From 8301b4bc5b24561b77d3381ea2e8ff8c72368669 Mon Sep 17 00:00:00 2001
From: cyBerta <cyberta@riseup.net>
Date: Tue, 17 May 2022 15:54:22 +0200
Subject: use snowflake if necessary to update invalid vpn cert. Show cert
 update message in UI

---
 .../providersetup/ProviderApiManager.java          | 46 ++++++++++++----------
 1 file changed, 25 insertions(+), 21 deletions(-)

(limited to 'app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java')

diff --git a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java
index d1de62a0..63b24ea2 100644
--- a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java
+++ b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java
@@ -199,29 +199,22 @@ public class ProviderApiManager extends ProviderApiManagerBase {
     @Override
     protected Bundle updateVpnCertificate(Provider provider) {
         Bundle result = new Bundle();
-        try {
-            URL newCertStringUrl = new URL(provider.getApiUrlWithVersion() + "/" + PROVIDER_VPN_CERTIFICATE);
-
-            String certString = downloadWithProviderCA(provider.getCaCert(), newCertStringUrl.toString());
-            if (DEBUG_MODE) {
-                VpnStatus.logDebug("[API] VPN CERT: " + certString);
-            }
-            if (ConfigHelper.checkErroneousDownload(certString)) {
-                if (certString == null || certString.isEmpty()) {
-                    // probably 204
-                    setErrorResult(result, error_io_exception_user_message, null);
-                } else {
-                    setErrorResult(result, certString);
-                    return result;
-                }
+        String certString = downloadFromVersionedApiUrlWithProviderCA("/" + PROVIDER_VPN_CERTIFICATE, provider);
+        if (DEBUG_MODE) {
+            VpnStatus.logDebug("[API] VPN CERT: " + certString);
+        }
+        if (ConfigHelper.checkErroneousDownload(certString)) {
+            if (TorStatusObservable.getStatus() != OFF && TorStatusObservable.getProxyPort() != -1) {
+                setErrorResult(result, downloading_vpn_certificate_failed, null);
+            } else if (certString == null || certString.isEmpty() ){
+                // probably 204
+                setErrorResult(result, error_io_exception_user_message, null);
+            } else {
+                setErrorResult(result, certString);
             }
-            return loadCertificate(provider, certString);
-        } catch (IOException e) {
-            // TODO try to get Provider Json
-            setErrorResult(result, downloading_vpn_certificate_failed, null);
-            e.printStackTrace();
+            return result;
         }
-        return result;
+        return loadCertificate(provider, certString);
     }
 
     /**
@@ -352,6 +345,17 @@ public class ProviderApiManager extends ProviderApiManagerBase {
         return downloadFromUrlWithProviderCA(urlString, provider);
     }
 
+    /**
+     * Tries to download the contents of $base_url/$version/$path using not commercially validated CA certificate from chosen provider.
+     *
+     * @return an empty string if it fails, the response body if not.
+     */
+    private String downloadFromVersionedApiUrlWithProviderCA(String path, Provider provider) {
+        String baseUrl = provider.getApiUrlWithVersion();
+        String urlString = baseUrl + path;
+        return downloadFromUrlWithProviderCA(urlString, provider);
+    }
+
     private String downloadFromUrlWithProviderCA(String urlString, Provider provider) {
         return downloadFromUrlWithProviderCA(urlString, provider, true);
     }
-- 
cgit v1.2.3


From e7395b411c9e50067c59dcadfc8d922855bef96d Mon Sep 17 00:00:00 2001
From: cyBerta <cyberta@riseup.net>
Date: Thu, 19 May 2022 13:21:23 +0200
Subject: use better check if tor is running on vpn certificate update error
 handling

---
 .../java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java   | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java')

diff --git a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java
index 63b24ea2..3ec04f32 100644
--- a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java
+++ b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java
@@ -25,7 +25,6 @@ import android.util.Pair;
 import org.json.JSONException;
 import org.json.JSONObject;
 
-import java.io.IOException;
 import java.net.URL;
 import java.util.List;
 import java.util.concurrent.TimeoutException;
@@ -204,7 +203,7 @@ public class ProviderApiManager extends ProviderApiManagerBase {
             VpnStatus.logDebug("[API] VPN CERT: " + certString);
         }
         if (ConfigHelper.checkErroneousDownload(certString)) {
-            if (TorStatusObservable.getStatus() != OFF && TorStatusObservable.getProxyPort() != -1) {
+            if (TorStatusObservable.isRunning()) {
                 setErrorResult(result, downloading_vpn_certificate_failed, null);
             } else if (certString == null || certString.isEmpty() ){
                 // probably 204
-- 
cgit v1.2.3