From 3ab74308e7ba1fda02d3427ec795eac397707199 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Mon, 5 May 2014 15:13:47 +0200 Subject: Sign up methods to be tested. --- .../java/se/leap/bitmaskclient/ProviderAPI.java | 94 +++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) (limited to 'app/src/debug/java') diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index 9f4b8d27..f8895983 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -172,6 +172,13 @@ public class ProviderAPI extends IntentService { receiver.send(PROVIDER_NOK, result); } } + } else if (action.equalsIgnoreCase(SRP_REGISTER)) { + Bundle session_id_bundle = registerWithSRP(parameters); + if(session_id_bundle.getBoolean(RESULT_KEY)) { + receiver.send(SRP_AUTHENTICATION_SUCCESSFUL, session_id_bundle); + } else { + receiver.send(SRP_AUTHENTICATION_FAILED, session_id_bundle); + } } else if (action.equalsIgnoreCase(SRP_AUTH)) { Bundle session_id_bundle = authenticateBySRP(parameters); if(session_id_bundle.getBoolean(RESULT_KEY)) { @@ -193,7 +200,66 @@ public class ProviderAPI extends IntentService { } } } - + + private Bundle registerWithSRP(Bundle task) { + Bundle session_id_bundle = new Bundle(); + int progress = 0; + + String username = (String) task.get(LogInDialog.USERNAME); + String password = (String) task.get(LogInDialog.PASSWORD); + String authentication_server = (String) task.get(Provider.API_URL); + if(validUserLoginData(username, password)) { + + SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), ConfigHelper.G.toByteArray(), BigInteger.ZERO.toByteArray(), "SHA-256"); + LeapSRPSession client = new LeapSRPSession(username, password, params); + byte[] salted_password = client.calculateSaltedPassword(); + /* Calculate password verifier */ + BigInteger password_verifier = client.calculateV(); + /* Send to the server */ + try { + sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(salted_password).toString(), password_verifier.toString()); + broadcast_progress(progress++); + } catch (ClientProtocolException e) { + // session_id_bundle.putBoolean(RESULT_KEY, false); + // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_client_http_user_message)); + // session_id_bundle.putString(LogInDialog.USERNAME, username); + } catch (IOException e) { + // session_id_bundle.putBoolean(RESULT_KEY, false); + // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_io_exception_user_message)); + // session_id_bundle.putString(LogInDialog.USERNAME, username); + } catch (JSONException e) { + // session_id_bundle.putBoolean(RESULT_KEY, false); + // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_json_exception_user_message)); + // session_id_bundle.putString(LogInDialog.USERNAME, username); + } catch (NoSuchAlgorithmException e) { + // session_id_bundle.putBoolean(RESULT_KEY, false); + // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_no_such_algorithm_exception_user_message)); + // session_id_bundle.putString(LogInDialog.USERNAME, username); + } catch (KeyManagementException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (KeyStoreException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + } else { + if(!wellFormedPassword(password)) { + session_id_bundle.putBoolean(RESULT_KEY, false); + session_id_bundle.putString(LogInDialog.USERNAME, username); + session_id_bundle.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true); + } + if(username.isEmpty()) { + session_id_bundle.putBoolean(RESULT_KEY, false); + session_id_bundle.putBoolean(LogInDialog.USERNAME_MISSING, true); + } + } + + return session_id_bundle; + } /** * Starts the authentication process using SRP protocol. * @@ -374,6 +440,32 @@ public class ProviderAPI extends IntentService { } return session_idAndM2; } + + /** + * Sends an HTTP POST request to the authentication server to register a new user. + * @param server_url + * @param username + * @param salted_password + * @param password_verifier + * @return response from authentication server + * @throws ClientProtocolException + * @throws IOException + * @throws JSONException + * @throws CertificateException + * @throws NoSuchAlgorithmException + * @throws KeyStoreException + * @throws KeyManagementException + */ + private JSONObject sendNewUserDataToSRPServer(String server_url, String username, String salted_password, String password_verifier) throws ClientProtocolException, IOException, JSONException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + Map parameters = new