summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2013-07-02 19:38:48 +0200
committerSean Leonard <meanderingcode@aetherislands.net>2013-07-12 14:27:04 -0600
commitdacf638f7dd15e291cdb23a6cf8317e1dd80ed29 (patch)
tree4cb589d197781c1d2ee6f427a9ca239b8abeb3f2 /src
parent4dcdb0a2a50722e008395e54ff9228c1d39c231e (diff)
New certificates are added without creating files
LeapHttpClient can fetch the main CA certificate downloaded from the provider and add it to its in-memory keystore, without saving the certificate in a file. This is a very important feature, I think it can be cherry picked (it has little modifications, and very localized). It's very important because authentication does not work without this bug fix in the latest branches, because I removed the code that saved the certificate in a file but didn't test the authentication part.
Diffstat (limited to 'src')
-rw-r--r--src/se/leap/leapclient/ConfigHelper.java40
-rw-r--r--src/se/leap/leapclient/ProviderAPI.java17
2 files changed, 35 insertions, 22 deletions
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index 007db95..c5a37be 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -1,5 +1,6 @@
package se.leap.leapclient;
+import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -19,6 +20,7 @@ import org.json.JSONObject;
import android.content.Context;
import android.content.SharedPreferences;
import android.os.Environment;
+import android.util.Base64;
/**
* Stores constants, and implements auxiliary methods used across all LEAP Android classes.
@@ -256,6 +258,31 @@ public class ConfigHelper {
SharedPreferences shared_preferences) {
ConfigHelper.shared_preferences = shared_preferences;
}
+
+ public static X509Certificate parseX509CertificateFromString(String certificate_string) {
+ java.security.cert.Certificate certificate = null;
+ CertificateFactory cf;
+ try {
+ cf = CertificateFactory.getInstance("X.509");
+
+ certificate_string = certificate_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
+ byte[] cert_bytes = Base64.decode(certificate_string, Base64.DEFAULT);
+ InputStream caInput = new ByteArrayInputStream(cert_bytes);
+ try {
+ certificate = cf.generateCertificate(caInput);
+ System.out.println("ca=" + ((X509Certificate) certificate).getSubjectDN());
+ } finally {
+ caInput.close();
+ }
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ return null;
+ }
+
+ return (X509Certificate) certificate;
+ }
/**
* Adds a new X509 certificate given its input stream and its provider name
@@ -284,26 +311,23 @@ public class ConfigHelper {
* @param certificate
*/
public static void addTrustedCertificate(String provider, String certificate) {
- String filename_to_save = provider + "_certificate.cer";
- CertificateFactory cf;
+
try {
- cf = CertificateFactory.getInstance("X.509");
- X509Certificate cert =
- (X509Certificate)cf.generateCertificate(openFileInputStream(filename_to_save));
+ X509Certificate cert = ConfigHelper.parseX509CertificateFromString(certificate);
if(keystore_trusted == null) {
keystore_trusted = KeyStore.getInstance("BKS");
keystore_trusted.load(null);
}
keystore_trusted.setCertificateEntry(provider, cert);
- } catch (CertificateException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
+ } catch (CertificateException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index f3ea5f2..25a14bb 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -452,21 +452,10 @@ public class ProviderAPI extends IntentService {
if(cert_string.isEmpty()) {
cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt");
ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string);
- }
- CertificateFactory cf;
+ }
+
try {
- cf = CertificateFactory.getInstance("X.509");
-
- cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
- byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT);
- InputStream caInput = new ByteArrayInputStream(cert_bytes);
- java.security.cert.Certificate dangerous_certificate;
- try {
- dangerous_certificate = cf.generateCertificate(caInput);
- System.out.println("dangerous certificate =" + ((X509Certificate) dangerous_certificate).getSubjectDN());
- } finally {
- caInput.close();
- }
+ java.security.cert.Certificate dangerous_certificate = ConfigHelper.parseX509CertificateFromString(cert_string);
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();