diff options
| author | Parménides GV <parmegv@sdf.org> | 2013-03-14 19:53:31 +0100 |
|---|---|---|
| committer | Parménides GV <parmegv@sdf.org> | 2013-03-14 19:53:31 +0100 |
| commit | 203c8caca5a305b90fd0e69c965e503afe979354 (patch) | |
| tree | 843956654a949dc64b7e4f758847820b432f0454 /src/se/leap/leapclient/LeapHttpClient.java | |
| parent | 929fa9a3b7621e0a956ed8d7beffb87ed7f16249 (diff) | |
After downloading provider.json successfully, ConfigurationWizard now
can download eip-service.json and ca.crt without having the latter as a
predefined trusted certificate. It does not ask anything about trusting
the new certificate as far as selecting a custom provider means that the
user trusts that url.
Next step: make provider.json also downloadable from https address using
ca.cert not trusted.
Diffstat (limited to 'src/se/leap/leapclient/LeapHttpClient.java')
| -rw-r--r-- | src/se/leap/leapclient/LeapHttpClient.java | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java index 9e1a541..9ee0a95 100644 --- a/src/se/leap/leapclient/LeapHttpClient.java +++ b/src/se/leap/leapclient/LeapHttpClient.java @@ -33,23 +33,16 @@ public class LeapHttpClient extends DefaultHttpClient { private SSLSocketFactory newSslSocketFactory() { try { // Get an instance of the Bouncy Castle KeyStore format - KeyStore trusted = KeyStore.getInstance("BKS"); - // Get the raw resource, which contains the keystore with - // your trusted certificates (root and any intermediate certs) - InputStream in = context.getResources().openRawResource(R.raw.leapkeystore); - try { - // Initialize the keystore with the provided trusted certificates - // Also provide the password of the keystore - trusted.load(in, "uer92jf".toCharArray()); - } finally { - in.close(); - } + KeyStore trusted = ConfigHelper.getKeystore(); + // Pass the keystore to the SSLSocketFactory. The factory is responsible // for the verification of the server certificate. SSLSocketFactory sf = new SSLSocketFactory(trusted); + // Hostname verification from certificate // http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506 sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); + return sf; } catch (Exception e) { throw new AssertionError(e); |