summaryrefslogtreecommitdiff
path: root/src/se/leap/bitmaskclient
diff options
context:
space:
mode:
Diffstat (limited to 'src/se/leap/bitmaskclient')
-rw-r--r--src/se/leap/bitmaskclient/ConfigurationWizard.java21
-rw-r--r--src/se/leap/bitmaskclient/Dashboard.java5
-rw-r--r--src/se/leap/bitmaskclient/Provider.java2
-rw-r--r--src/se/leap/bitmaskclient/ProviderAPI.java95
-rw-r--r--src/se/leap/bitmaskclient/ProviderListContent.java14
5 files changed, 107 insertions, 30 deletions
diff --git a/src/se/leap/bitmaskclient/ConfigurationWizard.java b/src/se/leap/bitmaskclient/ConfigurationWizard.java
index faff4455..2c6c52c3 100644
--- a/src/se/leap/bitmaskclient/ConfigurationWizard.java
+++ b/src/se/leap/bitmaskclient/ConfigurationWizard.java
@@ -162,7 +162,20 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
mProgressBar.incrementProgressBy(1);
}
- downloadJSONFiles(provider_json, danger_on);
+
+ if (ConfigHelper.getBoolFromSharedPref(EIP.ALLOWED_ANON)){
+ mConfigState.putExtra(SERVICES_RETRIEVED, true);
+ downloadAnonCert();
+ } else {
+ mProgressBar.incrementProgressBy(1);
+ mProgressBar.setVisibility(ProgressBar.GONE);
+ progressbar_description.setVisibility(TextView.GONE);
+ //refreshProviderList(0);
+ //Toast.makeText(getApplicationContext(), R.string.success, Toast.LENGTH_LONG).show();
+ setResult(RESULT_OK);
+ showProviderDetails(getCurrentFocus());
+ }
+ //downloadJSONFiles(provider_json, danger_on);
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -234,7 +247,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
int provider_index = getProviderIndex(id);
startProgressBar(provider_index);
mSelectedProvider = selected_provider;
- updateProviderDotJson(mSelectedProvider.providerMainUrl(), mSelectedProvider.completelyTrusted());
+ updateProviderDotJson(mSelectedProvider.providerMainUrl(), true);
}
@Override
@@ -329,7 +342,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
boolean custom = false;
provider_name = url_filepath.subSequence(0, url_filepath.indexOf(".")).toString();
if(ProviderListContent.ITEMS.isEmpty()) //TODO I have to implement a way of checking if a provider new or is already present in that ITEMS list
- ProviderListContent.addItem(new ProviderItem(provider_name, asset_manager.open(url_files_folder + "/" + url_filepath), custom, false));
+ ProviderListContent.addItem(new ProviderItem(provider_name, asset_manager.open(url_files_folder + "/" + url_filepath)));
loaded_preseeded_providers = true;
}
} catch (IOException e) {
@@ -443,7 +456,7 @@ implements ProviderListFragment.Callbacks, NewProviderDialog.NewProviderDialogIn
private void showProvider(final String provider_main_url, final boolean danger_on) {
String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");
- final ProviderItem added_provider = new ProviderItem(provider_name, provider_main_url, danger_on);
+ final ProviderItem added_provider = new ProviderItem(provider_name, provider_main_url);
//ProviderListContent.addItem(added_provider);
provider_list_fragment.addItem(added_provider);
diff --git a/src/se/leap/bitmaskclient/Dashboard.java b/src/se/leap/bitmaskclient/Dashboard.java
index 103310bb..fa91f9d2 100644
--- a/src/se/leap/bitmaskclient/Dashboard.java
+++ b/src/se/leap/bitmaskclient/Dashboard.java
@@ -116,8 +116,8 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data){
if ( requestCode == CONFIGURE_LEAP ) {
- if ( resultCode == RESULT_OK ){
- ConfigHelper.saveSharedPref(EIP.AUTHED_EIP, authed_eip);
+ if ( resultCode == RESULT_OK){
+ ConfigHelper.saveSharedPref(EIP.AUTHED, authed_eip);
startService( new Intent(EIP.ACTION_UPDATE_EIP_SERVICE) );
buildDashboard();
if(data != null && data.hasExtra(LogInDialog.VERB)) {
@@ -228,6 +228,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
startActivity(intent);
return true;
case R.id.switch_provider:
+ ConfigHelper.removeFromSharedPref(Provider.KEY);
startActivityForResult(new Intent(this,ConfigurationWizard.class), SWITCH_PROVIDER);
return true;
case R.id.login_button:
diff --git a/src/se/leap/bitmaskclient/Provider.java b/src/se/leap/bitmaskclient/Provider.java
index e462829f..3c029702 100644
--- a/src/se/leap/bitmaskclient/Provider.java
