summaryrefslogtreecommitdiff
path: root/app/src/production
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/production')
-rw-r--r--app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java232
-rw-r--r--app/src/production/java/se/leap/bitmaskclient/ProviderListActivity.java41
2 files changed, 99 insertions, 174 deletions
diff --git a/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java b/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java
index a30c9615..5317118b 100644
--- a/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java
+++ b/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java
@@ -33,15 +33,14 @@ import okhttp3.OkHttpClient;
import se.leap.bitmaskclient.eip.EIP;
import static android.text.TextUtils.isEmpty;
-import static se.leap.bitmaskclient.Constants.PROVIDER_ALLOWED_REGISTERED;
-import static se.leap.bitmaskclient.Constants.PROVIDER_ALLOW_ANONYMOUS;
-import static se.leap.bitmaskclient.Constants.PROVIDER_KEY;
+import static se.leap.bitmaskclient.Constants.BROADCAST_RESULT_KEY;
import static se.leap.bitmaskclient.Constants.PROVIDER_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.DownloadFailedDialog.DOWNLOAD_ERRORS.ERROR_CERTIFICATE_PINNING;
+import static se.leap.bitmaskclient.DownloadFailedDialog.DOWNLOAD_ERRORS.ERROR_CORRUPTED_PROVIDER_JSON;
import static se.leap.bitmaskclient.ProviderAPI.ERRORS;
-import static se.leap.bitmaskclient.ProviderAPI.RESULT_KEY;
import static se.leap.bitmaskclient.R.string.malformed_url;
import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_cert;
+import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_details;
/**
* Implements the logic of the provider api http requests. The methods of this class need to be called from
@@ -66,76 +65,39 @@ public class ProviderApiManager extends ProviderApiManagerBase {
* Downloads a provider.json from a given URL, adding a new provider using the given name.
*
* @param task containing a boolean meaning if the provider is custom or not, another boolean meaning if the user completely trusts this provider, the provider name and its provider.json url.
- * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if the update was successful.
+ * @return a bundle with a boolean value mapped to a key named BROADCAST_RESULT_KEY, and which is true if the update was successful.
*/
@Override
- protected Bundle setUpProvider(Bundle task) {
- int progress = 0;
+ protected Bundle setUpProvider(Provider provider, Bundle task) {
Bundle currentDownload = new Bundle();
- if (task != null) {
- //FIXME: this should be refactored in order to avoid static variables all over here
- lastProviderMainUrl = task.containsKey(Provider.MAIN_URL) ?
- task.getString(Provider.MAIN_URL) :
- "";
-
- if (isEmpty(lastProviderMainUrl)) {
- currentDownload.putBoolean(RESULT_KEY, false);
- setErrorResult(currentDownload, malformed_url, null);
- return currentDownload;
- }
-
- //TODO: remove that
- providerCaCertFingerprint = task.containsKey(Provider.CA_CERT_FINGERPRINT) ?
- task.getString(Provider.CA_CERT_FINGERPRINT) :
- "";
- providerCaCert = task.containsKey(Provider.CA_CERT) ?
- task.getString(Provider.CA_CERT) :
- "";
-
- try {
- providerDefinition = task.containsKey(Provider.KEY) ?