HashMap(); + parameters.put("user[login]", username); + parameters.put("user[password_salt]", salted_password); + parameters.put("user[password_verifier]", password_verifier); + return sendToServer(server_url + "/users.json", "POST", parameters); + + /*HttpPost post = new HttpPost(server_url + "/sessions.json" + "?" + "login=" + username + "&&" + "A=" + clientA); + return sendToServer(post);*/ + } /** * Executes an HTTP request expecting a JSON response. -- cgit v1.2.3 From 230ae10fb3a0c08cbd16e91fce041133bdf5ae8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Mon, 5 May 2014 16:06:53 +0200 Subject: New menu option: signup. There is some problem in the maths, because the server says it's ok but login doesn't work from Android app nor from webapp. --- app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'app/src/debug/java') diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index f8895983..8678cc80 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -214,27 +214,32 @@ public class ProviderAPI extends IntentService { LeapSRPSession client = new LeapSRPSession(username, password, params); byte[] salted_password = client.calculateSaltedPassword(); /* Calculate password verifier */ - BigInteger password_verifier = client.calculateV(); + BigInteger password_verifier = client.calculateV(username, password, salted_password); /* Send to the server */ try { - sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(salted_password).toString(), password_verifier.toString()); + JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(salted_password).toString(16), password_verifier.toString()); + Log.d(TAG, result.toString()); broadcast_progress(progress++); } catch (ClientProtocolException e) { // session_id_bundle.putBoolean(RESULT_KEY, false); // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_client_http_user_message)); // session_id_bundle.putString(LogInDialog.USERNAME, username); + e.printStackTrace(); } catch (IOException e) { // session_id_bundle.putBoolean(RESULT_KEY, false); // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_io_exception_user_message)); // session_id_bundle.putString(LogInDialog.USERNAME, username); + e.printStackTrace(); } catch (JSONException e) { // session_id_bundle.putBoolean(RESULT_KEY, false); // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_json_exception_user_message)); // session_id_bundle.putString(LogInDialog.USERNAME, username); + e.printStackTrace(); } catch (NoSuchAlgorithmException e) { // session_id_bundle.putBoolean(RESULT_KEY, false); // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_no_such_algorithm_exception_user_message)); // session_id_bundle.putString(LogInDialog.USERNAME, username); + e.printStackTrace(); } catch (KeyManagementException e) { // TODO Auto-generated catch block e.printStackTrace(); -- cgit v1.2.3 From 69c299b9c891d92ff7e5bc87e32b9acb10901b91 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 7 May 2014 13:55:46 +0200 Subject: Signup protocol coded. UI next. --- .../java/se/leap/bitmaskclient/ProviderAPI.java | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'app/src/debug/java') diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index 8678cc80..89ba9135 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -212,12 +212,13 @@ public class ProviderAPI extends IntentService { SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), ConfigHelper.G.toByteArray(), BigInteger.ZERO.toByteArray(), "SHA-256"); LeapSRPSession client = new LeapSRPSession(username, password, params); - byte[] salted_password = client.calculateSaltedPassword(); + byte[] salt = ConfigHelper.trim(client.calculateNewSalt()); + // byte[] salted_password = client.calculatePasswordHash(username, password, salt); /* Calculate password verifier */ - BigInteger password_verifier = client.calculateV(username, password, salted_password); + BigInteger password_verifier = client.calculateV(username, password, salt); /* Send to the server */ try { - JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(salted_password).toString(16), password_verifier.toString()); + JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); Log.d(TAG, result.toString()); broadcast_progress(progress++); } catch (ClientProtocolException e) { @@ -295,7 +296,7 @@ public class ProviderAPI extends IntentService { if(M1 != null) { broadcast_progress(progress++); JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1); - if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) { + if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) { session_id_bundle.putBoolean(RESULT_KEY, true); broadcast_progress(progress++); } else { @@ -461,15 +462,14 @@ public class ProviderAPI extends IntentService { * @throws KeyStoreException * @throws KeyManagementException */ - private JSONObject sendNewUserDataToSRPServer(String server_url, String username, String salted_password, String password_verifier) throws ClientProtocolException, IOException, JSONException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + private JSONObject sendNewUserDataToSRPServer(String server_url, String username, String salt, String password_verifier) throws ClientProtocolException, IOException, JSONException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { Map parameters = new HashMap(); parameters.put("user[login]", username); - parameters.put("user[password_salt]", salted_password); + parameters.put("user[password_salt]", salt); parameters.put("user[password_verifier]", password_verifier); - return sendToServer(server_url + "/users.json", "POST", parameters); - - /*HttpPost post = new HttpPost(server_url + "/sessions.json" + "?" + "login=" + username + "&&" + "A=" + clientA); - return sendToServer(post);*/ + Log.d(TAG, server_url); + Log.d(TAG, parameters.toString()); + return sendToServer(server_url + "/users", "POST", parameters); } /** -- cgit v1.2.3 From 6d9770518b0d94931e9521b72131516a841b193f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 8 May 2014 09:51:53 +0200 Subject: Raw json error messages shown. A bit of refactoring too, sendM1 much simpler. --- .../java/se/leap/bitmaskclient/ProviderAPI.java | 306 ++++++++++----------- 1 file changed, 148 insertions(+), 158 deletions(-) (limited to 'app/src/debug/java') diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index 89ba9135..8481bf08 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -217,41 +217,19 @@ public class ProviderAPI extends IntentService { /* Calculate password verifier */ BigInteger password_verifier = client.calculateV(username, password, salt); /* Send to the server */ - try { - JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); - Log.d(TAG, result.toString()); - broadcast_progress(progress++); - } catch (ClientProtocolException e) { - // session_id_bundle.putBoolean(RESULT_KEY, false); - // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_client_http_user_message)); - // session_id_bundle.putString(LogInDialog.USERNAME, username); - e.printStackTrace(); - } catch (IOException e) { - // session_id_bundle.putBoolean(RESULT_KEY, false); - // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_io_exception_user_message)); - // session_id_bundle.putString(LogInDialog.USERNAME, username); - e.printStackTrace(); - } catch (JSONException e) { - // session_id_bundle.putBoolean(RESULT_KEY, false); - // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_json_exception_user_message)); - // session_id_bundle.putString(LogInDialog.USERNAME, username); - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - // session_id_bundle.putBoolean(RESULT_KEY, false); - // session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_no_such_algorithm_exception_user_message)); - // session_id_bundle.putString(LogInDialog.USERNAME, username); - e.printStackTrace(); - } catch (KeyManagementException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); + if(result.has(ERRORS)) { + session_id_bundle.putBoolean(RESULT_KEY, false); + try { + // {"errors":{"login":["has already been taken","has already been taken"]}} + session_id_bundle.putString(getResources().getString(R.string.user_message), result.getJSONObject(ERRORS).toString()); + session_id_bundle.putString(LogInDialog.USERNAME, username); + } catch(JSONException e) { + e.printStackTrace(); + } } - + Log.d(TAG, result.toString()); + broadcast_progress(progress++); } else { if(!wellFormedPassword(password)) { session_id_bundle.putBoolean(RESULT_KEY, false); @@ -273,88 +251,84 @@ public class ProviderAPI extends IntentService { * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if authentication was successful. */ private Bundle authenticateBySRP(Bundle task) { - Bundle session_id_bundle = new Bundle(); - int progress = 0; + Bundle session_id_bundle = new Bundle(); + int progress = 0; - String username = (String) task.get(LogInDialog.USERNAME); - String password = (String) task.get(LogInDialog.PASSWORD); - if(validUserLoginData(username, password)) { + String username = (String) task.get(LogInDialog.USERNAME); + String