From 5fd9cd738f26797cf16576bf4011852c9f3052a8 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 20 May 2019 23:58:26 +0200 Subject: improve provider json validation during setup --- .../se/leap/bitmaskclient/ProviderApiManagerBase.java | 19 ++++++++++--------- .../se/leap/bitmaskclient/ProviderApiManager.java | 4 ++-- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'app/src') diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java b/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java index 78ded399..5cf27854 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java +++ b/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java @@ -54,7 +54,6 @@ import okhttp3.OkHttpClient; import se.leap.bitmaskclient.Constants.CREDENTIAL_ERRORS; import se.leap.bitmaskclient.utils.ConfigHelper; -import static se.leap.bitmaskclient.utils.ConfigHelper.getFingerprintFromCertificate; import static se.leap.bitmaskclient.Constants.BROADCAST_PROVIDER_API_EVENT; import static se.leap.bitmaskclient.Constants.BROADCAST_RESULT_CODE; import static se.leap.bitmaskclient.Constants.BROADCAST_RESULT_KEY; @@ -107,6 +106,7 @@ import static se.leap.bitmaskclient.R.string.vpn_certificate_is_invalid; import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_cert; import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_details; import static se.leap.bitmaskclient.R.string.warning_expired_provider_cert; +import static se.leap.bitmaskclient.utils.ConfigHelper.getFingerprintFromCertificate; import static se.leap.bitmaskclient.utils.ConfigHelper.parseRsaKeyFromString; import static se.leap.bitmaskclient.utils.PreferenceHelper.deleteProviderDetailsFromPreferences; import static se.leap.bitmaskclient.utils.PreferenceHelper.getFromPersistedProvider; @@ -271,9 +271,6 @@ public abstract class ProviderApiManagerBase { } } - - - private Bundle tryToRegister(Provider provider, Bundle task) { Bundle result = new Bundle(); @@ -697,7 +694,14 @@ public abstract class ProviderApiManagerBase { } Bundle validateProviderDetails(Provider provider) { - Bundle result = validateCertificateForProvider(provider); + Bundle result = new Bundle(); + result.putBoolean(BROADCAST_RESULT_KEY, false); + + if (!provider.hasDefinition()) { + return result; + } + + result = validateCertificateForProvider(result, provider); //invalid certificate or no certificate if (result.containsKey(ERRORS) || (result.containsKey(BROADCAST_RESULT_KEY) && !result.getBoolean(BROADCAST_RESULT_KEY)) ) { @@ -709,10 +713,7 @@ public abstract class ProviderApiManagerBase { return result; } - protected Bundle validateCertificateForProvider(Provider provider) { - Bundle result = new Bundle(); - result.putBoolean(BROADCAST_RESULT_KEY, false); - + protected Bundle validateCertificateForProvider(Bundle result, Provider provider) { String caCert = provider.getCaCert(); if (ConfigHelper.checkErroneousDownload(caCert)) { diff --git a/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java b/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java index fe7e2491..cdbe5f60 100644 --- a/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java +++ b/app/src/production/java/se/leap/bitmaskclient/ProviderApiManager.java @@ -84,13 +84,13 @@ public class ProviderApiManager extends ProviderApiManagerBase { getPersistedProviderUpdates(provider); currentDownload = validateProviderDetails(provider); - //provider details invalid + //provider certificate invalid if (currentDownload.containsKey(ERRORS)) { currentDownload.putParcelable(PROVIDER_KEY, provider); return currentDownload; } - //no provider certificate available + //no provider json or certificate available if (currentDownload.containsKey(BROADCAST_RESULT_KEY) && !currentDownload.getBoolean(BROADCAST_RESULT_KEY)) { resetProviderDetails(provider); } -- cgit v1.2.3