5 files changed, 170 insertions, 59 deletions

diff --git a/src/se/leap/leapclient/ConfigHelper.java b/src/se/leap/leapclient/ConfigHelper.java
index 72d966b..98761b6 100644
--- a/src/se/leap/leapclient/ConfigHelper.java
+++ b/src/se/leap/leapclient/ConfigHelper.java
@@ -37,11 +37,15 @@ public class ConfigHelper {
 	final public static String srpAuth = "srpAuth";
 	public static String logIn = "logIn";
 	public static String logOut = "logOut";
+	public static String downloadUserAuthedCertificate = "downloadUserAuthedCertificate";
 	public static String api_version_key = "api_version";
 	final public static String resultKey = "result";
 	final static String provider_key = "provider";
+	final static String main_cert_key = "main_cert";
 	final static String cert_key = "cert";
 	final static String eip_service_key = "eip";
+	final static String session_id_cookie_key = "session_id_cookie_key";
+	final static String session_id_key = "session_id";
 	public static final String PREFERENCES_KEY = "LEAPPreferences";
 	public static final String user_directory = "leap_android";
 	final public static String provider_main_url = "provider_main_url";
@@ -64,17 +68,23 @@ public class ConfigHelper {
 	final public static int SRP_REGISTRATION_FAILED = 6;
 	final public static int LOGOUT_SUCCESSFUL = 7;
 	final public static int LOGOUT_FAILED = 8;
+	final public static int CORRECTLY_DOWNLOADED_AUTHED_USER_CERTIFICATE = 9;
+	final public static int INCORRECTLY_DOWNLOADED_AUTHED_USER_CERTIFICATE = 10;
 
 	static String getStringFromSharedPref(String shared_preferences_key) {
 		String value = "";
-		String content = shared_preferences.getString(shared_preferences_key, "");
-		try {
-			JSONObject json_object = new JSONObject(content);
-			JSONArray names = json_object.names();
-			String key = names.getString(0);
-			value = json_object.getString(key);
-		} catch (JSONException e) {
-			value = content;
+		//TODO This is not OK -> when reading provider.json it only shows "open"
+		if(shared_preferences != null) {
+			String content = shared_preferences.getString(shared_preferences_key, "");
+			try {
+				JSONObject json_object = new JSONObject(content);
+				value = json_object.toString();
+				/*JSONArray names = json_object.names();
+				String key = names.getString(0);
+				value = json_object.getString(key);*/
+			} catch (JSONException e) {
+				value = content;
+			}
 		}
 		return value;
 	}
@@ -184,6 +194,7 @@ public class ConfigHelper {
 				// Initialize the keystore with the provided trusted certificates
 				// Also provide the password of the keystore
 				if(leap_keystore != null) {
+					InputStream android_default_keystore;
 					//keystore_trusted.load(leap_keystore, "uer92jf".toCharArray());
 					keystore_trusted.load(null, null);
 				} else {
diff --git a/src/se/leap/leapclient/ConfigurationWizard.java b/src/se/leap/leapclient/ConfigurationWizard.java
index 3d16521..a50a8e6 100644
--- a/src/se/leap/leapclient/ConfigurationWizard.java
+++ b/src/se/leap/leapclient/ConfigurationWizard.java
@@ -150,6 +150,12 @@ public class ConfigurationWizard extends Activity
 			ConfigHelper.rescueJSONException(e);

 		}

 		ConfigHelper.saveSharedPref(ConfigHelper.provider_key, provider_json);

+		try {

+			ConfigHelper.saveSharedPref(ConfigHelper.danger_on, new JSONObject().put(ConfigHelper.danger_on, current_provider_item.danger_on));

+		} catch (JSONException e) {

+			// TODO Auto-generated catch block

+			e.printStackTrace();

+		}

 	}

 

 	private void downloadJSONFiles(ProviderItem current_provider_item) throws IOException {

@@ -161,7 +167,7 @@ public class ConfigurationWizard extends Activity
 		Bundle method_and_parameters = new Bundle();

 		

 		method_and_parameters.putString(ConfigHelper.provider_key, current_provider_item.name);

-		method_and_parameters.putString(ConfigHelper.cert_key, current_provider_item.cert_json_url);

+		method_and_parameters.putString(ConfigHelper.main_cert_key, current_provider_item.cert_json_url);

 		method_and_parameters.putString(ConfigHelper.eip_service_key, current_provider_item.eip_service_json_url);

 		method_and_parameters.putBoolean(ConfigHelper.danger_on, current_provider_item.danger_on);

 		

diff --git a/src/se/leap/leapclient/Dashboard.java b/src/se/leap/leapclient/Dashboard.java
index 0444502..dbee9c4 100644
--- a/src/se/leap/leapclient/Dashboard.java
+++ b/src/se/leap/leapclient/Dashboard.java
@@ -1,5 +1,7 @@
 package se.leap.leapclient;
 
