From 203c8caca5a305b90fd0e69c965e503afe979354 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Thu, 14 Mar 2013 19:53:31 +0100
Subject: After downloading provider.json successfully, ConfigurationWizard now
 can download eip-service.json and ca.crt without having the latter as a
 predefined trusted certificate. It does not ask anything about trusting the
 new certificate as far as selecting a custom provider means that the user
 trusts that url.

Next step: make provider.json also downloadable from https address using
ca.cert not trusted.
---
 src/se/leap/leapclient/LeapHttpClient.java | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

(limited to 'src/se/leap/leapclient/LeapHttpClient.java')

diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java
index 9e1a541b..9ee0a95e 100644
--- a/src/se/leap/leapclient/LeapHttpClient.java
+++ b/src/se/leap/leapclient/LeapHttpClient.java
@@ -33,23 +33,16 @@ public class LeapHttpClient extends DefaultHttpClient {
 	  private SSLSocketFactory newSslSocketFactory() {
 	      try {
 	          // Get an instance of the Bouncy Castle KeyStore format
-	          KeyStore trusted = KeyStore.getInstance("BKS");
-	          // Get the raw resource, which contains the keystore with
-	          // your trusted certificates (root and any intermediate certs)
-	          InputStream in = context.getResources().openRawResource(R.raw.leapkeystore);
-	          try {
-	              // Initialize the keystore with the provided trusted certificates
-	              // Also provide the password of the keystore
-	              trusted.load(in, "uer92jf".toCharArray());
-	          } finally {
-	              in.close();
-	          }
+	          KeyStore trusted = ConfigHelper.getKeystore();
+	          
 	          // Pass the keystore to the SSLSocketFactory. The factory is responsible
 	          // for the verification of the server certificate.
 	          SSLSocketFactory sf = new SSLSocketFactory(trusted);
+	          
 	          // Hostname verification from certificate
 	          // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
 	          sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+	          
 	          return sf;
 	      } catch (Exception e) {
 	          throw new AssertionError(e);
-- 
cgit v1.2.3