summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-04-29Coded dialog (now there is a button in the Dashboard), time to test.Parménides GV
I need to implement bypass for dev.bitmask.net, because bitmask.net is down.
2013-04-29Coded logout method, and tested.Parménides GV
2013-04-29This commit contains:Parménides GV
- SRP algorithm improved (validate method uses trim, and some other trims have been added). - Refactored calculatePasswordHash, so that it receives a String instead of a char array, and now it is capable of escaping "\" correctly. - A 1000*2 successful logins, with a new test that performs 1000 trials for 2 different username/password/server trios. Next step: think about how the user is going to trigger the log in fragment.
2013-04-29Made SRP working with ProviderAPI methods more frequently than not in ↵Parménides GV
localhost, but I cannot succeed in api.bitmask.net with my personal account. Next step: add tests from api.bitmask.net.
2013-04-16Added libraries from JBoss.Parménides GV
2013-04-16Merge branch 'feature/wizard' into developParménides GV
2013-04-16Fixed bug #2225 (https://leap.se/code/issues/2225)Parménides GV
2013-04-15Fixed bug 2231.Parménides GV
New provider dialog works OK.
2013-04-15Fixed bug #2224.Parménides GV
The problem was in the keystore, which did not contain the certificate used in https://bitmask.net/ca.cert. For the future, we should be able to easily manage this kind of certificate upgrade/renewal without having to search again (http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html) for the keytool command to import a certificate. Script?
2013-04-15Added one "else if" that I missed during merge.Parménides GV
Next step: understand why ca.cert from bitmask is not being downloaded correctly.
2013-04-15Merge branch 'wizard' into feature/wizardParménides GV
Conflicts: src/se/leap/leapclient/ConfigHelper.java src/se/leap/leapclient/ConfigurationWizard.java src/se/leap/leapclient/ProviderAPI.java
2013-04-11Made LeapSRPSession more beautiful, put javadoc and commented lines ofParménides GV
strings used to check everything's fine manually.
2013-04-10Some more trims added. It passes a lot of tests from the test projectParménides GV
(not included here, still to decide if push it publicly). Next steps: make code beautiful, Android GUI SRP and real communication server, and add even more tests (in my spare time, just to check with more users).
2013-04-10LeapSRPSession response() method is working for the three differentParménides GV
tests I've written for it. Next step: verify()
2013-04-09Response should be correct, as far as different calculationsParménides GV
individually are. But in reality it's not. Tried to fix final hash putting a trim in every byte array, but it did not work. Next step: check the final hash, looking for padding issues.
2013-04-08Done constructor of LeapSRPSession: it's OK.Parménides GV
Next step: fix response() calculations.
2013-04-08Xor method fixed. I use BigInteger Java one.Parménides GV
Next step: understand why SHA-256 digest from NG_1024 is not equals to the one leap_web is calculating.
2013-04-03Added new files to gitignore.Parménides GV
2013-04-03Fixed bug #2146 => A calculation is now fine. Next step: fix M1Parménides GV
calculation, since right now (using tests) response() method is not doing OK. Added new SRPSession modifying response() method from JBoss SRP implementation. Added hosts-for-android-emulator. Use with the following commands to be able to test on api.lvh.me: adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system adb push ~/workspace/leap_android/hosts-for-android-emulator /system/etc/hosts
2013-03-30Trial for srpforjava: it does not work since it implements SRP-6, andParménides GV
not SRP-6a. That means, for example, that M1 is calculated differently from what we need.
2013-03-29Tried to implement SRP with JBoss: discarded because it needs RMI to getParménides GV
the salt, and because of our messageflow I cannot obtain it before starting Authentication. That's why on line 132 from ProviderAPI I tried to get a new SRPClientSession using the newly obtained salt, but of course it fails since A cannot be restored from previous initialization. Next step: try with srpforjava. Next next step: if srpforjava does not work for us, use lower level methods to implement our own http srp flow.
2013-03-20Ready to use with Android JellyBean (api 16)Parménides GV
2013-03-19The new certificate added by ConfigHelper.addTrustedCertificate did notParménides GV
used the provider alias, but a predefined (I forgot removing quotes from argument) string.
