summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-07-20 12:01:11 +0200
committerParménides GV <parmegv@sdf.org>2013-07-20 12:03:49 +0200
commit6b740cdb44bd4f7181f93b6c15e772d14fb96796 (patch)
tree7dc1801837b27bfc98abdcceb0815ef82e6aedf9
parent5ed843dd7dfdddc9c64568a464ed550ba2185ac9 (diff)
If IOException, use current provider CA cert.
If the CA cert was correctly downloaded, we assume it can be used to validate the string download. If CA cert cannot validate that connection, then if the trust completely checkbox was checked it will try with the other methods. If it was not checked, a certificate error is shown (telling the user the provider is not trusted).
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java19
1 files changed, 12 insertions, 7 deletions
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index db53d6f..a5da4b4 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -392,14 +392,14 @@ public class ProviderAPI extends IntentService {
} catch(SocketTimeoutException e) {
displayToast(R.string.server_is_down_message);
} catch (IOException e) {
- if(provider_url != null && danger_on) {
- json_file_content = getStringFromProviderWithoutValidate(provider_url);
+ if(provider_url != null) {
+ json_file_content = getStringFromProviderWithCACertAdded(provider_url, danger_on);
} else {
displayToast(R.string.certificate_error);
}
} catch (Exception e) {
if(provider_url != null && danger_on) {
- json_file_content = getStringFromProviderWithCACertAdded(provider_url);
+ json_file_content = getStringFromProviderWithCACertAdded(provider_url, danger_on);
}
}
@@ -441,15 +441,16 @@ public class ProviderAPI extends IntentService {
/**
* Tries to download the contents of the provided url using main certificate from choosen provider.
* @param url
+ * @param danger_on true to download CA certificate in case it has not been downloaded.
* @return an empty string if it fails, the url content if not.
*/
- private String getStringFromProviderWithCACertAdded(URL url) {
+ private String getStringFromProviderWithCACertAdded(URL url, boolean danger_on) {
String json_file_content = "";
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.MAIN_CERT_KEY);
- if(cert_string.isEmpty()) {
+ if(cert_string.isEmpty() && danger_on) {
cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt");
ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string);
}
@@ -461,7 +462,7 @@ public class ProviderAPI extends IntentService {
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
- keyStore.setCertificateEntry("dangerous_certificate", dangerous_certificate);
+ keyStore.setCertificateEntry("provider_ca_certificate", dangerous_certificate);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
@@ -484,7 +485,11 @@ public class ProviderAPI extends IntentService {
displayToast(R.string.server_is_down_message);
} catch (IOException e) {
// The downloaded certificate doesn't validate our https connection.
- json_file_content = getStringFromProviderWithoutValidate(url);
+ if(danger_on) {
+ json_file_content = getStringFromProviderWithoutValidate(url);
+ } else {
+ displayToast(R.string.certificate_error);
+ }
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();