+++ b/src/se/leap/bitmaskclient/Provider.java
@@ -99,7 +99,7 @@ public final class Provider implements Serializable {
preferences = activity.getSharedPreferences(Dashboard.SHARED_PREFERENCES,Context.MODE_PRIVATE);
// Inflate our provider.json data
try {
- definition = new JSONObject( preferences.getString("provider", "") );
+ definition = new JSONObject( preferences.getString(Provider.KEY, "") );
} catch (JSONException e) {
// TODO: handle exception
diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java
index ddf1b9f8..75b8c28d 100644
--- a/src/se/leap/bitmaskclient/ProviderAPI.java
+++ b/src/se/leap/bitmaskclient/ProviderAPI.java
@@ -36,6 +36,7 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
@@ -68,7 +69,6 @@ import android.os.Handler;
import android.os.ResultReceiver;
import android.util.Base64;
import android.util.Log;
-import android.widget.ProgressBar;
import android.widget.Toast;
/**
@@ -99,7 +99,8 @@ public class ProviderAPI extends IntentService {
SESSION_ID_KEY = "session_id",
ERRORS = "errors",
UPDATE_ACTION = "update_action",
- UPDATE_DATA = "update data"
+ UPDATE_DATA = "update data",
+ TAG = "provider_api_tag"
;
final public static int
@@ -486,9 +487,13 @@ public class ProviderAPI extends IntentService {
Bundle result = new Bundle();
boolean danger_on = task.getBoolean(ProviderItem.DANGER_ON);
String provider_main_url = task.getString(Provider.MAIN_URL);
- String provider_name = provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("\\/", "_");
- String provider_json_url = provider_main_url + "/provider.json";
-
+ if(downloadCACert(provider_main_url, danger_on)) {
+ result.putBoolean(RESULT_KEY, true);
+ if(getAndSetProviderJson(provider_main_url))
+ if(getAndSetEipServiceJson())
+ ;
+ }
+ /*
try {
String provider_dot_json_string = downloadWithCommercialCA(provider_json_url, danger_on);
if(provider_dot_json_string.isEmpty()) {
@@ -511,10 +516,72 @@ public class ProviderAPI extends IntentService {
result.putBoolean(RESULT_KEY, false);
result.putString(ERRORS, "Corrupt download");
}
+ */
+ return result;
+ }
+
+ private boolean downloadCACert(String provider_main_url, boolean danger_on) {
+ String cert_string = downloadWithCommercialCA(provider_main_url + "/ca.crt", danger_on);
+ if(validCertificate(cert_string))
+ ConfigHelper.saveSharedPref(Provider.CA_CERT, "-----BEGIN CERTIFICATE-----\n"+cert_string+"-----END CERTIFICATE-----");
+ else
+ return false;
+ return true;
+ }
+
+ private boolean validCertificate(String cert_string) {
+ boolean result = false;
+ if(!cert_string.isEmpty()) {
+ X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string);
+ try {
+ Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
+ result = true;
+ } catch (CertificateEncodingException e) {
+ Log.d(TAG, e.getLocalizedMessage());
+ }
+ }
+
+ return result;
+ }
+
+ private boolean getAndSetProviderJson(String provider_main_url) {
+ boolean result = false;
+
+ String provider_dot_json_string = downloadWithProviderCA(provider_main_url + "/provider.json", true);
+
+ try {
+ JSONObject provider_json = new JSONObject(provider_dot_json_string);
+ String name = provider_json.getString(Provider.NAME);
+ //TODO setProviderName(name);
+
+ ConfigHelper.saveSharedPref(Provider.KEY, provider_json);
+ ConfigHelper.saveSharedPref(EIP.ALLOWED_ANON, provider_json.getJSONObject(Provider.SERVICE).getBoolean(EIP.ALLOWED_ANON));
+ ProviderItem added_provider = new ProviderItem(name, provider_main_url);
+
+ result = true;
+ } catch (JSONException e) {
+ }
return result;
}
+
+ private boolean getAndSetEipServiceJson() {
+ boolean result = false;
+
+ try {
+ JSONObject provider_json = ConfigHelper.getJsonFromSharedPref(Provider.KEY);
+ String eip_service_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH;
+ String eip_service_json_string = downloadWithProviderCA(eip_service_url, true);
+ JSONObject eip_service_json = new JSONObject(eip_service_json_string);
+ eip_service_json.getInt(Provider.API_RETURN_SERIAL);
+
+ ConfigHelper.saveSharedPref(EIP.KEY, eip_service_json);
+ result = true;
+ } catch (JSONException e) {
+ }
+ return result;
+ }
/**
* Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider.