- new JSONObject(task.getString(Provider.KEY)) :
- new JSONObject();
- } catch (JSONException e) {
- e.printStackTrace();
- providerDefinition = new JSONObject();
- }
- providerApiUrl = getApiUrlWithVersion(providerDefinition);
-
- checkPersistedProviderUpdates();
- currentDownload = validateProviderDetails();
+ if (isEmpty(provider.getMainUrlString()) || provider.getMainUrl().isDefault()) {
+ currentDownload.putBoolean(BROADCAST_RESULT_KEY, false);
+ setErrorResult(currentDownload, malformed_url, null);
+ return currentDownload;
+ }
- //provider details invalid
- if (currentDownload.containsKey(ERRORS)) {
- return currentDownload;
- }
+ getPersistedProviderUpdates(provider);
+ currentDownload = validateProviderDetails(provider);
- //no provider certificate available
- if (currentDownload.containsKey(RESULT_KEY) && !currentDownload.getBoolean(RESULT_KEY)) {
- resetProviderDetails();
- }
+ //provider details invalid
+ if (currentDownload.containsKey(ERRORS)) {
+ return currentDownload;
+ }
- EIP_SERVICE_JSON_DOWNLOADED = false;
- go_ahead = true;
+ //no provider certificate available
+ if (currentDownload.containsKey(BROADCAST_RESULT_KEY) && !currentDownload.getBoolean(BROADCAST_RESULT_KEY)) {
+ resetProviderDetails(provider);
}
- if (!PROVIDER_JSON_DOWNLOADED)
- currentDownload = getAndSetProviderJson(lastProviderMainUrl, providerCaCert, providerDefinition);
- if (PROVIDER_JSON_DOWNLOADED || (currentDownload.containsKey(RESULT_KEY) && currentDownload.getBoolean(RESULT_KEY))) {
- broadcastProgress(++progress);
- PROVIDER_JSON_DOWNLOADED = true;
-
- if (!CA_CERT_DOWNLOADED)
- currentDownload = downloadCACert();
- if (CA_CERT_DOWNLOADED || (currentDownload.containsKey(RESULT_KEY) && currentDownload.getBoolean(RESULT_KEY))) {
- broadcastProgress(++progress);
- CA_CERT_DOWNLOADED = true;
- currentDownload = getAndSetEipServiceJson();
- if (currentDownload.containsKey(RESULT_KEY) && currentDownload.getBoolean(RESULT_KEY)) {
- broadcastProgress(++progress);
- EIP_SERVICE_JSON_DOWNLOADED = true;
- }
+ if (!provider.hasDefinition()) {
+ currentDownload = getAndSetProviderJson(provider);
+ }
+ if (provider.hasDefinition() || (currentDownload.containsKey(BROADCAST_RESULT_KEY) && currentDownload.getBoolean(BROADCAST_RESULT_KEY))) {
+ if (!provider.hasCaCert())
+ currentDownload = downloadCACert(provider);
+ if (provider.hasCaCert() || (currentDownload.containsKey(BROADCAST_RESULT_KEY) && currentDownload.getBoolean(BROADCAST_RESULT_KEY))) {
+ currentDownload = getAndSetEipServiceJson(provider);
}
}
@@ -143,67 +105,63 @@ public class ProviderApiManager extends ProviderApiManagerBase {
}
- private Bundle getAndSetProviderJson(String providerMainUrl, String caCert, JSONObject providerDefinition) {
+ private Bundle getAndSetProviderJson(Provider provider) {
Bundle result = new Bundle();
- if (go_ahead) {
- String providerDotJsonString;
- if(providerDefinition.length() == 0 || caCert.isEmpty())
- providerDotJsonString = downloadWithCommercialCA(providerMainUrl + "/provider.json");
- else {
- providerDotJsonString = downloadFromApiUrlWithProviderCA("/provider.json", caCert, providerDefinition);
- }
+ String caCert = provider.getCaCert();
+ JSONObject providerDefinition = provider.getDefinition();
- if (!isValidJson(providerDotJsonString)) {
- setErrorResult(result, malformed_url, null);
- return result;
- }
+ String providerDotJsonString;
+ if(providerDefinition.length() == 0 || caCert.isEmpty()) {
+ String providerJsonUrl = provider.getMainUrlString() + "/provider.json";
+ providerDotJsonString = downloadWithCommercialCA(providerJsonUrl, provider);
+ } else {
+ providerDotJsonString = downloadFromApiUrlWithProviderCA("/provider.json", caCert, providerDefinition);
+ }
- try {
- JSONObject providerJson = new JSONObject(providerDotJsonString);
- String providerDomain = getDomainFromMainURL(lastProviderMainUrl);
- providerApiUrl = getApiUrlWithVersion(providerJson);
- //String name = providerJson.getString(Provider.NAME);
- //TODO setProviderName(name);
-
- preferences.edit().putString(Provider.KEY, providerJson.toString()).
