diff options
Diffstat (limited to 'app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java')
| -rw-r--r-- | app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java | 297 |
1 files changed, 119 insertions, 178 deletions
diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index 3c8ec607..f1cb84d6 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -17,59 +17,23 @@ package se.leap.bitmaskclient; import android.app.IntentService; -import android.content.Intent; -import android.content.SharedPreferences; -import android.os.Bundle; -import android.os.ResultReceiver; -import android.util.Base64; -import android.util.Log; -import java.io.DataOutputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; +import android.content.*; +import android.os.*; +import android.util.*; +import java.io.*; import java.math.BigInteger; -import java.net.ConnectException; -import java.net.CookieHandler; -import java.net.CookieManager; -import java.net.CookiePolicy; -import java.net.MalformedURLException; -import java.net.SocketTimeoutException; -import java.net.URISyntaxException; -import java.net.URL; -import java.net.URLConnection; -import java.net.URLEncoder; -import java.net.UnknownHostException; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; +import java.net.*; +import java.security.*; +import java.security.cert.*; import java.security.interfaces.RSAPrivateKey; -import java.util.Calendar; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Map; -import java.util.NoSuchElementException; -import java.util.Scanner; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLHandshakeException; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; +import java.util.*; +import javax.net.ssl.*; import org.apache.http.client.ClientProtocolException; -import org.json.JSONException; -import org.json.JSONObject; -import se.leap.bitmaskclient.R; +import org.json.*; +import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.SessionDialog; +import se.leap.bitmaskclient.eip.*; /** * Implements HTTP api methods used to manage communications with the provider server. @@ -92,28 +56,23 @@ public class ProviderAPI extends IntentService { PARAMETERS = "parameters", RESULT_KEY = "result", RECEIVER_KEY = "receiver", - SESSION_ID_COOKIE_KEY = "session_id_cookie_key", - SESSION_ID_KEY = "session_id", ERRORS = "errors", UPDATE_PROGRESSBAR = "update_progressbar", CURRENT_PROGRESS = "current_progress", - TAG = "provider_api_tag" + TAG = ProviderAPI.class.getSimpleName() ; final public static int - CUSTOM_PROVIDER_ADDED = 0, - SRP_AUTHENTICATION_SUCCESSFUL = 3, - SRP_AUTHENTICATION_FAILED = 4, - SRP_REGISTRATION_SUCCESSFUL = 5, - SRP_REGISTRATION_FAILED = 6, - LOGOUT_SUCCESSFUL = 7, + SUCCESSFUL_LOGIN = 3, + FAILED_LOGIN = 4, + SUCCESSFUL_SIGNUP = 5, + FAILED_SIGNUP = 6, + SUCCESSFUL_LOGOUT = 7, LOGOUT_FAILED = 8, CORRECTLY_DOWNLOADED_CERTIFICATE = 9, INCORRECTLY_DOWNLOADED_CERTIFICATE = 10, PROVIDER_OK = 11, - PROVIDER_NOK = 12, - CORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 13, - INCORRECTLY_DOWNLOADED_ANON_CERTIFICATE = 14 + PROVIDER_NOK = 12 ; private static boolean @@ -125,6 +84,7 @@ public class ProviderAPI extends IntentService { private static String last_provider_main_url; private static boolean setting_up_provider = true; private static SharedPreferences preferences; + private static String provider_api_url; public static void stop() { setting_up_provider = false; @@ -138,6 +98,7 @@ public class ProviderAPI extends IntentService { @Override public void onCreate() { super.onCreate(); + preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE); CookieHandler.setDefault(new CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER)); } @@ -155,7 +116,16 @@ public class ProviderAPI extends IntentService { final ResultReceiver receiver = command.getParcelableExtra(RECEIVER_KEY); String action = command.getAction(); Bundle parameters = command.getBundleExtra(PARAMETERS); - setting_up_provider = true; + + if(provider_api_url == null && preferences.contains(Provider.KEY)) { + try { + JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, "")); + provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION); + setting_up_provider = true; + } catch (JSONException e) { + setting_up_provider = false; + } + } if(action.equalsIgnoreCase(SET_UP_PROVIDER)) { Bundle result = setUpProvider(parameters); @@ -169,20 +139,20 @@ public class ProviderAPI extends IntentService { } else if (action.equalsIgnoreCase(SRP_REGISTER)) { Bundle result = tryToRegister(parameters); if(result.getBoolean(RESULT_KEY)) { - receiver.send(SRP_REGISTRATION_SUCCESSFUL, result); + receiver.send(SUCCESSFUL_SIGNUP, result); } else { - receiver.send(SRP_REGISTRATION_FAILED, result); + receiver.send(FAILED_SIGNUP, result); } } else if (action.equalsIgnoreCase(SRP_AUTH)) { Bundle result = tryToAuthenticate(parameters); if(result.getBoolean(RESULT_KEY)) { - receiver.send(SRP_AUTHENTICATION_SUCCESSFUL, result); + receiver.send(SUCCESSFUL_LOGIN, result); } else { - receiver.send(SRP_AUTHENTICATION_FAILED, result); + receiver.send(FAILED_LOGIN, result); } } else if (action.equalsIgnoreCase(LOG_OUT)) { - if(logOut(parameters)) { - receiver.send(LOGOUT_SUCCESSFUL, Bundle.EMPTY); + if(logOut()) { + receiver.send(SUCCESSFUL_LOGOUT, Bundle.EMPTY); } else { receiver.send(LOGOUT_FAILED, Bundle.EMPTY); } @@ -199,40 +169,41 @@ public class ProviderAPI extends IntentService { Bundle session_id_bundle = new Bundle(); int progress = 0; - String username = (String) task.get(LogInDialog.USERNAME); - String password = (String) task.get(LogInDialog.PASSWORD); - String authentication_server = (String) task.get(Provider.API_URL); + String username = (String) task.get(SessionDialog.USERNAME); + String password = (String) task.get(SessionDialog.PASSWORD); + if(validUserLoginData(username, password)) { - session_id_bundle = register(username, password, authentication_server); + session_id_bundle = register(username, password); broadcast_progress(progress++); } else { if(!wellFormedPassword(password)) { session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(LogInDialog.USERNAME, username); - session_id_bundle.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true); + session_id_bundle.putString(SessionDialog.USERNAME, username); + session_id_bundle.putBoolean(SessionDialog.PASSWORD_INVALID_LENGTH, true); } if(username.isEmpty()) { session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putBoolean(LogInDialog.USERNAME_MISSING, true); + session_id_bundle.putBoolean(SessionDialog.USERNAME_MISSING, true); } } return session_id_bundle; } - private Bundle register(String username, String password, String server) { + private Bundle register(String username, String password) { LeapSRPSession client = new LeapSRPSession(username, password); byte[] salt = client.calculateNewSalt(); BigInteger password_verifier = client.calculateV(username, password, salt); - JSONObject api_result = sendNewUserDataToSRPServer(server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); + + JSONObject api_result = sendNewUserDataToSRPServer(provider_api_url, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); Bundle result = new Bundle(); if(api_result.has(ERRORS)) result = authFailedNotification(api_result, username); else { - result.putString(LogInDialog.USERNAME, username); - result.putString(LogInDialog.PASSWORD, password); + result.putString(SessionDialog.USERNAME, username); + result.putString(SessionDialog.PASSWORD, password); result.putBoolean(RESULT_KEY, true); } @@ -249,42 +220,39 @@ public class ProviderAPI extends IntentService { Bundle result = new Bundle(); int progress = 0; - String username = (String) task.get(LogInDialog.USERNAME); - String password = (String) task.get(LogInDialog.PASSWORD); + String username = (String) task.get(SessionDialog.USERNAME); + String password = (String) task.get(SessionDialog.PASSWORD); if(validUserLoginData(username, password)) { - - String server = (String) task.get(Provider.API_URL); - - authenticate(username, password, server); + result = authenticate(username, password); broadcast_progress(progress++); } else { if(!wellFormedPassword(password)) { result.putBoolean(RESULT_KEY, false); - result.putString(LogInDialog.USERNAME, username); - result.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true); + result.putString(SessionDialog.USERNAME, username); + result.putBoolean(SessionDialog.PASSWORD_INVALID_LENGTH, true); } if(username.isEmpty()) { result.putBoolean(RESULT_KEY, false); - result.putBoolean(LogInDialog.USERNAME_MISSING, true); + result.putBoolean(SessionDialog.USERNAME_MISSING, true); } } return result; } - private Bundle authenticate(String username, String password, String server) { + private Bundle authenticate(String username, String password) { Bundle result = new Bundle(); LeapSRPSession client = new LeapSRPSession(username, password); byte[] A = client.exponential(); - JSONObject step_result = sendAToSRPServer(server, username, new BigInteger(1, A).toString(16)); + JSONObject step_result = sendAToSRPServer(provider_api_url, username, new BigInteger(1, A).toString(16)); try { String salt = step_result.getString(LeapSRPSession.SALT); byte[] Bbytes = new BigInteger(step_result.getString("B"), 16).toByteArray(); byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes); if(M1 != null) { - step_result = sendM1ToSRPServer(server, username, M1); + step_result = sendM1ToSRPServer(provider_api_url, username, M1); setTokenIfAvailable(step_result); byte[] M2 = new BigInteger(step_result.getString(LeapSRPSession.M2), 16).toByteArray(); if(client.verify(M2)) { @@ -294,7 +262,7 @@ public class ProviderAPI extends IntentService { } } else { result.putBoolean(RESULT_KEY, false); - result.putString(LogInDialog.USERNAME, username); + result.putString(SessionDialog.USERNAME, username); result.