From b762eed7b3f9117ec682fc6e44125934dddc8d41 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Wed, 18 Jun 2014 20:35:58 +0200
Subject: provider.json is downloaded before ca.crt

We don't assume ca.crt is in /ca.crt anymore, but fetch the complete url
from provider.json.

We also signup against users.json file instead of simple "users", which
worked for *.bitmask.net domains.
---
 .../java/se/leap/bitmaskclient/ProviderAPI.java    | 32 ++++++----
 .../main/java/se/leap/bitmaskclient/Provider.java  |  1 +
 .../java/se/leap/bitmaskclient/ProviderAPI.java    | 70 ++++++++++++----------
 3 files changed, 61 insertions(+), 42 deletions(-)

(limited to 'app/src')

diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
index dd7af633..2029a2f5 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
@@ -426,7 +426,7 @@ public class ProviderAPI extends IntentService {
 	parameters.put("user[password_verifier]", password_verifier);
 	Log.d(TAG, server_url);
 	Log.d(TAG, parameters.toString());
-	return sendToServer(server_url + "/users", "POST", parameters);
+	return sendToServer(server_url + "/users.json", "POST", parameters);
     }
 	
 	/**
@@ -538,16 +538,16 @@ public class ProviderAPI extends IntentService {
 			CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false;
 		}
 
-		if(!CA_CERT_DOWNLOADED)
-			current_download = downloadCACert(last_provider_main_url, last_danger_on);
-		if(CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
-			broadcast_progress(progress++);
-			CA_CERT_DOWNLOADED = true;
 			if(!PROVIDER_JSON_DOWNLOADED)
 				current_download = getAndSetProviderJson(last_provider_main_url, last_danger_on);
 			if(PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
+			    broadcast_progress(progress++);
+			    PROVIDER_JSON_DOWNLOADED = true;
+			    current_download = downloadCACert(last_danger_on);
+			    
+			    if(CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
 				broadcast_progress(progress++);
-				PROVIDER_JSON_DOWNLOADED = true;
+				CA_CERT_DOWNLOADED = true;
 				current_download = getAndSetEipServiceJson(); 
 				if(current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY)) {
 					broadcast_progress(progress++);
@@ -559,17 +559,25 @@ public class ProviderAPI extends IntentService {
 		return current_download;
 	}
 	
-	private Bundle downloadCACert(String provider_main_url, boolean danger_on) {
+	private Bundle downloadCACert(boolean danger_on) {
 		Bundle result = new Bundle();
-		String cert_string = downloadWithCommercialCA(provider_main_url + "/ca.crt", danger_on);
+		try {
+		    JSONObject provider_json = new JSONObject(getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(Provider.KEY, ""));
+		    String ca_cert_url = provider_json.getString(Provider.CA_CERT_URI);
+		    String cert_string = downloadWithCommercialCA(ca_cert_url, danger_on);
 
-	    if(validCertificate(cert_string) && setting_up_provider) {
-	    	getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(Provider.CA_CERT, cert_string).commit();
+		    if(validCertificate(cert_string) && setting_up_provider) {
+			getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(Provider.CA_CERT, cert_string).commit();
 			result.putBoolean(RESULT_KEY, true);
-		} else {
+		    } else {
 			String reason_to_fail = pickErrorMessage(cert_string);
 			result.putString(ERRORS, reason_to_fail);
 			result.putBoolean(RESULT_KEY, false);
+		    }
+		} catch (JSONException e) {
+		    String reason_to_fail = formatErrorMessage(R.string.malformed_url);
+		    result.putString(ERRORS, reason_to_fail);
+		    result.putBoolean(RESULT_KEY, false);
 		}
 		
 		return result;
diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java
index 216f4261..5326709f 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java
@@ -51,6 +51,7 @@ public final class Provider implements Serializable {
 	SERVICE = "service",
 	KEY = "provider",
 	CA_CERT = "ca_cert",
+	CA_CERT_URI = "ca_cert_uri",
 	NAME = "name",
 	DESCRIPTION = "description",
 	DOMAIN = "domain",
diff --git a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java
index 6d1ff879..a328dacc 100644
--- a/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java
+++ b/app/src/release/java/se/leap/bitmaskclient/ProviderAPI.java
@@ -421,7 +421,7 @@ public class ProviderAPI extends IntentService {
 	parameters.put("user[password_verifier]", password_verifier);
 	Log.d(TAG, server_url);
 	Log.d(TAG, parameters.toString());
-	return sendToServer(server_url + "/users", "POST", parameters);
+	return sendToServer(server_url + "/users.json", "POST", parameters);
     }
 	