- putBoolean(PROVIDER_ALLOW_ANONYMOUS, providerJson.getJSONObject(Provider.SERVICE).getBoolean(PROVIDER_ALLOW_ANONYMOUS)).
- putBoolean(PROVIDER_ALLOWED_REGISTERED, providerJson.getJSONObject(Provider.SERVICE).getBoolean(PROVIDER_ALLOWED_REGISTERED)).
- putString(Provider.KEY + "." + providerDomain, providerJson.toString()).commit();
- result.putBoolean(RESULT_KEY, true);
- } catch (JSONException e) {
- String reason_to_fail = pickErrorMessage(providerDotJsonString);
- result.putString(ERRORS, reason_to_fail);
- result.putBoolean(RESULT_KEY, false);
+ if (!isValidJson(providerDotJsonString)) {
+ setErrorResult(result, malformed_url, null);
+ return result;
+ }
+
+ try {
+ JSONObject providerJson = new JSONObject(providerDotJsonString);
+ if (provider.define(providerJson)) {
+ result.putBoolean(BROADCAST_RESULT_KEY, true);
+ } else {
+ return setErrorResult(result, warning_corrupted_provider_details, ERROR_CORRUPTED_PROVIDER_JSON.toString());
}
+
+ } catch (JSONException e) {
+ String reason_to_fail = pickErrorMessage(providerDotJsonString);
+ result.putString(ERRORS, reason_to_fail);
+ result.putBoolean(BROADCAST_RESULT_KEY, false);
}
return result;
}
/**
* Downloads the eip-service.json from a given URL, and saves eip service capabilities including the offered gateways
- * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if the download was successful.
+ * @return a bundle with a boolean value mapped to a key named BROADCAST_RESULT_KEY, and which is true if the download was successful.
*/
@Override
- protected Bundle getAndSetEipServiceJson() {
+ protected Bundle getAndSetEipServiceJson(Provider provider) {
Bundle result = new Bundle();
- String eip_service_json_string = "";
- if (go_ahead) {
- try {
- JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
- String eip_service_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH;
- eip_service_json_string = downloadWithProviderCA(eip_service_url);
- JSONObject eip_service_json = new JSONObject(eip_service_json_string);
- eip_service_json.getInt(Provider.API_RETURN_SERIAL);
-
- preferences.edit().putString(PROVIDER_KEY, eip_service_json.toString()).commit();
-
- result.putBoolean(RESULT_KEY, true);
- } catch (NullPointerException | JSONException e) {
- String reason_to_fail = pickErrorMessage(eip_service_json_string);
- result.putString(ERRORS, reason_to_fail);
- result.putBoolean(RESULT_KEY, false);
- }
+ String eipServiceJsonString = "";
+ try {
+ JSONObject providerJson = provider.getDefinition();
+ String eipServiceUrl = providerJson.getString(Provider.API_URL) + "/" + providerJson.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH;
+ eipServiceJsonString = downloadWithProviderCA(provider.getCaCert(), eipServiceUrl);
+ JSONObject eipServiceJson = new JSONObject(eipServiceJsonString);
+ eipServiceJson.getInt(Provider.API_RETURN_SERIAL);
+
+ provider.setEipServiceJson(eipServiceJson);
+
+ result.putBoolean(BROADCAST_RESULT_KEY, true);
+ } catch (NullPointerException | JSONException e) {
+ String reasonToFail = pickErrorMessage(eipServiceJsonString);
+ result.putString(ERRORS, reasonToFail);
+ result.putBoolean(BROADCAST_RESULT_KEY, false);
}
return result;
}
@@ -214,19 +172,18 @@ public class ProviderApiManager extends ProviderApiManagerBase {
* @return true if certificate was downloaded correctly, false if provider.json is not present in SharedPreferences, or if the certificate url could not be parsed as a URI, or if there was an SSL error.