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message)); } } catch (JSONException e) { @@ -325,7 +293,7 @@ public class ProviderAPI extends IntentService { } catch(JSONException e) {} if(!username.isEmpty()) - user_notification_bundle.putString(LogInDialog.USERNAME, username); + user_notification_bundle.putString(SessionDialog.USERNAME, username); user_notification_bundle.putBoolean(RESULT_KEY, false); return user_notification_bundle; @@ -394,7 +362,7 @@ public class ProviderAPI extends IntentService { * Sends an HTTP POST request to the api server to register a new user. * @param server_url * @param username - * @param salted_password + * @param salt * @param password_verifier * @return response from authentication server */ @@ -499,9 +467,6 @@ public class ProviderAPI extends IntentService { return result.toString(); } - - - /** * Downloads a provider.json from a given URL, adding a new provider using the given name. * @param task containing a boolean meaning if the provider is custom or not, another boolean meaning if the user completely trusts this provider, the provider name and its provider.json url. @@ -514,6 +479,7 @@ public class ProviderAPI extends IntentService { if(task != null && task.containsKey(Provider.MAIN_URL)) { last_provider_main_url = task.getString(Provider.MAIN_URL); CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false; + setting_up_provider = true; } if(!PROVIDER_JSON_DOWNLOADED) @@ -614,12 +580,13 @@ public class ProviderAPI extends IntentService { try { JSONObject provider_json = new JSONObject(provider_dot_json_string); + provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION); String name = provider_json.getString(Provider.NAME); //TODO setProviderName(name); preferences.edit().putString(Provider.KEY, provider_json.toString()).commit(); - preferences.edit().putBoolean(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON)).commit(); - preferences.edit().putBoolean(EIP.ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_REGISTERED)).commit(); + preferences.edit().putBoolean(Constants.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.ALLOWED_ANON)).commit(); + preferences.edit().putBoolean(Constants.ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.ALLOWED_REGISTERED)).commit(); result.putBoolean(RESULT_KEY, true); } catch (JSONException e) { @@ -632,12 +599,6 @@ public class ProviderAPI extends IntentService { return result; } - - - public static boolean providerJsonDownloaded() { - return PROVIDER_JSON_DOWNLOADED; - } - private Bundle getAndSetEipServiceJson() { Bundle result = new Bundle(); String eip_service_json_string = ""; @@ -649,7 +610,7 @@ public class ProviderAPI extends IntentService { JSONObject eip_service_json = new JSONObject(eip_service_json_string); eip_service_json.getInt(Provider.API_RETURN_SERIAL); - preferences.edit().putString(EIP.KEY, eip_service_json.toString()).commit(); + preferences.edit().putString(Constants.KEY, eip_service_json.toString()).commit(); result.putBoolean(RESULT_KEY, true); } catch (JSONException e) { @@ -660,10 +621,6 @@ public class ProviderAPI extends IntentService { } return result; } - - public static boolean eipServiceDownloaded() { - return EIP_SERVICE_JSON_DOWNLOADED; - } /** * Interprets the error message as a JSON object and extract the "errors" keyword pair. @@ -730,7 +687,7 @@ public class ProviderAPI extends IntentService { /** * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider. - * @param url as a string + * @param url_string as a string * @return an empty string if it fails, the url content if not. */ private String downloadWithProviderCA(String url_string) { @@ -749,6 +706,7 @@ public class ProviderAPI extends IntentService { // TODO Auto-generated catch block e.printStackTrace(); } catch (UnknownHostException e) { + e.printStackTrace(); json_file_content = formatErrorMessage(R.string.server_unreachable_message); } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. @@ -763,6 +721,7 @@ public class ProviderAPI extends IntentService { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchElementException e) { + e.printStackTrace(); json_file_content = formatErrorMessage(R.string.server_unreachable_message); } return json_file_content; @@ -847,12 +806,11 @@ public class ProviderAPI extends IntentService { /** * Logs out from the api url retrieved from the task. - * @param task containing api url from which the user will log out * @return true if there were no exceptions */ - private boolean logOut(Bundle task) { + private boolean logOut() { try { - String delete_url = task.getString(Provider.API_URL) + "/logout"; + String delete_url = provider_api_url + "/logout"; int progress = 0; HttpsURLConnection urlConnection = (HttpsURLConnection)new URL(delete_url).openConnection(); @@ -890,79 +848,62 @@ public class ProviderAPI extends IntentService { } return true; } - - private boolean updateVpnCertificate() { - getNewCert(); - - preferences.edit().putInt(EIP.PARSED_SERIAL, 0).commit(); - Intent updateEIP = new Intent(getApplicationContext(), EIP.class); - updateEIP.setAction(EIP.ACTION_UPDATE_EIP_SERVICE); - startService(updateEIP); - - return true; - } /** * Downloads a new OpenVPN certificate, attaching authenticated cookie for authenticated certificate. * * @return true if certificate was downloaded correctly, false if provider.json is not present in SharedPreferences, or if the certificate url could not be parsed as a URI, or if there was an SSL error. */ - private boolean getNewCert() { - - try { - JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, "")); + private boolean updateVpnCertificate() { + try { + JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, "")); - String provider_main_url = provider_json.getString(Provider.API_URL); - URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE); + String provider_main_url = provider_json.getString(Provider.API_URL); + URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + Constants.CERTIFICATE); - String cert_string = downloadWithProviderCA(new_cert_string_url.toString()); + String cert_string = downloadWithProviderCA(new_cert_string_url.toString()); - if(!cert_string.isEmpty()) { - if(ConfigHelper.checkErroneousDownload(cert_string)) { - String reason_to_fail = provider_json.getString(ERRORS); - //result.putString(ConfigHelper.ERRORS_KEY, reason_to_fail); - //result.putBoolean(ConfigHelper.RESULT_KEY, false); - return false; - } else { - - // API returns concatenated cert & key. Split them for OpenVPN options - String certificateString = null, keyString = null; - String[] certAndKey = cert_string.split("(?<=-\n)"); - for (int i=0; i < certAndKey.length-1; i++){ - if ( certAndKey[i].contains("KEY") ) { - keyString = certAndKey[i++] + certAndKey[i]; - } - else if ( certAndKey[i].contains("CERTIFICATE") ) { - certificateString = certAndKey[i++] + certAndKey[i]; - } - } - try { - RSAPrivateKey keyCert = ConfigHelper.parseRsaKeyFromString(keyString); - keyString = Base64.encodeToString( keyCert.getEncoded(), Base64.DEFAULT ); - preferences.edit().putString(EIP.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----").commit(); - - X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(certificateString); - certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); - preferences.edit().putString(EIP.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit(); - preferences.edit().putString(EIP.DATE_FROM_CERTIFICATE, EIP.certificate_date_format.format(Calendar.getInstance().getTime())).commit(); - return true; - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return false; - } - } - } else { - return false; - } - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return false; - } catch (JSONException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - return false; + if(cert_string.isEmpty() || ConfigHelper.checkErroneousDownload(cert_string)) + return false; + else + return loadCertificate(cert_string); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return false; + } catch (JSONException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return false; + } + } + + private boolean loadCertificate(String cert_string) { + try { + // API returns concatenated cert & key. Split them for OpenVPN options + String certificateString = null, keyString = null; + String[] certAndKey = cert_string.split("(?<=-\n)"); + for (int i=0; i < certAndKey.length-1; i++){ + if ( certAndKey[i].contains("KEY") ) { + keyString = certAndKey[i++] + certAndKey[i]; } + else if ( certAndKey[i].contains("CERTIFICATE") ) { + certificateString = certAndKey[i++] + certAndKey[i]; + } + } + + RSAPrivateKey key = ConfigHelper.parseRsaKeyFromString(keyString); + keyString = Base64.encodeToString(key.getEncoded(), Base64.DEFAULT); + preferences.edit().putString(Constants.PRIVATE_KEY, "-----BEGIN RSA PRIVATE KEY-----\n"+keyString+"-----END RSA PRIVATE KEY-----").commit(); + + X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(certificateString); + certificateString = Base64.encodeToString(certificate.getEncoded(), Base64.DEFAULT); + preferences.edit().putString(Constants.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit(); + return true; + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + return false; } + } } |