From b762eed7b3f9117ec682fc6e44125934dddc8d41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 18 Jun 2014 20:35:58 +0200 Subject: provider.json is downloaded before ca.crt We don't assume ca.crt is in /ca.crt anymore, but fetch the complete url from provider.json. We also signup against users.json file instead of simple "users", which worked for *.bitmask.net domains. --- .../java/se/leap/bitmaskclient/ProviderAPI.java | 70 ++++++++++++---------- 1 file changed, 40 insertions(+), 30 deletions(-) (limited to 'app/src/release/java/se/leap') diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index 6d1ff879..a328dacc 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -421,7 +421,7 @@ public class ProviderAPI extends IntentService { parameters.put("user[password_verifier]", password_verifier); Log.d(TAG, server_url); Log.d(TAG, parameters.toString()); - return sendToServer(server_url + "/users", "POST", parameters); + return sendToServer(server_url + "/users.json", "POST", parameters); } /** @@ -530,47 +530,57 @@ public class ProviderAPI extends IntentService { * @param task containing a boolean meaning if the provider is custom or not, another boolean meaning if the user completely trusts this provider, the provider name and its provider.json url. * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if the update was successful. */ - private Bundle setUpProvider(Bundle task) { - int progress = 0; - Bundle current_download = new Bundle(); + private Bundle setUpProvider(Bundle task) { + int progress = 0; + Bundle current_download = new Bundle(); - if(task != null && task.containsKey(Provider.MAIN_URL)) { - last_provider_main_url = task.getString(Provider.MAIN_URL); - CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false; - } + if(task != null && task.containsKey(Provider.MAIN_URL)) { + last_provider_main_url = task.getString(Provider.MAIN_URL); + CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false; + } - if(!CA_CERT_DOWNLOADED) - current_download = downloadCACert(last_provider_main_url); - if(CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { - broadcast_progress(progress++); - CA_CERT_DOWNLOADED = true; - if(!PROVIDER_JSON_DOWNLOADED) - current_download = getAndSetProviderJson(last_provider_main_url); - if(PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { - broadcast_progress(progress++); - PROVIDER_JSON_DOWNLOADED = true; - current_download = getAndSetEipServiceJson(); - if(current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY)) { - broadcast_progress(progress++); - EIP_SERVICE_JSON_DOWNLOADED = true; - } - } + if(!PROVIDER_JSON_DOWNLOADED) + current_download = getAndSetProviderJson(last_provider_main_url); + if(PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { + broadcast_progress(progress++); + PROVIDER_JSON_DOWNLOADED = true; + + if(!CA_CERT_DOWNLOADED) + current_download = downloadCACert(); + if(CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) { + broadcast_progress(progress++); + CA_CERT_DOWNLOADED = true; + current_download = getAndSetEipServiceJson(); + if(current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY)) { + broadcast_progress(progress++); + EIP_SERVICE_JSON_DOWNLOADED = true; } + } + } - return current_download; + return current_download; } - private Bundle downloadCACert(String provider_main_url) { + private Bundle downloadCACert() { Bundle result = new Bundle(); - String cert_string = downloadWithCommercialCA(provider_main_url + "/ca.crt"); + try { + JSONObject provider_json = new JSONObject(getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(Provider.KEY, "")); + String ca_cert_url = provider_json.getString(Provider.CA_CERT_URI); + String cert_string = downloadWithCommercialCA(ca_cert_url); + result.putBoolean(RESULT_KEY, true); - if(validCertificate(cert_string) && setting_up_provider) { - getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(Provider.CA_CERT, cert_string).commit(); + if(validCertificate(cert_string) && setting_up_provider) { + getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(Provider.CA_CERT, cert_string).commit(); result.putBoolean(RESULT_KEY, true); - } else { + } else { String reason_to_fail = pickErrorMessage(cert_string); result.putString(ERRORS, reason_to_fail); result.putBoolean(RESULT_KEY, false); + } + } catch (JSONException e) { + String reason_to_fail = formatErrorMessage(R.string.malformed_url); + result.putString(ERRORS, reason_to_fail); + result.putBoolean(RESULT_KEY, false); } return result; -- cgit v1.2.3 From 0bf036dae1cc8d2be7129cd8f39474af8cdb9f30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Fri, 20 Jun 2014 12:29:56 +0200 Subject: Service is down message correctly shown. I've also fixed another message: if a file to be downloaded is not found, we say the entered provider isn't a LEAP provider. This is based on the fact that if provider.json doesn't exist/contain valid information, then the url isn't pointing to a LEAP provider. --- app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'app/src/release/java/se/leap') diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index a328dacc..fa96fffa 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -25,6 +25,7 @@ import java.math.BigInteger; import java.net.CookieHandler; import java.net.CookieManager; import java.net.CookiePolicy; +import java.net.ConnectException; import java.net.MalformedURLException; import java.net.SocketTimeoutException; import java.net.URISyntaxException; @@ -32,6 +33,7 @@ import java.net.URL; import