_FINGERPRINT);
+
+        return certificate_pin;
+    }
+
+    private JSONObject inputStreamToJson(InputStream input_stream) {
+        JSONObject json = null;
         try {
-            bytes = new byte[input_stream_file_contents.available()];
-            if (input_stream_file_contents.read(bytes) > 0) {
-                JSONObject file_contents = new JSONObject(new String(bytes));
-                main_url = file_contents.getString(Provider.MAIN_URL);
-            }
-        } catch (IOException e) {
-            e.printStackTrace();
-        } catch (JSONException e) {
+            byte[] bytes = new byte[input_stream.available()];
+            if (input_stream.read(bytes) > 0)
+                json = new JSONObject(new String(bytes));
+            input_stream.reset();
+        } catch (IOException | JSONException e) {
             e.printStackTrace();
         }
-        return main_url;
+        return json;
     }
 
     public Set<Provider> providers() {
diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml
index 7ab5150e..82ca44e9 100644
--- a/app/src/main/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@@ -48,6 +48,7 @@
     <string name="setup_error_close_button">Salir</string>
     <string name="setup_error_text">Sucedió un error configurando Bitmask con tu proveedor elegido.\n\nPuedes volver a intentarlo, o elegir otro proveedor.</string>
     <string name="server_unreachable_message">No se ha detectado red para hablar con el servidor, inténtalo de nuevo.</string>
+    <string name="error.security.pinnedcertificate">Error de seguridad, actualiza la aplicación o elige otro proveedor.</string>
     <string name="malformed_url">No parece que sea un proveedor de Bitmask.</string>
     <string name="certificate_error">No es un proveedor de Bitmak de confianza.</string>
     <string name="service_is_down_error">El servicio está caído.</string>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index ac6191a9..bcfd3a2c 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -47,6 +47,7 @@
     <string name="setup_error_close_button">Exit</string>
     <string name="setup_error_text">There was an error configuring Bitmask with your chosen provider.\n\nYou may choose to reconfigure, or exit and configure a provider upon next launch.</string>
     <string name="server_unreachable_message">Server is unreachable, please try again.</string>
+    <string name="error.security.pinnedcertificate">Security error, update the app or choose another provider.</string>
     <string name="malformed_url">It doesn\'t seem to be a Bitmask provider.</string>
     <string name="certificate_error">This is not a trusted Bitmask provider.</string>
     <string name="service_is_down_error">Service is down.</string>