summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-06-04Fixed SRP strange characters bugs.Parménides GV
The problem was the encoding of the bytes when calculating the password hash. I supposed that it was UTF-8 (I already saw that encoding in the html code from leap_web), but not, it was ISO-8859-1 (trial/error).
2013-06-04Fix bug #2717.Parménides GV
"https://" is automatically appended.
2013-06-04Fixed 2 important bugs.Parménides GV
LeapSRPSession was doing bad SRP calculations when salt byte array started with a 0. Now I trimmed that array before using it. ProviderAPI was not timing out when a server didn't respond. Now, I use a timeout of 1 second to stop waiting for a response.
2013-05-29Fixed passwords with strange characters?Parménides GV
Using two test with values from my localhost leap_web deployment, I've achieved to login with passwords containing ! and $ without problems. This should fix bug #2348.
2013-05-29Updated the name of the project in build.xmlParménides GV
2013-05-29Setting the name and the target in compile.shParménides GV
Name is mandatory, if not provided android chooses "MainActivity" and adb install command fails because "LEAP Android-debug.apk" does not exist. Target is not mandatory, but for future references (if anybody wants to change the target, they can do it easier) I've added that flag to the command.
2013-05-29Merge branch 'ant_build' of github.com:parmegv/leap_android into ant_buildParménides GV
2013-05-29README now suggest to use scripts.Parménides GV
I've entered a new script: compile.sh I've also simlinked README.txt to README. In the future, if we want to write another file in another format (MarkDown?), we will only have to change the target of the README file.
2013-05-29README now suggest to use scripts.Parménides GV
I've also simlinked README.txt to README. In the future, if we want to write another file in another format (MarkDown?), we will only have to change the target of the README file.
2013-05-28Starting basic adt vim plugin.Parménides GV
If I execute AndroidRun, run.sh is not called but echoes are printed.
2013-05-28Added new file: run.shParménides GV
It just runs the emulator, installs leap_android and runs it. No debugger session is returned.
2013-05-28debug.sh works without initial big sleep.Parménides GV
I've found the way to detect if the emulator has finished booting, so that I can install and start leap_android without problems. I've moved the last sleep before the pid calculation, because sometimes it wasn't calculated well (I think because I asked for it too soon).
2013-05-27First version of the README and ant build.xmlRafael Gálvez Vizcaíno
This is the first commit of this branch. It contains the README file with instructions for different user targets (Compiling, Running on the emulator and Debugging from console), and the ant build.xml file. debug.sh is an experimental script, because it uses "sleep" to synchronize between Emulator and adb install and run. If you want to use it, please look for that "sleep" lines and update their numbers according to your experience.
2013-05-14Anon certificate is downloaded if possible.Parménides GV
I download the anon certificate only if allow_anonymous is true, and before launching Dashboard. I store it in SharedPreferences, with "cert" key, as a JSON object.
2013-05-13A bit more clean.Parménides GV
I've upper cased ConfigHelper constants. I've created a new method in ConfigHelper, to send requests to a server, that it's used when sending A and M1.
2013-05-09Log in and Log out options are shown only if allow registration is true.Parménides GV
Allow registration is present in provider.json. Provider.json is downloaded from both preseeded and custom providers. Authentication success or fail is notified correctly to the user.
2013-05-08After loggin in successfully, the new client certificate is downloaded.Parménides GV
It is stored in SharedPrefs, with ConfigHelper.cert_key (="cert") key.
2013-05-07Ready to create a new branch for the download of the new user auth'edParménides GV
certificate. Next step in this branch: detect what the selected provider support in terms of authenticated/anon users, and show login/logout methods consecuently.
2013-05-01Logging in successfully to dev.bitmask.net :)Parménides GV
The problem was that I needed to append the api_version to the api_uri. I was doing well in tests because I hardcoded the api urls, but in production code I was getting from provider.json only api_url and not api_version.
2013-05-01If the app is restarted with a custom provider selected, the client canParménides GV
request a log in without certificates problems. I've removed the addition of the certificate when downloaded eip-service.json, because I already do that in LeapHttpClient. Solves issue 2367: https://leap.se/code/issues/2367
2013-04-29Changed the message shown when checking if the password is valid or not.Parménides GV
Refactored LeapSRPSession so that there is no need to send A twice.
2013-04-29"Trust completely" checkbox saves that trust for the new providerParménides GV
entered, so that if in the future the client tries to log in or whatever, it can use the certificate downloaded when added. Log in dialog works ok, showing a toast when authentication fails (by this time, I have not managed to get a correct login due to dev.bitmask.net problems). dev.bitmask.net works perfectly, via adding it as a new provider (MeanderingCode, this is for you ;) ). All GET requests are done by default Android URL class, which means that certificates trusted by Android are also trusted by us. If there are problems when logging in due to certificates, the app is able to use only the certificate associated to the provider in the moment it was selected as the chosen provider.