2013-03-19Included libs folder with bouncycastle inside it.Parménides GV
2013-03-19Trying to find a jar from JBoss to use their SRP implementation. ImportsParménides GV
errors because of classes not yet found.
2013-03-18Loads bks file from assets.Parménides GV
2013-03-18Refactored ProviderAPI code.Parménides GV
ConfigurationWizard works without problem for both new and preseeded providers. I've added flow control for the activity to finish when all files have been downloaded, managing errors with setResult(RESULT_CANCELED).
2013-03-18If ca.crt from new provider is not trusted, we can download it withoutParménides GV
problems assuming user wanted to trust it since s/he entered by him/herself the URL. Next step: refactor a bit, to make code more beautiful.
2013-03-14After downloading provider.json successfully, ConfigurationWizard nowParménides GV
can download eip-service.json and ca.crt without having the latter as a predefined trusted certificate. It does not ask anything about trusting the new certificate as far as selecting a custom provider means that the user trusts that url. Next step: make provider.json also downloadable from https address using ca.cert not trusted.
2013-03-13ConfigurationWizard sets provider.json correctly for Dashboard once aParménides GV
custom provider is selected. Tested using https://bitmask.net as url for custom provider.
2013-03-12Error using CryptoUtil.calculatePasswordHash.Parménides GV
Going to hit some bugs before continuing with this work.
2013-03-12Gonna try jboss srp implementation, because if I implement myself one weParménides GV
will have to audit it.
2013-03-07Changed POST by PUT in the sendM1 method. Parménides GV
Cleaned some code, pending the M2 one (testing with M1).
2013-03-05Registering method from ProviderAPI implemented and tested.Parménides GV
M1 is not OK, because errors (with null description, awkward) are received from posting M1 to the server instead of M2. Next step: purge user database from leap_webapp and start testing again.
2013-02-28Now, ProviderAPI sends result to ConfigurationWizard.Parménides GV
Refactored downloadJsonFiles in ProviderAPI, new method from block in the intent identification.
2013-02-27Added bouncycastle lib with libs folder.Parménides GV
2013-02-26Resolved issue:Parménides GV
Change bitmask eip-service.json url from api/1 to api:4430 (Support #1759)
2013-02-25Finished first implementation of SRP.Parménides GV
Next step: get cookies understood, how do I get server's sent parameters?
2013-02-21Started SRP authentication. Using NG_1024 with g = 2, and SHA256 digest.Parménides GV
Next steps: Implement async communication with the server to receive salt, send A and receive B.
2013-02-21Removed docs from Wizard branchParménides GV
2013-02-14Completed first draft diagrams at doc/diagrams.xmi. Added templates for SRS ↵Parménides GV
and USR documents -> Next week I'll work on them
2013-02-13Doc folder created and first draft of use case diagram and componentsParménides GV
diagram. Use case diagram is complete about future releases (all services, email, chat...). Components diagram should be discussed, I feel far from final solution.
2013-02-13Solves Issue #1757.Parménides GV
The problem was that ProviderItem.custom was not being set by the constructor, and when using this variable from ConfigurationWizard to get providers.json from http or from assets file.
2013-02-12New custom provider dialog effectively adds the new provider to theparmegv
ProviderListFragment, and then the user can choose it.
2013-02-11Gets provider.json from custom url (assuming the file is at the root ofParménides GV
the website, just as bitmask.net/provider.json), and writes it to a file in ~/leap_android. Next steps: parse that file and download eip-service and cert.
2013-02-11The newProviderButton gets user to the DialogFragment correctly.Parménides GV
The problem in the previous commit was that I had to modify the fragment layout, instead of that of the Activity. I learnt how to obtain and modify it from here: https://developer.android.com/reference/android/app/ListFragment.html
2013-02-07Button not working from ConfigurationWizard.Parménides GV
Trying to test cancel button from created new dialog.
2013-02-07Change in Dashboard to startActivityForResult() ConfigurationWizardSean Leonard
2013-02-07Rearrange singleton Provider.class pattern, Fix isolated SharedPreferences silosSean Leonard
2013-02-07Refactor ProviderListActivity.class into ConfigurationWizard.class,Sean Leonard
Moves towards our wizard flow; Addresses #1497 #1500