diff options
author | Parménides GV <parmegv@sdf.org> | 2013-07-02 19:38:48 +0200 |
---|---|---|
committer | Sean Leonard <meanderingcode@aetherislands.net> | 2013-07-12 14:27:04 -0600 |
commit | dacf638f7dd15e291cdb23a6cf8317e1dd80ed29 (patch) | |
tree | 4cb589d197781c1d2ee6f427a9ca239b8abeb3f2 /src | |
parent | 4dcdb0a2a50722e008395e54ff9228c1d39c231e (diff) |
New certificates are added without creating files
LeapHttpClient can fetch the main CA certificate downloaded from the
provider and add it to its in-memory keystore, without saving the
certificate in a file.
This is a very important feature, I think it can be cherry picked (it has
little modifications, and very localized).
It's very important because authentication does not work without this
bug fix in the latest branches, because I removed the code that saved
the certificate in a file but didn't test the authentication part.
Diffstat (limited to 'src')
-rw-r--r-- | src/se/leap/leapclient/ConfigHelper.java | 40 | ||||
-rw-r--r-- | src/se/leap/leapclient/ProviderAPI.java | 17 |
2 files changed, 35 insertions, 22 deletions
diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java index 007db95..c5a37be 100644 --- a/src/se/leap/leapclient/ConfigHelper.java +++ b/src/se/leap/leapclient/ConfigHelper.java @@ -1,5 +1,6 @@ package se.leap.leapclient; +import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; @@ -19,6 +20,7 @@ import org.json.JSONObject; import android.content.Context; import android.content.SharedPreferences; import android.os.Environment; +import android.util.Base64; /** * Stores constants, and implements auxiliary methods used across all LEAP Android classes. @@ -256,6 +258,31 @@ public class ConfigHelper { SharedPreferences shared_preferences) { ConfigHelper.shared_preferences = shared_preferences; } + + public static X509Certificate parseX509CertificateFromString(String certificate_string) { + java.security.cert.Certificate certificate = null; + CertificateFactory cf; + try { + cf = CertificateFactory.getInstance("X.509"); + + certificate_string = certificate_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim(); + byte[] cert_bytes = Base64.decode(certificate_string, Base64.DEFAULT); + InputStream caInput = new ByteArrayInputStream(cert_bytes); + try { + certificate = cf.generateCertificate(caInput); + System.out.println("ca=" + ((X509Certificate) certificate).getSubjectDN()); + } finally { + caInput.close(); + } + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + return null; + } + + return (X509Certificate) certificate; + } /** * Adds a new X509 certificate given its input stream and its provider name @@ -284,26 +311,23 @@ public class ConfigHelper { * @param certificate */ public static void addTrustedCertificate(String provider, String certificate) { - String filename_to_save = provider + "_certificate.cer"; - CertificateFactory cf; + try { - cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = - (X509Certificate)cf.generateCertificate(openFileInputStream(filename_to_save)); + X509Certificate cert = ConfigHelper.parseX509CertificateFromString(certificate); if(keystore_trusted == null) { keystore_trusted = KeyStore.getInstance("BKS"); keystore_trusted.load(null); } keystore_trusted.setCertificateEntry(provider, cert); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); } catch (KeyStoreException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index f3ea5f2..25a14bb 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -452,21 +452,10 @@ public class ProviderAPI extends IntentService { if(cert_string.isEmpty()) { cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt"); ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string); - } - CertificateFactory cf; + } + try { - cf = CertificateFactory.getInstance("X.509"); - - cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim(); - byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT); - InputStream caInput = new ByteArrayInputStream(cert_bytes); - java.security.cert.Certificate dangerous_certificate; - try { - dangerous_certificate = cf.generateCertificate(caInput); - System.out.println("dangerous certificate =" + ((X509Certificate) dangerous_certificate).getSubjectDN()); - } finally { - caInput.close(); - } + java.security.cert.Certificate dangerous_certificate = ConfigHelper.parseX509CertificateFromString(cert_string); // Create a KeyStore containing our trusted CAs String keyStoreType = KeyStore.getDefaultType(); |