From 81a732702f7b3125ac543f92d8a5ec33cce972fe Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 4 Jan 2018 13:23:58 +0100 Subject: 8773 preseeded providers implementation for insecure flavor --- .../se/leap/bitmaskclient/ConfigurationWizard.java | 19 ++- .../java/se/leap/bitmaskclient/ProviderAPI.java | 163 +++++++++++++-------- .../bitmaskclient/BaseConfigurationWizard.java | 16 ++ .../main/java/se/leap/bitmaskclient/Provider.java | 18 ++- .../se/leap/bitmaskclient/ProviderApiBase.java | 39 ++++- .../se/leap/bitmaskclient/ProviderManager.java | 30 ++-- .../se/leap/bitmaskclient/ConfigurationWizard.java | 14 -- .../java/se/leap/bitmaskclient/ProviderAPI.java | 42 +----- 8 files changed, 199 insertions(+), 142 deletions(-) diff --git a/app/src/insecure/java/se/leap/bitmaskclient/ConfigurationWizard.java b/app/src/insecure/java/se/leap/bitmaskclient/ConfigurationWizard.java index df1a59ff..766b6c60 100644 --- a/app/src/insecure/java/se/leap/bitmaskclient/ConfigurationWizard.java +++ b/app/src/insecure/java/se/leap/bitmaskclient/ConfigurationWizard.java @@ -89,9 +89,17 @@ public class ConfigurationWizard extends BaseConfigurationWizard { mConfigState.setAction(SETTING_UP_PROVIDER); Intent provider_API_command = new Intent(this, ProviderAPI.class); Bundle parameters = new Bundle(); - parameters.putString(Provider.MAIN_URL, selected_provider.mainUrl().getUrl().toString()); + parameters.putString(Provider.MAIN_URL, selected_provider.getMainUrl().toString()); parameters.putBoolean(ProviderItem.DANGER_ON, danger_on); - parameters.putString(Provider.CA_CERT_FINGERPRINT, selected_provider.certificatePin()); + if (selected_provider.hasCertificatePin()){ + parameters.putString(Provider.CA_CERT_FINGERPRINT, selected_provider.certificatePin()); + } + if (selected_provider.hasCaCert()) { + parameters.putString(Provider.CA_CERT, selected_provider.getCaCert()); + } + if (selected_provider.hasDefinition()) { + parameters.putString(Provider.KEY, selected_provider.getDefinition().toString()); + } provider_API_command.setAction(ProviderAPI.SET_UP_PROVIDER); provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters); @@ -103,15 +111,22 @@ public class ConfigurationWizard extends BaseConfigurationWizard { /** * Retrys setup of last used provider, allows bypassing ca certificate validation. */ + @Override public void retrySetUpProvider() { cancelSettingUpProvider(); if (!ProviderAPI.caCertDownloaded()) { addAndSelectNewProvider(ProviderAPI.lastProviderMainUrl(), ProviderAPI.lastDangerOn()); } else { + showProgressBar(); + adapter.hideAllBut(adapter.indexOf(selected_provider)); + Intent provider_API_command = new Intent(this, ProviderAPI.class); provider_API_command.setAction(ProviderAPI.SET_UP_PROVIDER); provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver); + Bundle parameters = new Bundle(); + parameters.putString(Provider.MAIN_URL, selected_provider.getMainUrl().toString()); + provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters); startService(provider_API_command); } diff --git a/app/src/insecure/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/insecure/java/se/leap/bitmaskclient/ProviderAPI.java index 7689c343..5cb06115 100644 --- a/app/src/insecure/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/insecure/java/se/leap/bitmaskclient/ProviderAPI.java @@ -21,7 +21,6 @@ import android.util.Pair; import org.json.JSONException; import org.json.JSONObject; -import org.thoughtcrime.ssl.pinning.util.PinningHelper; import java.io.FileNotFoundException; import java.io.IOException; @@ -38,7 +37,6 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; @@ -48,7 +46,6 @@ import se.leap.bitmaskclient.ProviderListContent.ProviderItem; import se.leap.bitmaskclient.eip.EIP; import static se.leap.bitmaskclient.R.string.certificate_error; -import