*
@@ -540,13 +607,13 @@ public class ProviderAPI extends IntentService {
json_file_content = formatErrorMessage(R.string.server_is_down_message);
} catch (IOException e) {
if(provider_url != null) {
- json_file_content = downloadWithProviderCA(provider_url, danger_on);
+ json_file_content = downloadWithProviderCA(string_url, danger_on);
} else {
json_file_content = formatErrorMessage(R.string.certificate_error);
}
} catch (Exception e) {
if(provider_url != null && danger_on) {
- json_file_content = downloadWithProviderCA(provider_url, danger_on);
+ json_file_content = downloadWithProviderCA(string_url, danger_on);
}
}
@@ -554,15 +621,16 @@ public class ProviderAPI extends IntentService {
}
/**
- * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider.
- * @param url
+ * Tries to download the contents of the provided url using not commercially validated CA certificate from chosen provider.
+ * @param url as a string
* @param danger_on true to download CA certificate in case it has not been downloaded.
* @return an empty string if it fails, the url content if not.
*/
- private String downloadWithProviderCA(URL url, boolean danger_on) {
+ private String downloadWithProviderCA(String url_string, boolean danger_on) {
String json_file_content = "";
try {
+ URL url = new URL(url_string);
// Tell the URLConnection to use a SocketFactory from our SSLContext
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
@@ -576,7 +644,7 @@ public class ProviderAPI extends IntentService {
} catch (IOException e) {
// The downloaded certificate doesn't validate our https connection.
if(danger_on) {
- json_file_content = downloadWithoutCA(url);
+ json_file_content = downloadWithoutCA(url_string);
} else {
json_file_content = formatErrorMessage(R.string.certificate_error);
}
@@ -619,7 +687,7 @@ public class ProviderAPI extends IntentService {
/**
* Downloads the string that's in the url with any certificate.
*/
- private String downloadWithoutCA(URL url) {
+ private String downloadWithoutCA(String url_string) {
String string = "";
try {
@@ -647,6 +715,7 @@ public class ProviderAPI extends IntentService {
SSLContext context = SSLContext.getInstance("TLS");
context.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom());
+ URL url = new URL(url_string);
HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
urlConnection.setHostnameVerifier(hostnameVerifier);
@@ -738,7 +807,7 @@ public class ProviderAPI extends IntentService {
String new_cert_string_url = provider_main_url.toString() + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE;
boolean danger_on = ConfigHelper.getBoolFromSharedPref(ProviderItem.DANGER_ON);
- String cert_string = downloadWithCommercialCA(new_cert_string_url, danger_on);
+ String cert_string = downloadWithProviderCA(new_cert_string_url, true);
if(!cert_string.isEmpty()) {
if(ConfigHelper.checkErroneousDownload(cert_string)) {
String reason_to_fail = provider_json.getString(ERRORS);
diff --git a/src/se/leap/bitmaskclient/ProviderListContent.java b/src/se/leap/bitmaskclient/ProviderListContent.java
index af61dbd6..b13c5db4 100644
--- a/src/se/leap/bitmaskclient/ProviderListContent.java
+++ b/src/se/leap/bitmaskclient/ProviderListContent.java
@@ -62,8 +62,7 @@ public class ProviderListContent {
final public static String CUSTOM = "custom";
final public static String DANGER_ON = "danger_on";
private String provider_main_url;
- private String name;
- private boolean danger_on = false;
+ private String name;
/**
* @param name of the provider
@@ -71,7 +70,7 @@ public class ProviderListContent {
* @param custom if it's a new provider entered by the user or not
* @param danger_on if the user trusts completely the new provider
*/
- public ProviderItem(String name, InputStream urls_file_input_stream, boolean custom, boolean danger_on) {
+ public ProviderItem(String name, InputStream urls_file_input_stream) {
try {
byte[] urls_file_bytes = new byte[urls_file_input_stream.available()];
@@ -80,7 +79,6 @@ public class ProviderListContent {
JSONObject file_contents = new JSONObject(urls_file_content);
provider_main_url = file_contents.getString(Provider.MAIN_URL);
this.name = name;
- this.danger_on = danger_on;
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -95,12 +93,10 @@ public class ProviderListContent {
* @param provider_main_url used to download provider.json file of the provider
* @param provider_json already downloaded
* @param custom if it's a new provider entered by the user or not
- * @param danger_on if the user trusts completely the new provider
*/
- public ProviderItem(String name, String provider_main_url, boolean danger_on) {
+ public ProviderItem(String name, String provider_main_url) {
this.name = name;
- this.provider_main_url = provider_main_url;
- this.danger_on = danger_on;
+ this.provider_main_url = provider_main_url;
}
public String name() { return name; }
@@ -114,7 +110,5 @@ public class ProviderListContent {
return provider_main_url.replaceFirst("http[s]?://", "").replaceFirst("/.*", "");
}
}
-
- public boolean completelyTrusted() { return danger_on; }
}
}