2013-04-29Added danger mode: we can bypass dev.bitmask.net hostname io exception.Parménides GV
2013-04-29Coded dialog (now there is a button in the Dashboard), time to test.Parménides GV
I need to implement bypass for dev.bitmask.net, because bitmask.net is down.
2013-04-29Coded logout method, and tested.Parménides GV
2013-04-29This commit contains:Parménides GV
- SRP algorithm improved (validate method uses trim, and some other trims have been added). - Refactored calculatePasswordHash, so that it receives a String instead of a char array, and now it is capable of escaping "\" correctly. - A 1000*2 successful logins, with a new test that performs 1000 trials for 2 different username/password/server trios. Next step: think about how the user is going to trigger the log in fragment.
2013-04-29Made SRP working with ProviderAPI methods more frequently than not in ↵Parménides GV
localhost, but I cannot succeed in api.bitmask.net with my personal account. Next step: add tests from api.bitmask.net.
2013-04-16Added libraries from JBoss.Parménides GV
2013-04-16Merge branch 'feature/wizard' into developParménides GV
2013-04-16Fixed bug #2225 (https://leap.se/code/issues/2225)Parménides GV
2013-04-15Fixed bug 2231.Parménides GV
New provider dialog works OK.
2013-04-15Fixed bug #2224.Parménides GV
The problem was in the keystore, which did not contain the certificate used in https://bitmask.net/ca.cert. For the future, we should be able to easily manage this kind of certificate upgrade/renewal without having to search again (http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html) for the keytool command to import a certificate. Script?
2013-04-15Added one "else if" that I missed during merge.Parménides GV
Next step: understand why ca.cert from bitmask is not being downloaded correctly.
2013-04-15Merge branch 'wizard' into feature/wizardParménides GV
Conflicts: src/se/leap/leapclient/ConfigHelper.java src/se/leap/leapclient/ConfigurationWizard.java src/se/leap/leapclient/ProviderAPI.java
2013-04-11Made LeapSRPSession more beautiful, put javadoc and commented lines ofParménides GV
strings used to check everything's fine manually.
2013-04-10Some more trims added. It passes a lot of tests from the test projectParménides GV
(not included here, still to decide if push it publicly). Next steps: make code beautiful, Android GUI SRP and real communication server, and add even more tests (in my spare time, just to check with more users).
2013-04-10LeapSRPSession response() method is working for the three differentParménides GV
tests I've written for it. Next step: verify()
2013-04-09Response should be correct, as far as different calculationsParménides GV
individually are. But in reality it's not. Tried to fix final hash putting a trim in every byte array, but it did not work. Next step: check the final hash, looking for padding issues.
2013-04-08Done constructor of LeapSRPSession: it's OK.Parménides GV
Next step: fix response() calculations.
2013-04-08Xor method fixed. I use BigInteger Java one.Parménides GV
Next step: understand why SHA-256 digest from NG_1024 is not equals to the one leap_web is calculating.
2013-04-03Added new files to gitignore.Parménides GV
2013-04-03Fixed bug #2146 => A calculation is now fine. Next step: fix M1Parménides GV
calculation, since right now (using tests) response() method is not doing OK. Added new SRPSession modifying response() method from JBoss SRP implementation. Added hosts-for-android-emulator. Use with the following commands to be able to test on api.lvh.me: adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system adb push ~/workspace/leap_android/hosts-for-android-emulator /system/etc/hosts
2013-03-30Trial for srpforjava: it does not work since it implements SRP-6, andParménides GV
not SRP-6a. That means, for example, that M1 is calculated differently from what we need.
2013-03-29Tried to implement SRP with JBoss: discarded because it needs RMI to getParménides GV
the salt, and because of our messageflow I cannot obtain it before starting Authentication. That's why on line 132 from ProviderAPI I tried to get a new SRPClientSession using the newly obtained salt, but of course it fails since A cannot be restored from previous initialization. Next step: try with srpforjava. Next next step: if srpforjava does not work for us, use lower level methods to implement our own http srp flow.
2013-03-20Ready to use with Android JellyBean (api 16)Parménides GV
2013-03-19The new certificate added by ConfigHelper.addTrustedCertificate did notParménides GV
used the provider alias, but a predefined (I forgot removing quotes from argument) string.
2013-03-19Included libs folder with bouncycastle inside it.Parménides GV
2013-03-19Trying to find a jar from JBoss to use their SRP implementation. ImportsParménides GV
errors because of classes not yet found.
2013-03-18Loads bks file from assets.Parménides GV
2013-03-18Refactored ProviderAPI code.Parménides GV
ConfigurationWizard works without problem for both new and preseeded providers. I've added flow control for the activity to finish when all files have been downloaded, managing errors with setResult(RESULT_CANCELED).