static se.leap.bitmaskclient.R.string.error_io_exception_user_message; import static se.leap.bitmaskclient.R.string.malformed_url; /** @@ -64,10 +61,10 @@ import static se.leap.bitmaskclient.R.string.malformed_url; */ public class ProviderAPI extends ProviderApiBase { - private static boolean last_danger_on = true; + private static boolean lastDangerOn = true; public static boolean lastDangerOn() { - return last_danger_on; + return lastDangerOn; } /** @@ -79,71 +76,99 @@ public class ProviderAPI extends ProviderApiBase { @Override protected Bundle setUpProvider(Bundle task) { int progress = 0; - Bundle current_download = new Bundle(); + Bundle currentDownload = new Bundle(); if (task != null) { - last_danger_on = task.containsKey(ProviderItem.DANGER_ON) && task.getBoolean(ProviderItem.DANGER_ON); - last_provider_main_url = task.containsKey(Provider.MAIN_URL) ? + lastDangerOn = task.containsKey(ProviderItem.DANGER_ON) && task.getBoolean(ProviderItem.DANGER_ON); + lastProviderMainUrl = task.containsKey(Provider.MAIN_URL) ? task.getString(Provider.MAIN_URL) : ""; - provider_ca_cert_fingerprint = task.containsKey(Provider.CA_CERT_FINGERPRINT) ? + providerCaCertFingerprint = task.containsKey(Provider.CA_CERT_FINGERPRINT) ? task.getString(Provider.CA_CERT_FINGERPRINT) : ""; - CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false; + providerCaCert = task.containsKey(Provider.CA_CERT) ? + task.getString(Provider.CA_CERT) : + ""; + + try { + providerDefinition = task.containsKey(Provider.KEY) ? + new JSONObject(task.getString(Provider.KEY)) : + new JSONObject(); + } catch (JSONException e) { + e.printStackTrace(); + providerDefinition = new JSONObject(); + } + providerApiUrl = getApiUrlWithVersion(providerDefinition); + + checkPersistedProviderUpdates(); + currentDownload = validateProviderDetails(); + + //provider details invalid + if (currentDownload.containsKey(ERRORS)) { + return currentDownload; + } + + //no provider certificate available + if (currentDownload.containsKey(RESULT_KEY) && !currentDownload.getBoolean(RESULT_KEY)) { + resetProviderDetails(); + } + + EIP_SERVICE_JSON_DOWNLOADED = false; go_ahead = true; } if (!PROVIDER_JSON_DOWNLOADED) - current_download = getAndSetProviderJson(last_provider_main_url, last_danger_on, provider_ca_cert_fingerprint); - if (PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { + currentDownload = getAndSetProviderJson(lastProviderMainUrl, lastDangerOn, providerCaCert, providerDefinition); + if (PROVIDER_JSON_DOWNLOADED || (currentDownload.containsKey(RESULT_KEY) && currentDownload.getBoolean(RESULT_KEY))) { broadcastProgress(progress++); PROVIDER_JSON_DOWNLOADED = true; - current_download = downloadCACert(last_danger_on); - if (CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { + if (!CA_CERT_DOWNLOADED) + currentDownload = downloadCACert(lastDangerOn); + if (CA_CERT_DOWNLOADED || (currentDownload.containsKey(RESULT_KEY) && currentDownload.getBoolean(RESULT_KEY))) { broadcastProgress(progress++); CA_CERT_DOWNLOADED = true; - current_download = getAndSetEipServiceJson(); - if (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY)) { + currentDownload = getAndSetEipServiceJson(); + if (currentDownload.containsKey(RESULT_KEY) && currentDownload.getBoolean(RESULT_KEY)) { broadcastProgress(progress++); EIP_SERVICE_JSON_DOWNLOADED = true; } } } - return current_download; + return currentDownload; } - private Bundle getAndSetProviderJson(String provider_main_url, boolean danger_on, String provider_ca_cert_fingerprint) { + private Bundle getAndSetProviderJson(String providerMainUrl, boolean dangerOn, String caCert, JSONObject providerDefinition) { Bundle result = new Bundle(); if (go_ahead) { - String provider_dot_json_string; - if(provider_ca_cert_fingerprint.isEmpty()) - provider_dot_json_string = downloadWithCommercialCA(provider_main_url + "/provider.json", danger_on); + String providerDotJsonString; + if(providerDefinition.length() == 0 || caCert.isEmpty()) + providerDotJsonString = downloadWithCommercialCA(providerMainUrl + "/provider.json", dangerOn); else - provider_dot_json_string = downloadWithCommercialCA(provider_main_url + "/provider.json", danger_on, provider_ca_cert_fingerprint); + providerDotJsonString = downloadFromApiUrlWithProviderCA("/provider.json", caCert, providerDefinition, dangerOn); - if (!isValidJson(provider_dot_json_string)) { + if (!isValidJson(providerDotJsonString)) { result.putString(ERRORS, getString(malformed_url)); result.putBoolean(RESULT_KEY, false); return result; } try { - JSONObject provider_json = new JSONObject(provider_dot_json_string); - provider_api_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION); - String name = provider_json.getString(Provider.NAME); + JSONObject providerJson = new JSONObject(providerDotJsonString); + String providerDomain = providerJson.getString(Provider.DOMAIN); + providerApiUrl = getApiUrlWithVersion(providerJson); + String name = providerJson.getString(Provider.NAME); //TODO setProviderName(name); - preferences.edit().putString(Provider.KEY, provider_json.toString()).commit(); - preferences.edit().putBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS)).commit(); - preferences.edit().putBoolean(Constants.PROVIDER_ALLOWED_REGISTERED, provider_json.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOWED_REGISTERED)).commit(); - + preferences.edit().putString(Provider.KEY, providerJson.toString()). + putBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS, providerJson.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS)). + putBoolean(Constants.PROVIDER_ALLOWED_REGISTERED, providerJson.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOWED_REGISTERED)). + putString(Provider.KEY + "." + providerDomain, providerJson.toString()).commit(); result.putBoolean(RESULT_KEY, true); } catch (JSONException e) { - //TODO Error message should be contained in that provider_dot_json_string - String reason_to_fail = pickErrorMessage(provider_dot_json_string); + String reason_to_fail = pickErrorMessage(providerDotJsonString); result.putString(ERRORS, reason_to_fail); result.putBoolean(RESULT_KEY, false); } @@ -163,7 +188,7 @@ public class ProviderAPI extends ProviderApiBase { try { JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, "")); String eip_service_url = provider_json.getString(Provider.API_URL) + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.SERVICE_API_PATH; - eip_service_json_string = downloadWithProviderCA(eip_service_url, last_danger_on); + eip_service_json_string = downloadWithProviderCA(eip_service_url, lastDangerOn); JSONObject eip_service_json = new JSONObject(eip_service_json_string); eip_service_json.getInt(Provider.API_RETURN_SERIAL); @@ -192,7 +217,7 @@ public class ProviderAPI extends ProviderApiBase { String provider_main_url = provider_json.getString(Provider.API_URL); URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + Constants.PROVIDER_VPN_CERTIFICATE); - String cert_string = downloadWithProviderCA(new_cert_string_url.toString(), last_danger_on); + String cert_string = downloadWithProviderCA(new_cert_string_url.toString(), lastDangerOn); if (cert_string == null || cert_string.isEmpty() || ConfigHelper.checkErroneousDownload(cert_string)) return false; @@ -210,18 +235,21 @@ public class ProviderAPI extends ProviderApiBase { } - private Bundle downloadCACert(boolean danger_on) { + private Bundle downloadCACert(boolean dangerOn) { Bundle result = new Bundle(); try { - JSONObject provider_json = new JSONObject(preferences.getString(Provider.KEY, "")); - String ca_cert_url = provider_json.getString(Provider.CA_CERT_URI); - String