| Age | Commit message (Collapse) | Author |
|---|
|
If an empty json string is received after sending M1 (that means no M2
in return), bad user/password message is shown.
This fixes bug 3153.
|
|
LeapHttpClient can fetch the main CA certificate downloaded from the
provider and add it to its in-memory keystore, without saving the
certificate in a file.
This is a very important feature, I think it can be cherry picked (it has
little modifications, and very localized).
It's very important because authentication does not work without this
bug fix in the latest branches, because I removed the code that saved
the certificate in a file but didn't test the authentication part.
|
|
If a download didn't occurr due to an IOException, we assume it was for
an SSL error and notify the user telling him/her that LEAP provider is
not trusted.
|
|
I've set ProviderAPI to show its own toast depending on the exception
that getStringFromProvider issues. If the socket timeout reaches its
end, a toast different from when an IOException or a MalformedException
occur.
|
|
When login is not successful, a new recovery dialog is prompted with a
message about the previous error.
|
|
Once in the provider detail fragment, if the user presses the back
button, provider.json is removed from sharedpreferences (so that
Dashboard does not start as if the user had selected the canceled
provider) and ConfigurationWizard gets the focus.
|
|
I was treating the former exception simply as a kind of the latter, but
user messages are different. Now, each one shows its different error
message.
|
|
I forgot to add an else in the IOException from getStringFromProvider.
This was causing that even if the user checked the trusted completely
beckbox and everything was fine, the "not trusted provider" message was
being shown.
|
|
The previous commit broke functionality, and instead of discarding it
I've decided to undo with a new commit for future references.
It would seem that IOException can be substitued by
SSLHandshakeException, but the previous commit proves it cannot.
|
|
In getStringFromProvider, there is no IOException but an
SSLHandshakeException. Substituing this gives our code more semantics.
|
|
If a download didn't occurr due to an IOException, we assume it was for
an SSL error and notify the user telling him/her that LEAP provider is
not trusted.
|
|
I've set ProviderAPI to show its own toast depending on the exception
that getStringFromProvider issues. If the socket timeout reaches its
end, a toast different from when an IOException or a MalformedException
occur.
|
|
If ssl errors don't vanish using CA cert from provider, we go further and let the certificate not to be validated at all.
|
|
I've also removed a lot of finishes when things go wrong (so that it should be returning to the previous activity/fragment).
|
|
|
|
I've decided not to include any lib, but to copy the SRPParameters class
to our codebase and Util.trim method to ConfigHelper.
|
|
Some more constants added to ConfigHelper.
This solves #2908.
|
|
This resolves the first step from issue #2908.
Next step: Put user message strings into an appropiate place.
|
|
It's working against cdev.bitmask.net and bitmask.net. Look at #2840 for
further explanation about self signed certificates.
I've also removed some file dependant configuration (when a provider was
custom, ConfigurationWizard still tried to read from file a
provider.json that now I store in memory via ProviderItem class).
|
|
There was a problem on the assets file "bitmask.url". It had an error in
the eip-service url.
We should use this file only for main url, and proceed as if it were a
new provider but with a preseeded main url.
|
|
We were using it to save certificate and provider.json files from chosen
provider, so that exporting them was easily done.
We don't need that files, because if we wanted to export that files we
would be able to recover them easily and updated.
This fixes #2783
|
|
Variables from LeapSRPSession were there because I used it while testing
srp calculations, comparing that strings with the ones from javascript.
Unused method from ProviderAPI was there because I foresee I'll have to
implement it in the future, but I've removed it since it's already in
the history.
This fixes #2781.
|
|
from provider.json.
This fixes bug #2780
|
|
boolean, JSONObject)
|
|
LeapSRPSession was doing bad SRP calculations when salt byte array
started with a 0. Now I trimmed that array before using it.
ProviderAPI was not timing out when a server didn't respond. Now, I use
a timeout of 1 second to stop waiting for a response.
|
|
I download the anon certificate only if allow_anonymous is true, and
before launching Dashboard.
