From 5bb1d3baf93c76e7ec70a8abd5584c33f75383b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Thu, 9 Oct 2014 18:16:28 +0200
Subject: Check self-signed fingerprint.

---
 .../java/se/leap/bitmaskclient/ProviderAPI.java    | 49 ++++++++++++++++------
 1 file changed, 36 insertions(+), 13 deletions(-)

(limited to 'app/src/debug')

diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
index e729d0bc..c7461d7a 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
@@ -43,6 +43,7 @@ import java.net.UnknownHostException;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.security.cert.CertificateEncodingException;
@@ -589,21 +590,43 @@ public class ProviderAPI extends IntentService {
 		return CA_CERT_DOWNLOADED;
 	}
 
-	private boolean validCertificate(String cert_string) {
-		boolean result = false;
-		if(!ConfigHelper.checkErroneousDownload(cert_string)) {
-			X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(cert_string);
-			try {
-				Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
-				result = true;
-			} catch (CertificateEncodingException e) {
-				Log.d(TAG, e.getLocalizedMessage());
-			}
-		}
+    private boolean validCertificate(String cert_string) {
+	boolean result = false;
+	if(!ConfigHelper.checkErroneousDownload(cert_string)) {
+	    X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(cert_string);
+	    try {
+		JSONObject provider_json = new JSONObject(getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(Provider.KEY, ""));
+		String fingerprint = provider_json.getString(Provider.CA_CERT_FINGERPRINT);
+		String encoding = fingerprint.split(":")[0];
+		String expected_fingerprint = fingerprint.split(":")[1];
+		String real_fingerprint = base64toHex(Base64.encodeToString(
+									    MessageDigest.getInstance(encoding).digest(certificate.getEncoded()),
+									    Base64.DEFAULT));
+
+		result = real_fingerprint.trim().equalsIgnoreCase(expected_fingerprint.trim());
+	    } catch (JSONException e) {
+		result = false;
+	    } catch (NoSuchAlgorithmException e) {
+		result = false;
+	    } catch (CertificateEncodingException e) {
+		result = false;
+	    }
+	}
 		
-		return result;
+	return result;
+    }
+
+    private String base64toHex(String base64_input) {
+	byte[] byteArray = Base64.decode(base64_input, Base64.DEFAULT);
+	int readBytes = byteArray.length;
+	StringBuffer hexData = new StringBuffer();
+	int onebyte;
+	for (int i=0; i < readBytes; i++) {
+	    onebyte = ((0x000000ff & byteArray[i]) | 0xffffff00);
+	    hexData.append(Integer.toHexString(onebyte).substring(6));
 	}
-	
+	return hexData.toString();
+    }	
 	private Bundle getAndSetProviderJson(String provider_main_url, boolean danger_on) {
 		Bundle result = new Bundle();
 
-- 
cgit v1.2.3