java.net.URLConnection; import java.net.URLEncoder; import java.net.UnknownHostException; +import javax.net.ssl.SSLHandshakeException; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -705,14 +707,20 @@ public class ProviderAPI extends IntentService { } catch (MalformedURLException e) { json_file_content = formatErrorMessage(R.string.malformed_url); } catch(SocketTimeoutException e) { + e.printStackTrace(); json_file_content = formatErrorMessage(R.string.server_unreachable_message); - } catch (IOException e) { + } catch (SSLHandshakeException e) { if(provider_url != null) { json_file_content = downloadWithProviderCA(string_url); } else { json_file_content = formatErrorMessage(R.string.certificate_error); } + } catch(ConnectException e) { + json_file_content = formatErrorMessage(R.string.service_is_down_error); + } catch (FileNotFoundException e) { + json_file_content = formatErrorMessage(R.string.malformed_url); } catch (Exception e) { + e.printStackTrace(); if(provider_url != null) { json_file_content = downloadWithProviderCA(string_url); } @@ -821,7 +829,7 @@ public class ProviderAPI extends IntentService { System.out.println("String ignoring certificate = " + string); } catch (FileNotFoundException e) { e.printStackTrace(); - string = formatErrorMessage(R.string.server_unreachable_message); + string = formatErrorMessage(R.string.malformed_url); } catch (IOException e) { // The downloaded certificate doesn't validate our https connection. e.printStackTrace(); -- cgit v1.2.3 From 7788fcbee03e18d9633723347156b9386b6b2fc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 26 Jun 2014 09:54:11 +0200 Subject: New openvpn cert -> create a vpn profile. --- .../release/java/se/leap/bitmaskclient/ProviderAPI.java | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) (limited to 'app/src/release/java/se/leap') diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index fa96fffa..cdac8197 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -190,7 +190,7 @@ public class ProviderAPI extends IntentService { receiver.send(LOGOUT_FAILED, Bundle.EMPTY); } } else if (action.equalsIgnoreCase(DOWNLOAD_CERTIFICATE)) { - if(getNewCert(parameters)) { + if(updateVpnCertificate()) { receiver.send(CORRECTLY_DOWNLOADED_CERTIFICATE, Bundle.EMPTY); } else { receiver.send(INCORRECTLY_DOWNLOADED_CERTIFICATE, Bundle.EMPTY); @@ -890,16 +890,25 @@ public class ProviderAPI extends IntentService { return true; } + private boolean updateVpnCertificate() { + getNewCert(); + + getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putInt(EIP.PARSED_SERIAL, 0).commit(); + Intent updateEIP = new Intent(getApplicationContext(), EIP.class); + updateEIP.setAction(EIP.ACTION_UPDATE_EIP_SERVICE); + startService(updateEIP); + + return true; + } + /** * Downloads a new OpenVPN certificate, attaching authenticated cookie for authenticated certificate. * - * @param task containing the type of the certificate to be downloaded * @return true if certificate was downloaded correctly, false if provider.json is not present in SharedPreferences, or if the certificate url could not be parsed as a URI, or if there was an SSL error. */ - private boolean getNewCert(Bundle task) { + private boolean getNewCert() { try { - String type_of_certificate = task.getString(ConfigurationWizard.TYPE_OF_CERTIFICATE); JSONObject provider_json = new JSONObject(getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(Provider.KEY, "")); String provider_main_url = provider_json.getString(Provider.API_URL); -- cgit v1.2.3 From ca9952b324d153d1580f73ce8c999542ec1883c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 2 Jul 2014 19:48:34 +0200 Subject: Fetch new certificate and restart EIP. --- app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java | 1 + 1 file changed, 1 insertion(+) (limited to 'app/src/release/java/se/leap') diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index cdac8197..8baaacc7 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -190,6 +190,7 @@ public class ProviderAPI extends IntentService { receiver.send(LOGOUT_FAILED, Bundle.EMPTY); } } else if (action.equalsIgnoreCase(DOWNLOAD_CERTIFICATE)) { + Log.d(TAG, "action.equalsIgnoreCase(DOWNLOAD_CERTIFICATE)"); if(updateVpnCertificate()) { receiver.send(CORRECTLY_DOWNLOADED_CERTIFICATE, Bundle.EMPTY); } else { -- cgit v1.2.3 From a23c12674abd836b3abd4feeaf057236cfd0ca27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Mon, 7 Jul 2014 19:28:13 +0200 Subject: New certificate if half of its lifetime passed. It takes for granted that the certificate is valid from the very same date it's downloaded. --- app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/src/release/java/se/leap') diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java index 8baaacc7..625125d8 100644 --- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java @@ -43,6 +43,7 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateKey; +import java.util.Calendar; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -944,7 +945,7 @@ public class ProviderAPI extends IntentService { X509Certificate certCert = ConfigHelper.parseX509CertificateFromString(certificateString); certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(EIP.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit(); - + getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(EIP.DATE_FROM_CERTIFICATE, EIP.certificate_date_format.format(Calendar.getInstance().getTime())).commit(); return true; } catch (CertificateException e) { // TODO Auto-generated catch block -- cgit v1.2.3