cert_string = downloadWithCommercialCA(ca_cert_url, danger_on); + JSONObject providerJson = new JSONObject(preferences.getString(Provider.KEY, "")); + String caCertUrl = providerJson.getString(Provider.CA_CERT_URI); + String providerDomain = providerJson.getString(Provider.DOMAIN); + + String certString = downloadWithCommercialCA(caCertUrl, dangerOn); - if (validCertificate(cert_string) && go_ahead) { - preferences.edit().putString(Provider.CA_CERT, cert_string).commit(); + if (validCertificate(certString) && go_ahead) { + preferences.edit().putString(Provider.CA_CERT, certString).commit(); + preferences.edit().putString(Provider.CA_CERT + "." + providerDomain, certString).commit(); result.putBoolean(RESULT_KEY, true); } else { - String reason_to_fail = pickErrorMessage(cert_string); + String reason_to_fail = pickErrorMessage(certString); result.putString(ERRORS, reason_to_fail); result.putBoolean(RESULT_KEY, false); } @@ -234,29 +262,6 @@ public class ProviderAPI extends ProviderApiBase { return result; } - //TODO: refactor with ticket #8773 - private String downloadWithCommercialCA(String urlString, boolean dangerOn, String caCertFingerprint) { - String result = ""; - int seconds_of_timeout = 2; - String[] pins = new String[] {caCertFingerprint}; - try { - URL url = new URL(urlString); - HttpsURLConnection connection = PinningHelper.getPinnedHttpsURLConnection(getApplicationContext(), pins, url); - connection.setConnectTimeout(seconds_of_timeout * 1000); - if (!LeapSRPSession.getToken().isEmpty()) - connection.addRequestProperty(LeapSRPSession.AUTHORIZATION_HEADER, "Token token=" + LeapSRPSession.getToken()); - result = new Scanner(connection.getInputStream()).useDelimiter("\\A").next(); - } catch (IOException e) { - if(e instanceof SSLHandshakeException) { - result = dangerOn ? downloadWithoutCA(urlString) : - formatErrorMessage(R.string.error_security_pinnedcertificate); - } else - result = formatErrorMessage(error_io_exception_user_message); - } - - return result; - } - /** * Tries to download the contents of the provided url using commercially validated CA certificate from chosen provider. *

@@ -284,7 +289,35 @@ public class ProviderAPI extends ProviderApiBase { // try to download with provider CA on certificate error JSONObject responseErrorJson = new JSONObject(responseString); if (danger_on && responseErrorJson.getString(ERRORS).equals(getString(R.string.certificate_error))) { - responseString = downloadWithProviderCA(string_url, danger_on); + responseString = downloadWithoutCA(string_url); + } + } catch (JSONException e) { + e.printStackTrace(); + } + } + + return responseString; + } + + private String downloadFromApiUrlWithProviderCA(String path, String caCert, JSONObject providerDefinition, boolean dangerOn) { + String responseString; + JSONObject errorJson = new JSONObject(); + String baseUrl = getApiUrl(providerDefinition); + OkHttpClient okHttpClient = initSelfSignedCAHttpClient(errorJson, caCert); + if (okHttpClient == null) { + return errorJson.toString(); + } + + String urlString = baseUrl + path; + List> headerArgs = getAuthorizationHeader(); + responseString = sendGetStringToServer(urlString, headerArgs, okHttpClient); + + if (responseString != null && responseString.contains(ERRORS)) { + try { + // try to download with provider CA on certificate error + JSONObject responseErrorJson = new JSONObject(responseString); + if (dangerOn && responseErrorJson.getString(ERRORS).equals(getString(R.string.certificate_error))) { + responseString = downloadWithCommercialCA(urlString, dangerOn); } } catch (JSONException e) { e.printStackTrace(); diff --git a/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java b/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java index 1d675499..2c169e3d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java +++ b/app/src/main/java/se/leap/bitmaskclient/BaseConfigurationWizard.java @@ -216,6 +216,8 @@ public abstract class BaseConfigurationWizard extends Activity String provider_json_string = preferences.getString(Provider.KEY, ""); if (!provider_json_string.isEmpty()) selected_provider.define(new JSONObject(provider_json_string)); + String caCert = preferences.getString(Provider.CA_CERT, ""); + selected_provider.setCACert(caCert); } catch (JSONException e) { e.printStackTrace(); } @@ -301,6 +303,20 @@ public abstract class BaseConfigurationWizard extends Activity preferences.edit().remove(Provider.KEY).remove(Constants.PROVIDER_ALLOW_ANONYMOUS).remove(Constants.PROVIDER_KEY).apply(); } + @Override + public void updateProviderDetails() { + mConfigState.setAction(SETTING_UP_PROVIDER); + Intent provider_API_command = new Intent(this, ProviderAPI.class); + + provider_API_command.setAction(ProviderAPI.UPDATE_PROVIDER_DETAILS); + provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver); + Bundle parameters = new Bundle(); + parameters.putString(Provider.MAIN_URL, selected_provider.getMainUrl().toString()); + provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters); + + startService(provider_API_command); + } + private void askDashboardToQuitApp() { Intent ask_quit = new Intent(); ask_quit.putExtra(Dashboard.ACTION_QUIT, Dashboard.ACTION_QUIT); diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java index 71a0e149..ae07bc25 100644 --- a/app/src/main/java/se/leap/bitmaskclient/Provider.java +++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java @@ -70,14 +70,18 @@ public final class Provider implements Parcelable { this.mainUrl.setUrl(mainUrl); } - public Provider(URL mainUrl, String caCert, /*String certificatePin,*/ String definition) { + public Provider(URL mainUrl, String caCert, String definition) { this.mainUrl.setUrl(mainUrl); - this.caCert = caCert; - try { - this.definition = new JSONObject(definition); - parseDefinition(this.definition); - } catch (JSONException e) { - e.printStackTrace(); + if (caCert != null) { + this.caCert = caCert; + } + if (definition != null) { + try { + this.definition = new JSONObject(definition); + parseDefinition(this.definition); + } catch (JSONException | NullPointerException e) { + e.printStackTrace(); + } } } diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java b/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java index dfc48bee..0013d2c2 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java +++ b/app/src/main/java/se/leap/bitmaskclient/ProviderApiBase.java @@ -665,9 +665,6 @@ public abstract class ProviderApiBase extends IntentService { try { response = okHttpClient.newCall(request).execute(); - if (!response.isSuccessful()){ - return formatErrorMessage(error_json_exception_user_message); - } InputStream inputStream = response.body().byteStream(); Scanner scanner = new Scanner(inputStream).useDelimiter("\\A"); @@ -760,6 +757,42 @@ public abstract class ProviderApiBase extends IntentService { return result; } + protected void checkPersistedProviderUpdates() { + String providerDomain = getProviderDomain(providerDefinition); + if (hasUpdatedProviderDetails(providerDomain)) { + providerCaCert = getPersistedProviderCA(providerDomain); + providerDefinition = getPersistedProviderDefinition(providerDomain); + providerCaCertFingerprint = getPersistedCaCertFingerprint(providerDomain); + providerApiUrl = getApiUrlWithVersion(providerDefinition); + } + } + + protected Bundle validateProviderDetails() { + Bundle result = validateCertificateForProvider(providerCaCert, providerDefinition, lastProviderMainUrl); + + //invalid certificate or no certificate + if (result.containsKey(ERRORS) || (result.containsKey(RESULT_KEY) && !result.getBoolean(RESULT_KEY)) ) { + return result; + } + + //valid certificate: skip download, save loaded provider CA cert and provider definition directly + try { + preferences.edit().putString(Provider.KEY, providerDefinition.toString()). + putBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS, providerDefinition.