*/
@Override
- protected boolean updateVpnCertificate() {
+ protected boolean updateVpnCertificate(Provider provider) {
try {
- JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, ""));
-
- String provider_main_url = provider_json.getString(Provider.API_URL);
- URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + PROVIDER_VPN_CERTIFICATE);
+ JSONObject providerJson = provider.getDefinition();
+ String providerMainUrl = providerJson.getString(Provider.API_URL);
+ URL newCertStringUrl = new URL(providerMainUrl + "/" + providerJson.getString(Provider.API_VERSION) + "/" + PROVIDER_VPN_CERTIFICATE);
- String cert_string = downloadWithProviderCA(new_cert_string_url.toString());
+ String certString = downloadWithProviderCA(provider.getCaCert(), newCertStringUrl.toString());
- if (ConfigHelper.checkErroneousDownload(cert_string))
+ if (ConfigHelper.checkErroneousDownload(certString))
return false;
else
- return loadCertificate(cert_string);
+ return loadCertificate(provider, certString);
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -238,23 +195,22 @@ public class ProviderApiManager extends ProviderApiManagerBase {
}
}
- private Bundle downloadCACert() {
+ private Bundle downloadCACert(Provider provider) {
Bundle result = new Bundle();
try {
- JSONObject providerJson = new JSONObject(preferences.getString(Provider.KEY, ""));
- String caCertUrl = providerJson.getString(Provider.CA_CERT_URI);
- String providerDomain = getDomainFromMainURL(lastProviderMainUrl);
- String cert_string = downloadWithCommercialCA(caCertUrl);
-
- if (validCertificate(cert_string) && go_ahead) {
- preferences.edit().putString(Provider.CA_CERT, cert_string).commit();
- preferences.edit().putString(Provider.CA_CERT + "." + providerDomain, cert_string).commit();
- result.putBoolean(RESULT_KEY, true);
+ String caCertUrl = provider.getDefinition().getString(Provider.CA_CERT_URI);
+ String providerDomain = getDomainFromMainURL(provider.getMainUrlString());
+ String certString = downloadWithCommercialCA(caCertUrl, provider);
+
+ if (validCertificate(provider, certString)) {
+ provider.setCaCert(certString);
+ preferences.edit().putString(Provider.CA_CERT + "." + providerDomain, certString).apply();
+ result.putBoolean(BROADCAST_RESULT_KEY, true);
} else {
setErrorResult(result, warning_corrupted_provider_cert, ERROR_CERTIFICATE_PINNING.toString());
}
} catch (JSONException e) {
- setErrorResult(result, malformed_url, null);
+ e.printStackTrace();
}
return result;
@@ -263,10 +219,8 @@ public class ProviderApiManager extends ProviderApiManagerBase {
/**
* Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider.
*
- * @param string_url
- * @return
*/
- private String downloadWithCommercialCA(String string_url) {
+ private String downloadWithCommercialCA(String stringUrl, Provider provider) {
String responseString;
JSONObject errorJson = new JSONObject();
@@ -277,14 +231,14 @@ public class ProviderApiManager extends ProviderApiManagerBase {
List<Pair<String, String>> headerArgs = getAuthorizationHeader();
- responseString = sendGetStringToServer(string_url, headerArgs, okHttpClient);
+ responseString = sendGetStringToServer(stringUrl, headerArgs, okHttpClient);
if (responseString != null && responseString.contains(ERRORS)) {
try {
// try to download with provider CA on certificate error
JSONObject responseErrorJson = new JSONObject(responseString);
if (responseErrorJson.getString(ERRORS).equals(resources.getString(R.string.certificate_error))) {
- responseString = downloadWithProviderCA(string_url);
+ responseString = downloadWithProviderCA(provider.getCaCert(), stringUrl);
}
} catch (JSONException e) {
e.printStackTrace();
@@ -304,7 +258,7 @@ public class ProviderApiManager extends ProviderApiManagerBase {
String responseString;
JSONObject errorJson = new JSONObject();
String baseUrl = getApiUrl(providerDefinition);
- OkHttpClient okHttpClient = clientGenerator.initSelfSignedCAHttpClient(errorJson, caCert);
+ OkHttpClient okHttpClient = clientGenerator.initSelfSignedCAHttpClient(caCert, errorJson);
if (okHttpClient == null) {
return errorJson.toString();
}
@@ -324,11 +278,11 @@ public class ProviderApiManager extends ProviderApiManagerBase {
* @param urlString as a string
* @return an empty string if it fails, the url content if not.