 	/**
@@ -530,47 +530,57 @@ public class ProviderAPI extends IntentService {
 	 * @param task containing a boolean meaning if the provider is custom or not, another boolean meaning if the user completely trusts this provider, the provider name and its provider.json url.
 	 * @return a bundle with a boolean value mapped to a key named RESULT_KEY, and which is true if the update was successful. 
 	 */
-	private Bundle setUpProvider(Bundle task) {
-		int progress = 0;
-		Bundle current_download = new Bundle();
+    private Bundle setUpProvider(Bundle task) {
+	int progress = 0;
+	Bundle current_download = new Bundle();
 		
-		if(task != null && task.containsKey(Provider.MAIN_URL)) {
-			last_provider_main_url = task.getString(Provider.MAIN_URL);
-			CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false;
-		}
+	if(task != null && task.containsKey(Provider.MAIN_URL)) {
+	    last_provider_main_url = task.getString(Provider.MAIN_URL);
+	    CA_CERT_DOWNLOADED = PROVIDER_JSON_DOWNLOADED = EIP_SERVICE_JSON_DOWNLOADED = false;
+	}
 
-		if(!CA_CERT_DOWNLOADED)
-			current_download = downloadCACert(last_provider_main_url);
-		if(CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
-			broadcast_progress(progress++);
-			CA_CERT_DOWNLOADED = true;
-			if(!PROVIDER_JSON_DOWNLOADED)
-				current_download = getAndSetProviderJson(last_provider_main_url); 
-			if(PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
-				broadcast_progress(progress++);
-				PROVIDER_JSON_DOWNLOADED = true;
-				current_download = getAndSetEipServiceJson(); 
-				if(current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY)) {
-					broadcast_progress(progress++);
-					EIP_SERVICE_JSON_DOWNLOADED = true;
-				}
-			}
+	if(!PROVIDER_JSON_DOWNLOADED)
+	    current_download = getAndSetProviderJson(last_provider_main_url); 
+	if(PROVIDER_JSON_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
+	    broadcast_progress(progress++);
+	    PROVIDER_JSON_DOWNLOADED = true;
+				
+	    if(!CA_CERT_DOWNLOADED)
+		current_download = downloadCACert();
+	    if(CA_CERT_DOWNLOADED || (current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY))) {
+		broadcast_progress(progress++);
+		CA_CERT_DOWNLOADED = true;
+		current_download = getAndSetEipServiceJson(); 
+		if(current_download.containsKey(RESULT_KEY) && current_download.getBoolean(RESULT_KEY)) {
+		    broadcast_progress(progress++);
+		    EIP_SERVICE_JSON_DOWNLOADED = true;
 		}
+	    }
+	}
 		
-		return current_download;
+	return current_download;
 	}
 	
-	private Bundle downloadCACert(String provider_main_url) {
+	private Bundle downloadCACert() {
 		Bundle result = new Bundle();
-		String cert_string = downloadWithCommercialCA(provider_main_url + "/ca.crt");
+		try {
+		    JSONObject provider_json = new JSONObject(getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(Provider.KEY, ""));
+		    String ca_cert_url = provider_json.getString(Provider.CA_CERT_URI);
+		    String cert_string = downloadWithCommercialCA(ca_cert_url);
+		    result.putBoolean(RESULT_KEY, true);
 
-	    if(validCertificate(cert_string) && setting_up_provider) {
-	    	getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(Provider.CA_CERT, cert_string).commit();
+		    if(validCertificate(cert_string) && setting_up_provider) {
+			getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putString(Provider.CA_CERT, cert_string).commit();
 			result.putBoolean(RESULT_KEY, true);
-		} else {
+		    } else {
 			String reason_to_fail = pickErrorMessage(cert_string);
 			result.putString(ERRORS, reason_to_fail);
 			result.putBoolean(RESULT_KEY, false);
+		    }
+		} catch (JSONException e) {
+		    String reason_to_fail = formatErrorMessage(R.string.malformed_url);
+		    result.putString(ERRORS, reason_to_fail);
+		    result.putBoolean(RESULT_KEY, false);
 		}
 		
 		return result;
-- 
cgit v1.2.3