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS)). + putBoolean(Constants.PROVIDER_ALLOWED_REGISTERED, providerDefinition.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOWED_REGISTERED)). + putString(Provider.CA_CERT, providerCaCert).commit(); + CA_CERT_DOWNLOADED = true; + PROVIDER_JSON_DOWNLOADED = true; + result.putBoolean(RESULT_KEY, true); + } catch (JSONException e) { + e.printStackTrace(); + result.putBoolean(RESULT_KEY, false); + result = setErrorResult(result, getString(R.string.warning_corrupted_provider_details), ERROR_CORRUPTED_PROVIDER_JSON.toString()); + } + + return result; + } + protected Bundle validateCertificateForProvider(String cert_string, JSONObject providerDefinition, String mainUrl) { Bundle result = new Bundle(); result.putBoolean(RESULT_KEY, false); diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java index cf703631..92d5da9f 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java +++ b/app/src/main/java/se/leap/bitmaskclient/ProviderManager.java @@ -58,19 +58,27 @@ public class ProviderManager implements AdapteeCollection { private Set providersFromAssets(String directory, String[] relative_file_paths) { Set providers = new HashSet(); - try { - for (String file : relative_file_paths) { - String provider = file.substring(0, file.length() - ".url".length()); - InputStream provider_file = assets_manager.open(directory + "/" + file); - String mainUrl = extractMainUrlFromInputStream(provider_file); - String certificate = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".pem")); - String providerDefinition = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".json")); - providers.add(new Provider(new URL(mainUrl), certificate, providerDefinition)); + for (String file : relative_file_paths) { + String mainUrl = null; + String certificate = null; + String providerDefinition = null; + try { + String provider = file.substring(0, file.length() - ".url".length()); + InputStream provider_file = assets_manager.open(directory + "/" + file); + mainUrl = extractMainUrlFromInputStream(provider_file); + certificate = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".pem")); + providerDefinition = ConfigHelper.loadInputStreamAsString(assets_manager.open(provider + ".json")); + } catch (IOException e) { + e.printStackTrace(); + } + try { + providers.add(new Provider(new URL(mainUrl), certificate, providerDefinition)); + } catch (MalformedURLException e) { + e.printStackTrace(); + } } - } catch (IOException e) { - e.printStackTrace(); - } + return providers; } diff --git a/app/src/production/java/se/leap/bitmaskclient/ConfigurationWizard.java b/app/src/production/java/se/leap/bitmaskclient/ConfigurationWizard.java index 363fa66c..3f05b0a2 100644 --- a/app/src/production/java/se/leap/bitmaskclient/ConfigurationWizard.java +++ b/app/src/production/java/se/leap/bitmaskclient/ConfigurationWizard.java @@ -102,18 +102,4 @@ public class ConfigurationWizard extends BaseConfigurationWizard { } } - @Override - public void updateProviderDetails() { - mConfigState.setAction(SETTING_UP_PROVIDER); - Intent provider_API_command = new Intent(this, ProviderAPI.class); - - provider_API_command.setAction(ProviderAPI.UPDATE_PROVIDER_DETAILS); - provider_API_command.putExtra(ProviderAPI.RECEIVER_KEY, providerAPI_result_receiver); - Bundle parameters = new Bundle(); - parameters.putString(Provider.MAIN_URL, selected_provider.getMainUrl().toString()); - provider_API_command.putExtra(ProviderAPI.PARAMETERS, parameters); - - startService(provider_API_command); - } - } diff --git a/app/src/production/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/production/java/se/leap/bitmaskclient/ProviderAPI.java index b27c3dca..39651a43 100644 --- a/app/src/production/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/production/java/se/leap/bitmaskclient/ProviderAPI.java @@ -62,6 +62,7 @@ public class ProviderAPI extends ProviderApiBase { lastProviderMainUrl = task.containsKey(Provider.MAIN_URL) ? task.getString(Provider.MAIN_URL) : ""; + //TODO: remove that providerCaCertFingerprint = task.containsKey(Provider.CA_CERT_FINGERPRINT) ? task.getString(Provider.CA_CERT_FINGERPRINT) : ""; @@ -119,43 +120,6 @@ public class ProviderAPI extends ProviderApiBase { } - private Bundle validateProviderDetails() { - Bundle result = validateCertificateForProvider(providerCaCert, providerDefinition, lastProviderMainUrl); - - //invalid certificate or no certificate - if (result.containsKey(ERRORS) || (result.containsKey(RESULT_KEY) && !result.getBoolean(RESULT_KEY)) ) { - return result; - } - - //valid certificate: skip download, save loaded provider CA cert and provider definition directly - try { - preferences.edit().putString(Provider.KEY, providerDefinition.toString()). - putBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS, providerDefinition.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOW_ANONYMOUS)). - putBoolean(Constants.PROVIDER_ALLOWED_REGISTERED, providerDefinition.getJSONObject(Provider.SERVICE).getBoolean(Constants.PROVIDER_ALLOWED_REGISTERED)). - putString(Provider.CA_CERT, providerCaCert).commit(); - CA_CERT_DOWNLOADED = true; - PROVIDER_JSON_DOWNLOADED = true; - result.putBoolean(RESULT_KEY, true); - } catch (JSONException e) { - e.printStackTrace(); - result.putBoolean(RESULT_KEY, false); - result = setErrorResult(result, getString(R.string.warning_corrupted_provider_details), ERROR_CORRUPTED_PROVIDER_JSON.toString()); - } - - return result; - } - - private void checkPersistedProviderUpdates() { - String providerDomain = getProviderDomain(providerDefinition); - if (hasUpdatedProviderDetails(providerDomain)) { - providerCaCert = getPersistedProviderCA(providerDomain); - providerDefinition = getPersistedProviderDefinition(providerDomain); - providerCaCertFingerprint = getPersistedCaCertFingerprint(providerDomain); - providerApiUrl = getApiUrlWithVersion(providerDefinition); - } - } - - private Bundle getAndSetProviderJson(String providerMainUrl, String caCert, JSONObject providerDefinition) { Bundle result = new Bundle(); @@ -186,7 +150,6 @@ public class ProviderAPI extends ProviderApiBase { putString(Provider.KEY + "." + providerDomain, providerJson.toString()).commit(); result.putBoolean(RESULT_KEY, true); } catch (JSONException e) { - //TODO Error message should be contained in that provider_dot_json_string String reason_to_fail = pickErrorMessage(providerDotJsonString); result.putString(ERRORS, reason_to_fail); result.putBoolean(RESULT_KEY, false); @@ -261,7 +224,6 @@ public class ProviderAPI extends ProviderApiBase { String providerDomain = providerJson.getString(Provider.DOMAIN); String cert_string = downloadWithCommercialCA(caCertUrl); - result.putBoolean(RESULT_KEY, true); if (validCertificate(cert_string) && go_ahead) { preferences.edit().putString(Provider.CA_CERT, cert_string).commit(); @@ -321,7 +283,7 @@ public class ProviderAPI extends ProviderApiBase { * * @return an empty string if it fails, the response body if not. */ - protected String downloadFromApiUrlWithProviderCA(String path, String caCert, JSONObject providerDefinition) { + private String downloadFromApiUrlWithProviderCA(String path, String caCert, JSONObject providerDefinition) { String responseString; JSONObject errorJson = new JSONObject(); String baseUrl = getApiUrl(providerDefinition); -- cgit v1.2.3