From f15ca67765fe3d9e129398d4ee3daa27cedfe00d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 7 Nov 2013 16:24:58 +0100 Subject: Token based authentication implemented. We use the session id cookie in the SRP process, and then reset the cookie store (forgetting about that cookie) and store the authentication token in a static variable inside LeapSRPSession. --- src/se/leap/bitmaskclient/ProviderAPI.java | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'src/se/leap/bitmaskclient/ProviderAPI.java') diff --git a/src/se/leap/bitmaskclient/ProviderAPI.java b/src/se/leap/bitmaskclient/ProviderAPI.java index b23bdc7f..5c8b29ca 100644 --- a/src/se/leap/bitmaskclient/ProviderAPI.java +++ b/src/se/leap/bitmaskclient/ProviderAPI.java @@ -27,6 +27,7 @@ import java.net.CookieManager; import java.net.CookiePolicy; import java.net.MalformedURLException; import java.net.SocketTimeoutException; +import java.net.URISyntaxException; import java.net.URL; import java.net.URLConnection; import java.net.URLEncoder; @@ -343,6 +344,9 @@ public class ProviderAPI extends IntentService { session_idAndM2.put(ConfigHelper.SESSION_ID_COOKIE_KEY, session_id_cookie.getName()); session_idAndM2.put(ConfigHelper.SESSION_ID_KEY, session_id_cookie.getValue());*/ session_idAndM2.put(LeapSRPSession.M2, ConfigHelper.trim(M2_not_trimmed)); + CookieHandler.setDefault(null); // we don't need cookies anymore + String token = json_response.getString(LeapSRPSession.TOKEN); + LeapSRPSession.setToken(token); } return session_idAndM2; } @@ -516,6 +520,8 @@ public class ProviderAPI extends IntentService { provider_url = new URL(string_url); URLConnection url_connection = provider_url.openConnection(); url_connection.setConnectTimeout(seconds_of_timeout*1000); + if(!LeapSRPSession.getToken().isEmpty()) + url_connection.addRequestProperty(LeapSRPSession.TOKEN, LeapSRPSession.getToken()); json_file_content = new Scanner(url_connection.getInputStream()).useDelimiter("\\A").next(); } catch (MalformedURLException e) { json_file_content = formatErrorMessage(R.string.malformed_url); @@ -551,6 +557,8 @@ public class ProviderAPI extends IntentService { HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection(); urlConnection.setSSLSocketFactory(getProviderSSLSocketFactory()); + if(!LeapSRPSession.getToken().isEmpty()) + urlConnection.addRequestProperty(LeapSRPSession.TOKEN, LeapSRPSession.getToken()); json_file_content = new Scanner(urlConnection.getInputStream()).useDelimiter("\\A").next(); } catch (CertificateException e) { // TODO Auto-generated catch block @@ -710,11 +718,11 @@ public class ProviderAPI extends IntentService { try { String type_of_certificate = task.getString(ConfigurationWizard.TYPE_OF_CERTIFICATE); JSONObject provider_json = ConfigHelper.getJsonFromSharedPref(Provider.KEY); - URL provider_main_url = new URL(provider_json.getString(Provider.API_URL)); - String new_cert_string_url = provider_main_url.toString() + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE; + String provider_main_url = provider_json.getString(Provider.API_URL); + URL new_cert_string_url = new URL(provider_main_url + "/" + provider_json.getString(Provider.API_VERSION) + "/" + EIP.CERTIFICATE); boolean danger_on = ConfigHelper.getBoolFromSharedPref(ProviderItem.DANGER_ON); - String cert_string = downloadWithProviderCA(new_cert_string_url, true); + String cert_string = downloadWithProviderCA(new_cert_string_url, danger_on); if(!cert_string.isEmpty()) { if(ConfigHelper.checkErroneousDownload(cert_string)) { String reason_to_fail = provider_json.getString(ERRORS); -- cgit v1.2.3