password = (String) task.get(LogInDialog.PASSWORD); + if(validUserLoginData(username, password)) { - String authentication_server = (String) task.get(Provider.API_URL); + String authentication_server = (String) task.get(Provider.API_URL); + JSONObject authentication_step_result = new JSONObject(); - SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), ConfigHelper.G.toByteArray(), BigInteger.ZERO.toByteArray(), "SHA-256"); - LeapSRPSession client = new LeapSRPSession(username, password, params); - byte[] A = client.exponential(); + SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), ConfigHelper.G.toByteArray(), BigInteger.ZERO.toByteArray(), "SHA-256"); + LeapSRPSession client = new LeapSRPSession(username, password, params); + byte[] A = client.exponential(); + broadcast_progress(progress++); + authentication_step_result = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16)); + try { + String salt = authentication_step_result.getString(LeapSRPSession.SALT); + broadcast_progress(progress++); + byte[] Bbytes = new BigInteger(authentication_step_result.getString("B"), 16).toByteArray(); + byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes); + if(M1 != null) { broadcast_progress(progress++); - try { - JSONObject saltAndB = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16)); - if(saltAndB.length() > 0) { - String salt = saltAndB.getString(LeapSRPSession.SALT); - broadcast_progress(progress++); - byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray(); - byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes); - if(M1 != null) { - broadcast_progress(progress++); - JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1); - if(session_idAndM2.has(LeapSRPSession.M2) && client.verify((byte[])session_idAndM2.get(LeapSRPSession.M2))) { - session_id_bundle.putBoolean(RESULT_KEY, true); - broadcast_progress(progress++); - } else { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message)); - session_id_bundle.putString(LogInDialog.USERNAME, username); - } - } else { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(LogInDialog.USERNAME, username); - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message)); - } - broadcast_progress(progress++); - } else { - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_bad_user_password_user_message)); - session_id_bundle.putString(LogInDialog.USERNAME, username); - session_id_bundle.putBoolean(RESULT_KEY, false); - } - } catch (ClientProtocolException e) { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_client_http_user_message)); - session_id_bundle.putString(LogInDialog.USERNAME, username); - } catch (IOException e) { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_io_exception_user_message)); - session_id_bundle.putString(LogInDialog.USERNAME, username); - } catch (JSONException e) { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_json_exception_user_message)); - session_id_bundle.putString(LogInDialog.USERNAME, username); - } catch (NoSuchAlgorithmException e) { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_no_such_algorithm_exception_user_message)); - session_id_bundle.putString(LogInDialog.USERNAME, username); - } catch (KeyManagementException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } else { - if(!wellFormedPassword(password)) { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putString(LogInDialog.USERNAME, username); - session_id_bundle.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true); - } - if(username.isEmpty()) { - session_id_bundle.putBoolean(RESULT_KEY, false); - session_id_bundle.putBoolean(LogInDialog.USERNAME_MISSING, true); + authentication_step_result = sendM1ToSRPServer(authentication_server, username, M1); + setTokenIfAvailable(authentication_step_result); + byte[] M2 = new BigInteger(authentication_step_result.getString(LeapSRPSession.M2), 16).toByteArray(); + if(client.verify(M2)) { + session_id_bundle.putBoolean(RESULT_KEY, true); + broadcast_progress(progress++); + } else { + authFailedNotification(authentication_step_result, username); } + } else { + session_id_bundle.putBoolean(RESULT_KEY, false); + session_id_bundle.putString(LogInDialog.USERNAME, username); + session_id_bundle.putString(getResources().getString(R.string.user_message), getResources().getString(R.string.error_srp_math_error_user_message)); + } + } catch (JSONException e) { + session_id_bundle = authFailedNotification(authentication_step_result, username); + e.printStackTrace(); + } + broadcast_progress(progress++); + } else { + if(!wellFormedPassword(password)) { + session_id_bundle.putBoolean(RESULT_KEY, false); + session_id_bundle.putString(LogInDialog.USERNAME, username); + session_id_bundle.putBoolean(LogInDialog.PASSWORD_INVALID_LENGTH, true); } + if(username.isEmpty()) { + session_id_bundle.putBoolean(RESULT_KEY, false); + session_id_bundle.putBoolean(LogInDialog.USERNAME_MISSING, true); + } + } - return session_id_bundle; + return session_id_bundle; } + + private boolean setTokenIfAvailable(JSONObject authentication_step_result) { + try { + LeapSRPSession.setToken(authentication_step_result.getString(LeapSRPSession.TOKEN)); + CookieHandler.setDefault(null); // we don't need cookies anymore + } catch(JSONException e) { // + return false; + } + return true; + } + + private Bundle authFailedNotification(JSONObject result, String username) { + Log.d(TAG, "authFailedNotification("+ result +")"); + Bundle user_notification_bundle = new Bundle(); + try{ + user_notification_bundle.putString(getResources().getString(R.string.user_message), result.getJSONObject(ERRORS).toString()); + } catch(JSONException e) {} + if(!username.isEmpty()) + user_notification_bundle.putString(LogInDialog.USERNAME, username); + user_notification_bundle.putBoolean(RESULT_KEY, false); + + return user_notification_bundle; + } /** * Sets up an intent with the progress value passed as a parameter @@ -402,7 +376,7 @@ public class ProviderAPI extends IntentService { * @throws KeyStoreException * @throws KeyManagementException */ - private JSONObject sendAToSRPServer(String server_url, String username, String clientA) throws ClientProtocolException, IOException, JSONException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + private JSONObject sendAToSRPServer(String server_url, String username, String clientA) { Map parameters = new HashMap(); parameters.put("login", username); parameters.put("A", clientA); @@ -426,25 +400,11 @@ public class ProviderAPI extends IntentService { * @throws KeyStoreException * @throws KeyManagementException */ - private JSONObject sendM1ToSRPServer(String server_url, String username, byte[] m1) throws ClientProtocolException, IOException, JSONException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { + private JSONObject sendM1ToSRPServer(String server_url, String username, byte[] m1) { Map parameters = new HashMap(); parameters.put("client_auth", new BigInteger(1, ConfigHelper.trim(m1)).toString(16)); - //HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + "client_auth" + "=" + new BigInteger(1, ConfigHelper.trim(m1)).toString(16)); - JSONObject json_response = sendToServer(server_url + "/sessions/" + username +".json", "PUT", parameters); - - JSONObject session_idAndM2 = new JSONObject(); - if(json_response.length() > 0) { - byte[] M2_not_trimmed = new BigInteger(json_response.getString(LeapSRPSession.M2), 16).toByteArray(); - /*Cookie session_id_cookie = LeapHttpClient.getInstance(getApplicationContext()).getCookieStore().getCookies().get(0); - session_idAndM2.put(ConfigHelper.SESSION_ID_COOKIE_KEY, session_id_cookie.getName()); - session_idAndM2.put(ConfigHelper.SESSION_ID_KEY, session_id_cookie.getValue());*/ - session_idAndM2.put(LeapSRPSession.M2, ConfigHelper.trim(M2_not_trimmed)); - CookieHandler.setDefault(null); // we don't need cookies anymore - String token = json_response.getString(LeapSRPSession.TOKEN); - LeapSRPSession.setToken(token); - } - return session_idAndM2; + return sendToServer(server_url + "/sessions/" + username +".json", "PUT", parameters); } /** @@ -462,15 +422,15 @@ public class ProviderAPI extends IntentService { * @throws KeyStoreException * @throws KeyManagementException */ - private JSONObject sendNewUserDataToSRPServer(String server_url, String username, String salt, String password_verifier) throws ClientProtocolException, IOException, JSONException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { - Map parameters = new HashMap(); - parameters.put("user[login]", username); - parameters.put("user[password_salt]", salt); - parameters.put("user[password_verifier]", password_verifier); - Log.d(TAG, server_url); - Log.d(TAG, parameters.toString()); - return sendToServer(server_url + "/users", "POST", parameters); - } + private JSONObject sendNewUserDataToSRPServer(String server_url, String username, String salt, String password_verifier) { + Map parameters = new