*/
- private String downloadWithProviderCA(String urlString) {
+ private String downloadWithProviderCA(String caCert, String urlString) {
JSONObject initError = new JSONObject();
String responseString;
- OkHttpClient okHttpClient = clientGenerator.initSelfSignedCAHttpClient(initError);
+ OkHttpClient okHttpClient = clientGenerator.initSelfSignedCAHttpClient(caCert, initError);
if (okHttpClient == null) {
return initError.toString();
}
diff --git a/app/src/production/java/se/leap/bitmaskclient/ProviderListActivity.java b/app/src/production/java/se/leap/bitmaskclient/ProviderListActivity.java
index 8403b046..725ede3e 100644
--- a/app/src/production/java/se/leap/bitmaskclient/ProviderListActivity.java
+++ b/app/src/production/java/se/leap/bitmaskclient/ProviderListActivity.java
@@ -16,12 +16,13 @@
*/
package se.leap.bitmaskclient;
-import android.content.Intent;
-import android.os.Bundle;
+import android.support.annotation.NonNull;
import java.net.MalformedURLException;
import java.net.URL;
+import static se.leap.bitmaskclient.ProviderAPI.SET_UP_PROVIDER;
+
/**
* Activity that builds and shows the list of known available providers.
* <p/>
@@ -61,42 +62,12 @@ public class ProviderListActivity extends ProviderListBaseActivity {
*/
public void setUpProvider() {
mConfigState.setAction(SETTING_UP_PROVIDER);
- Intent providerApiCommand = new Intent(this, ProviderAPI.class);
- Bundle parameters = new Bundle();
- parameters.putString(Provider.MAIN_URL, provider.getMainUrl().toString());
- if (provider.hasCertificatePin()){
- parameters.putString(Provider.CA_CERT_FINGERPRINT, provider.certificatePin());
- }
- if (provider.hasCaCert()) {
- parameters.putString(Provider.CA_CERT, provider.getCaCert());
- }
- if (provider.hasDefinition()) {
- parameters.putString(Provider.KEY, provider.getDefinition().toString());
- }
-
- providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
- providerApiCommand.putExtra(ProviderAPI.PARAMETERS, parameters);
-
- startService(providerApiCommand);
+ ProviderAPICommand.execute(this, SET_UP_PROVIDER, provider);
}
@Override
- public void retrySetUpProvider() {
- cancelSettingUpProvider();
- if (!ProviderAPI.caCertDownloaded()) {
- addAndSelectNewProvider(ProviderAPI.lastProviderMainUrl());
- } else {
- showProgressBar();
-
- Intent providerApiCommand = new Intent(this, ProviderAPI.class);
- providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER);
- providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, providerAPIResultReceiver);
- Bundle parameters = new Bundle();
- parameters.putString(Provider.MAIN_URL, provider.getMainUrl().toString());
- providerApiCommand.putExtra(ProviderAPI.PARAMETERS, parameters);
-
- startService(providerApiCommand);
- }
+ public void retrySetUpProvider(@NonNull Provider provider) {
+ ProviderAPICommand.execute(this, SET_UP_PROVIDER, provider);
}
}