From 24788afa45ff46616b41626e7607d4461ab77387 Mon Sep 17 00:00:00 2001 From: Fup Duck Date: Mon, 12 Feb 2018 13:35:16 +0100 Subject: 8827 - remove caCertificate from Provider It's already represented by CertificatePin & CertificatePinEncoding --- .../java/se/leap/bitmaskclient/ConfigHelper.java | 1 - .../main/java/se/leap/bitmaskclient/Provider.java | 22 ---------------------- .../leap/bitmaskclient/ProviderApiManagerBase.java | 22 ++++------------------ 3 files changed, 4 insertions(+), 41 deletions(-) (limited to 'app') diff --git a/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java index ba078701..7b2accd6 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/ConfigHelper.java @@ -280,7 +280,6 @@ public class ConfigHelper { provider.setMainUrl(new URL(preferences.getString(Provider.MAIN_URL, ""))); provider.define(new JSONObject(preferences.getString(Provider.KEY, ""))); provider.setCaCert(preferences.getString(Provider.CA_CERT, "")); - provider.setCaCertFingerprint(preferences.getString(Provider.CA_CERT_FINGERPRINT, "")); provider.setVpnCertificate(preferences.getString(PROVIDER_VPN_CERTIFICATE, "")); provider.setPrivateKey(preferences.getString(PROVIDER_PRIVATE_KEY, "")); } catch (MalformedURLException | JSONException e) { diff --git a/app/src/main/java/se/leap/bitmaskclient/Provider.java b/app/src/main/java/se/leap/bitmaskclient/Provider.java index 7aa2f398..a2f50dd9 100644 --- a/app/src/main/java/se/leap/bitmaskclient/Provider.java +++ b/app/src/main/java/se/leap/bitmaskclient/Provider.java @@ -45,7 +45,6 @@ public final class Provider implements Parcelable { private String certificatePin = ""; private String certificatePinEncoding = ""; private String caCert = ""; - private String caCertFingerprint = ""; private String apiVersion = ""; private String privateKey = ""; private String vpnCertificate = ""; @@ -191,12 +190,6 @@ public final class Provider implements Parcelable { return apiVersion; } - protected String certificatePin() { return certificatePin; } - - protected boolean hasCertificatePin() { - return certificatePin != null && !certificatePin.isEmpty(); - } - boolean hasCaCert() { return caCert != null && !caCert.isEmpty(); } @@ -210,10 +203,6 @@ public final class Provider implements Parcelable { return caCert; } - public String getCaCertFingerprint() { - return caCertFingerprint; - } - public String getName() { // Should we pass the locale in, or query the system here? String lang = Locale.getDefault().getLanguage(); @@ -276,7 +265,6 @@ public final class Provider implements Parcelable { parcel.writeString(getMainUrlString()); parcel.writeString(getDefinitionString()); parcel.writeString(getCaCert()); - parcel.writeString(getCaCertFingerprint()); parcel.writeString(getEipServiceJsonString()); parcel.writeString(getPrivateKey()); parcel.writeString(getVpnCertificate()); @@ -294,7 +282,6 @@ public final class Provider implements Parcelable { certificatePin.equals(p.getCertificatePin()) && certificatePinEncoding.equals(p.getCertificatePinEncoding()) && caCert.equals(p.getCaCert()) && - caCertFingerprint.equals(p.getCaCertFingerprint()) && apiVersion.equals(p.getApiVersion()) && privateKey.equals(p.getPrivateKey()) && vpnCertificate.equals(p.getVpnCertificate()) && @@ -340,10 +327,6 @@ public final class Provider implements Parcelable { this.caCert = tmpString; } tmpString = in.readString(); - if (!tmpString.isEmpty()) { - this.caCertFingerprint = tmpString; - } - tmpString = in.readString(); if (!tmpString.isEmpty()) { this.setEipServiceJson(new JSONObject(tmpString)); } @@ -378,10 +361,6 @@ public final class Provider implements Parcelable { this.caCert = cert; } - public void setCaCertFingerprint(String certFingerprint) { - this.caCertFingerprint = certFingerprint; - } - public boolean allowsAnonymous() { return allowAnonymous; } @@ -451,7 +430,6 @@ public final class Provider implements Parcelable { certificatePin = ""; certificatePinEncoding = ""; caCert = ""; - caCertFingerprint = ""; apiVersion = ""; privateKey = ""; vpnCertificate = ""; diff --git a/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java b/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java index f4fee635..505ee55b 100644 --- a/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java +++ b/app/src/main/java/se/leap/bitmaskclient/ProviderApiManagerBase.java @@ -683,7 +683,6 @@ public abstract class ProviderApiManagerBase { result.putBoolean(BROADCAST_RESULT_KEY, false); String caCert = provider.getCaCert(); - JSONObject providerDefinition = provider.getDefinition(); if (ConfigHelper.checkErroneousDownload(caCert)) { return result; @@ -695,15 +694,15 @@ public abstract class ProviderApiManagerBase { } try { certificate.checkValidity(); - String fingerprint = getCaCertFingerprint(providerDefinition); - String encoding = fingerprint.split(":")[0]; - String expectedFingerprint = fingerprint.split(":")[1]; + String encoding = provider.getCertificatePinEncoding(); + String expectedFingerprint = provider.getCertificatePin(); + String realFingerprint = getFingerprintFromCertificate(certificate, encoding); if (!realFingerprint.trim().equalsIgnoreCase(expectedFingerprint.trim())) { return setErrorResult(result, warning_corrupted_provider_cert, ERROR_CERTIFICATE_PINNING.toString()); } - if (!canConnect(caCert, providerDefinition, result)) { + if (!canConnect(caCert, provider.getDefinition(), result)) { return result; } } catch (NoSuchAlgorithmException e ) { @@ -730,15 +729,6 @@ public abstract class ProviderApiManagerBase { return result; } - protected String getCaCertFingerprint(JSONObject providerDefinition) { - try { - return providerDefinition.getString(Provider.CA_CERT_FINGERPRINT); - } catch (JSONException e) { - e.printStackTrace(); - } - return ""; - } - protected String getApiUrl(JSONObject providerDefinition) { try { return providerDefinition.getString(Provider.API_URL); @@ -748,10 +738,6 @@ public abstract class ProviderApiManagerBase { return ""; } - protected String getPersistedCaCertFingerprint(String providerDomain) { - return ConfigHelper.getFromPersistedProvider(Provider.CA_CERT_FINGERPRINT, providerDomain, preferences); - } - protected String getPersistedPrivateKey(String providerDomain) { return ConfigHelper.getFromPersistedProvider(PROVIDER_PRIVATE_KEY, providerDomain, preferences); } -- cgit v1.2.3