HashMap(); + parameters.put("user[login]", username); + parameters.put("user[password_salt]", salt); + parameters.put("user[password_verifier]", password_verifier); + Log.d(TAG, server_url); + Log.d(TAG, parameters.toString()); + return sendToServer(server_url + "/users", "POST", parameters); + } /** * Executes an HTTP request expecting a JSON response. @@ -486,37 +446,67 @@ public class ProviderAPI extends IntentService { * @throws KeyStoreException * @throws KeyManagementException */ - private JSONObject sendToServer(String url, String request_method, Map parameters) throws JSONException, MalformedURLException, IOException, KeyManagementException, KeyStoreException, NoSuchAlgorithmException, CertificateException { - JSONObject json_response; + private JSONObject sendToServer(String url, String request_method, Map parameters) { + JSONObject json_response; + HttpsURLConnection urlConnection = null; + try { InputStream is = null; - HttpsURLConnection urlConnection = (HttpsURLConnection)new URL(url).openConnection(); + urlConnection = (HttpsURLConnection)new URL(url).openConnection(); urlConnection.setRequestMethod(request_method); urlConnection.setChunkedStreamingMode(0); urlConnection.setSSLSocketFactory(getProviderSSLSocketFactory()); + + DataOutputStream writer = new DataOutputStream(urlConnection.getOutputStream()); + writer.writeBytes(formatHttpParameters(parameters)); + writer.close(); + + is = urlConnection.getInputStream(); + String plain_response = new Scanner(is).useDelimiter("\\A").next(); + json_response = new JSONObject(plain_response); + } catch (ClientProtocolException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } catch (IOException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } catch (JSONException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } catch (NoSuchAlgorithmException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } catch (KeyManagementException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } catch (KeyStoreException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } catch (CertificateException e) { + json_response = getErrorMessage(urlConnection); + e.printStackTrace(); + } + + return json_response; + } + + private JSONObject getErrorMessage(HttpsURLConnection urlConnection) { + JSONObject error_message = new JSONObject(); + if(urlConnection != null) { + InputStream error_stream = urlConnection.getErrorStream(); + if(error_stream != null) { + String error_response = new Scanner(error_stream).useDelimiter("\\A").next(); + Log.d("Error", error_response); try { - - DataOutputStream writer = new DataOutputStream(urlConnection.getOutputStream()); - writer.writeBytes(formatHttpParameters(parameters)); - writer.close(); - - is = urlConnection.getInputStream(); - String plain_response = new Scanner(is).useDelimiter("\\A").next(); - json_response = new JSONObject(plain_response); - } finally { - InputStream error_stream = urlConnection.getErrorStream(); - if(error_stream != null) { - String error_response = new Scanner(error_stream).useDelimiter("\\A").next(); - urlConnection.disconnect(); - Log.d("Error", error_response); - json_response = new JSONObject(error_response); - if(!json_response.isNull(ERRORS) || json_response.has(ERRORS)) { - return new JSONObject(); - } - } + error_message = new JSONObject(error_response); + } catch (JSONException e) { + Log.d(TAG, e.getMessage()); + e.printStackTrace(); } - - return json_response; + urlConnection.disconnect(); + } } + return error_message; + } private String formatHttpParameters(Map parameters) throws UnsupportedEncodingException { StringBuilder result = new StringBuilder(); -- cgit v1.2.3 From e08177035e65ea35249310bb963143a122a17ec7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 8 May 2014 10:37:14 +0200 Subject: Error messages fetched directly from api message. This has the problem of localized messages. irc log questioning: May 8th 2014 08:12 <@parmegv> mm, I was thinking... I was rephrasing the error messages given by our api during authentication 08:13 <@parmegv> I thought why should I rephrase it and think twice 08:13 <@parmegv> so now I'm just "pretty printing" the error message given by the api 08:13 <@parmegv> but that has a problem: they aren't localized 08:14 <@parmegv> would implementing a localized version of our error messages be useful? --- .../java/se/leap/bitmaskclient/ProviderAPI.java | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'app/src/debug/java') diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index 8481bf08..dc5b3876 