I store it in SharedPreferences, with "cert" key, as a JSON object.
|
|
I've upper cased ConfigHelper constants.
I've created a new method in ConfigHelper, to send requests to a server,
that it's used when sending A and M1.
|
|
Allow registration is present in provider.json.
Provider.json is downloaded from both preseeded and custom providers.
Authentication success or fail is notified correctly to the user.
|
|
It is stored in SharedPrefs, with ConfigHelper.cert_key (="cert") key.
|
|
request a log in without certificates problems.
I've removed the addition of the certificate when downloaded
eip-service.json, because I already do that in LeapHttpClient.
Solves issue 2367: https://leap.se/code/issues/2367
|
|
Refactored LeapSRPSession so that there is no need to send A twice.
|
|
entered, so that if in the future the client tries to log in or
whatever, it can use the certificate downloaded when added.
Log in dialog works ok, showing a toast when authentication fails (by
this time, I have not managed to get a correct login due to
dev.bitmask.net problems).
dev.bitmask.net works perfectly, via adding it as a new provider
(MeanderingCode, this is for you ;) ).
All GET requests are done by default Android URL class, which means that
certificates trusted by Android are also trusted by us. If there are
problems when logging in due to certificates, the app is able to use
only the certificate associated to the provider in the moment it was
selected as the chosen provider.
|
|
|
|
I need to implement bypass for dev.bitmask.net, because bitmask.net is
down.
|
|
|
|
- SRP algorithm improved (validate method uses trim, and some other
trims have been added).
- Refactored calculatePasswordHash, so that it receives a String instead
of a char array, and now it is capable of escaping "\" correctly.
- A 1000*2 successful logins, with a new test that performs 1000 trials
for 2 different username/password/server trios.
Next step: think about how the user is going to trigger the log in
fragment.
|
|
localhost, but I cannot succeed in api.bitmask.net with my personal account. Next step: add tests from api.bitmask.net.
|
|
|
|
New provider dialog works OK.
|
|
Next step: understand why ca.cert from bitmask is not being downloaded
correctly.
|
|
Conflicts:
src/se/leap/leapclient/ConfigHelper.java
src/se/leap/leapclient/ConfigurationWizard.java
src/se/leap/leapclient/ProviderAPI.java
|
|
calculation, since right now (using tests) response() method is not
doing OK.
Added new SRPSession modifying response() method from JBoss SRP
implementation.
Added hosts-for-android-emulator. Use with the following commands to be
able to test on api.lvh.me:
adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
adb push ~/workspace/leap_android/hosts-for-android-emulator
/system/etc/hosts
|
|
not SRP-6a. That means, for example, that M1 is calculated differently
from what we need.
|
|
the salt, and because of our messageflow I cannot obtain it before
starting Authentication. That's why on line 132 from ProviderAPI I tried
to get a new SRPClientSession using the newly obtained salt, but of
course it fails since A cannot be restored from previous initialization.
Next step: try with srpforjava.
Next next step: if srpforjava does not work for us, use lower level
methods to implement our own http srp flow.
|
|
errors because of classes not yet found.
|
|
ConfigurationWizard works without problem for both new and preseeded
providers. I've added flow control for the activity to finish when all
files have been downloaded, managing errors with
setResult(RESULT_CANCELED).
|
|
problems assuming user wanted to trust it since s/he entered by
him/herself the URL.
Next step: refactor a bit, to make code more beautiful.
|
|
can download eip-service.json and ca.crt without having the latter as a
predefined trusted certificate. It does not ask anything about trusting
the new certificate as far as selecting a custom provider means that the
user trusts that url.
Next step: make provider.json also downloadable from https address using
ca.cert not trusted.
|
|
custom provider is selected.
Tested using https://bitmask.net as url for custom provider.
|
|
Going to hit some bugs before continuing with this work.
|
