From 8ab36864e2a393df077073f8618a4fc55c307522 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Parm=C3=A9nides=20GV?= <parmegv@sdf.org>
Date: Mon, 4 Feb 2013 18:44:38 +0100
Subject: Secure HTTP working with certificates downloaded from api.bitmask.net
 and bitmask.net.

Both prefs are downloaded and parsed to SharedPreferences.
---
 src/se/leap/leapclient/ConfigHelper.java   |  1 +
 src/se/leap/leapclient/LeapHttpClient.java | 58 ++++++++++++++++++++++++++++++
 src/se/leap/leapclient/ProviderAPI.java    | 35 +++++++-----------
 3 files changed, 72 insertions(+), 22 deletions(-)
 create mode 100644 src/se/leap/leapclient/LeapHttpClient.java

(limited to 'src/se')

diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index 174ff79f..9b857b0d 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -1,5 +1,6 @@
 package se.leap.leapclient;
 
+
 import org.json.JSONException;
 import org.json.JSONObject;
 
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java
new file mode 100644
index 00000000..41cb7879
--- /dev/null
+++ b/src/se/leap/leapclient/LeapHttpClient.java
@@ -0,0 +1,58 @@
+package se.leap.leapclient;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.conn.scheme.PlainSocketFactory;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeRegistry;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.SingleClientConnManager;
+
+import android.content.Context;
+
+public class LeapHttpClient extends DefaultHttpClient {
+	final Context context;
+
+	  public LeapHttpClient(Context context) {
+	      this.context = context;
+	  }
+
+	  @Override
+	  protected ClientConnectionManager createClientConnectionManager() {
+	      SchemeRegistry registry = new SchemeRegistry();
+	      registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
+	      // Register for port 443 our SSLSocketFactory with our keystore
+	      // to the ConnectionManager
+	      registry.register(new Scheme("https", newSslSocketFactory(), 443));
+	      return new SingleClientConnManager(getParams(), registry);
+	  }
+
+	  private SSLSocketFactory newSslSocketFactory() {
+	      try {
+	          // Get an instance of the Bouncy Castle KeyStore format
+	          KeyStore trusted = KeyStore.getInstance("BKS");
+	          // Get the raw resource, which contains the keystore with
+	          // your trusted certificates (root and any intermediate certs)
+	          InputStream in = context.getResources().openRawResource(R.raw.leapkeystore);
+	          try {
+	              // Initialize the keystore with the provided trusted certificates
+	              // Also provide the password of the keystore
+	              trusted.load(in, "uer92jf".toCharArray());
+	          } finally {
+	              in.close();
+	          }
+	          // Pass the keystore to the SSLSocketFactory. The factory is responsible
+	          // for the verification of the server certificate.
+	          SSLSocketFactory sf = new SSLSocketFactory(trusted);
+	          // Hostname verification from certificate
+	          // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506
+	          sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
+	          return sf;
+	      } catch (Exception e) {
+	          throw new AssertionError(e);
+	      }
+	  }
+}
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 40638180..d487ebe3 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -1,15 +1,12 @@
 package se.leap.leapclient;
 
-import java.io.BufferedInputStream;
 import java.io.IOException;
-import java.io.InputStream;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.net.URLConnection;
 import java.util.Scanner;
 
-import javax.net.ssl.HttpsURLConnection;
-
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.DefaultHttpClient;
 import org.json.JSONException;
 import org.json.JSONObject;
 
@@ -48,23 +45,17 @@ public class ProviderAPI extends IntentService {
 	}
 
 	private JSONObject getFromProvider(String json_url) throws IOException, JSONException {
-		URL url = new URL(json_url);
+		
 		String json_file_content = "";
-		URLConnection urlConnection = null;
 		
-		if (url.getProtocol().equalsIgnoreCase("https")) {
-			urlConnection = (HttpsURLConnection) url.openConnection();
-		} else if (url.getProtocol().equalsIgnoreCase("http")) {
-			urlConnection = (HttpURLConnection) url.openConnection();
-		}
-
-		try {
-			InputStream in = new BufferedInputStream(
-					urlConnection.getInputStream());
-			json_file_content = new Scanner(in).useDelimiter("\\A").next();
-		} finally {
-			((HttpURLConnection) urlConnection).disconnect();
-		}
+		DefaultHttpClient client = new LeapHttpClient(getApplicationContext());
+		HttpGet get = new HttpGet(json_url);
+		// Execute the GET call and obtain the response
+		HttpResponse getResponse = client.execute(get);
+		HttpEntity responseEntity = getResponse.getEntity();
+		
+		json_file_content = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
+		
 		
 		return new JSONObject(json_file_content);
 	}
-- 
cgit v1.2.3