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -218,16 +218,9 @@ public class ProviderAPI extends IntentService { BigInteger password_verifier = client.calculateV(username, password, salt); /* Send to the server */ JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); - if(result.has(ERRORS)) { - session_id_bundle.putBoolean(RESULT_KEY, false); - try { - // {"errors":{"login":["has already been taken","has already been taken"]}} - session_id_bundle.putString(getResources().getString(R.string.user_message), result.getJSONObject(ERRORS).toString()); - session_id_bundle.putString(LogInDialog.USERNAME, username); - } catch(JSONException e) { - e.printStackTrace(); - } - } + if(result.has(ERRORS)) + session_id_bundle = authFailedNotification(result, username); + Log.d(TAG, result.toString()); broadcast_progress(progress++); } else { @@ -318,11 +311,14 @@ public class ProviderAPI extends IntentService { } private Bundle authFailedNotification(JSONObject result, String username) { - Log.d(TAG, "authFailedNotification("+ result +")"); Bundle user_notification_bundle = new Bundle(); try{ - user_notification_bundle.putString(getResources().getString(R.string.user_message), result.getJSONObject(ERRORS).toString()); + JSONObject error_message = result.getJSONObject(ERRORS); + String error_type = error_message.keys().next().toString(); + String message = error_message.get(error_type).toString(); + user_notification_bundle.putString(getResources().getString(R.string.user_message), message); } catch(JSONException e) {} + if(!username.isEmpty()) user_notification_bundle.putString(LogInDialog.USERNAME, username); user_notification_bundle.putBoolean(RESULT_KEY, false); -- cgit v1.2.3 From daff611c70bb5e8b3bdc5f5c42bc776acb6e8e3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 8 May 2014 11:33:34 +0200 Subject: Automatically log in. Functionality copied to the Release build. --- .../java/se/leap/bitmaskclient/ProviderAPI.java | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'app/src/debug/java') diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index dc5b3876..dd7af633 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -175,9 +175,9 @@ public class ProviderAPI extends IntentService { } else if (action.equalsIgnoreCase(SRP_REGISTER)) { Bundle session_id_bundle = registerWithSRP(parameters); if(session_id_bundle.getBoolean(RESULT_KEY)) { - receiver.send(SRP_AUTHENTICATION_SUCCESSFUL, session_id_bundle); + receiver.send(SRP_REGISTRATION_SUCCESSFUL, session_id_bundle); } else { - receiver.send(SRP_AUTHENTICATION_FAILED, session_id_bundle); + receiver.send(SRP_REGISTRATION_FAILED, session_id_bundle); } } else if (action.equalsIgnoreCase(SRP_AUTH)) { Bundle session_id_bundle = authenticateBySRP(parameters); @@ -220,7 +220,11 @@ public class ProviderAPI extends IntentService { JSONObject result = sendNewUserDataToSRPServer(authentication_server, username, new BigInteger(1, salt).toString(16), password_verifier.toString(16)); if(result.has(ERRORS)) session_id_bundle = authFailedNotification(result, username); - + else { + session_id_bundle.putString(LogInDialog.USERNAME, username); + session_id_bundle.putString(LogInDialog.PASSWORD, password); + session_id_bundle.putBoolean(RESULT_KEY, true); + } Log.d(TAG, result.toString()); broadcast_progress(progress++); } else { @@ -377,9 +381,6 @@ public class ProviderAPI extends IntentService { parameters.put("login", username); parameters.put("A", clientA); return sendToServer(server_url + "/sessions.json", "POST", parameters); - - /*HttpPost post = new HttpPost(server_url + "/sessions.json" + "?" + "login=" + username + "&&" + "A=" + clientA); - return sendToServer(post);*/ } /** @@ -404,7 +405,7 @@ public class ProviderAPI extends IntentService { } /** - * Sends an HTTP POST request to the authentication server to register a new user. + * Sends an HTTP POST request to the api server to register a new user. * @param server_url * @param username * @param salted_password @@ -434,13 +435,6 @@ public class ProviderAPI extends IntentService { * @param request_method * @param parameters * @return response from authentication server - * @throws IOException - * @throws JSONException - * @throws MalformedURLException - * @throws CertificateException - * @throws NoSuchAlgorithmException - * @throws KeyStoreException - * @throws KeyManagementException */ private JSONObject sendToServer(String url, String request_method, Map parameters) { JSONObject json_response; -- cgit v1.2.3