+import org.apache.http.cookie.Cookie;
+import org.apache.http.impl.cookie.BasicClientCookie;
 import org.json.JSONException;
 import org.json.JSONObject;
 
@@ -194,18 +196,45 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
 	    newFragment.show(fragment_transaction, ConfigHelper.logInDialog);
 	}
 
+	private void downloadAuthedUserCertificate(Cookie session_id) {
+		providerAPI_result_receiver = new ProviderAPIResultReceiver(new Handler());
+		providerAPI_result_receiver.setReceiver(this);
+		
+		Intent provider_API_command = new Intent(this, ProviderAPI.class);
+
+		Bundle method_and_parameters = new Bundle();
+		method_and_parameters.putString(ConfigHelper.session_id_cookie_key, session_id.getName());
+		method_and_parameters.putString(ConfigHelper.session_id_key, session_id.getValue());
+
+		provider_API_command.putExtra(ConfigHelper.downloadUserAuthedCertificate, method_and_parameters);
+		provider_API_command.putExtra("receiver", providerAPI_result_receiver);
+		
+		startService(provider_API_command);
+	}
+
 	@Override
 	public void onReceiveResult(int resultCode, Bundle resultData) {
 		if(resultCode == ConfigHelper.SRP_AUTHENTICATION_SUCCESSFUL){
+			String session_id_cookie_key = resultData.getString(ConfigHelper.session_id_cookie_key);
+			String session_id_string = resultData.getString(ConfigHelper.session_id_key);
 			setResult(RESULT_OK);
 			Toast.makeText(getApplicationContext(), "Authentication succeeded", Toast.LENGTH_LONG).show();
 			//TODO Download certificate requesting /1/cert with session_id cookie
-			
+			Cookie session_id = new BasicClientCookie(session_id_cookie_key, session_id_string);
+			downloadAuthedUserCertificate(session_id);
 		}
 		else if(resultCode == ConfigHelper.SRP_AUTHENTICATION_FAILED) {
         	setResult(RESULT_CANCELED);
 			Toast.makeText(getApplicationContext(), "Authentication failed", Toast.LENGTH_LONG).show();
 		}
+		else if(resultCode == ConfigHelper.CORRECTLY_DOWNLOADED_AUTHED_USER_CERTIFICATE) {
+        	setResult(RESULT_CANCELED);
+			Toast.makeText(getApplicationContext(), "Your own cert has been correctly downloaded", Toast.LENGTH_LONG).show();
+		}
+		else if(resultCode == ConfigHelper.INCORRECTLY_DOWNLOADED_AUTHED_USER_CERTIFICATE) {
+        	setResult(RESULT_CANCELED);
+			Toast.makeText(getApplicationContext(), "Your own cert has incorrectly been downloaded", Toast.LENGTH_LONG).show();
+		}
 	}
 
 }
diff --git a/src/se/leap/leapclient/LeapHttpClient.java b/src/se/leap/leapclient/LeapHttpClient.java
index f911982..4de7ae0 100644
--- a/src/se/leap/leapclient/LeapHttpClient.java
+++ b/src/se/leap/leapclient/LeapHttpClient.java
@@ -9,6 +9,8 @@ import org.apache.http.conn.scheme.SchemeRegistry;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.impl.client.DefaultHttpClient;
 import org.apache.http.impl.conn.SingleClientConnManager;
+import org.json.JSONException;
+import org.json.JSONObject;
 
 import android.content.Context;
 
@@ -49,13 +51,20 @@ public class LeapHttpClient extends DefaultHttpClient {
 	          throw new AssertionError(e);
 	      }
 	  }
-	  
+
 	  public static LeapHttpClient getInstance(Context context) {
 		  if(client == null) {
 			  client = new LeapHttpClient(context);
-			  String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.cert_key);
-			  if(!cert_string.isEmpty()) {
-				ConfigHelper.addTrustedCertificate("recovered_certificate", cert_string);
+			  String cert_json_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.main_cert_key);
+			  String cert_string;
+			  try {
+				  cert_string = new JSONObject(cert_json_string).getString(ConfigHelper.main_cert_key);
+				  if(!cert_string.isEmpty()) {
+					  ConfigHelper.addTrustedCertificate("recovered_certificate", cert_string);
+				  }
+			  } catch (JSONException e) {
+				  // TODO Auto-generated catch block
+				  e.printStackTrace();
 			  }
 		  }
 		  return client;
diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java
index 4a28878..bdfd620 100644
--- a/src/se/leap/leapclient/ProviderAPI.java
+++ b/src/se/leap/leapclient/ProviderAPI.java
@@ -12,7 +12,12 @@ import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.List;
+import java.net.CookieHandler;
+import java.net.CookieManager;
+import java.net.HttpCookie;
+import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
+import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Scanner;
 
@@ -25,13 +30,16 @@ import javax.net.ssl.TrustManagerFactory;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.ClientProtocolException;
+import org.apache.http.client.CookieStore;
 import org.apache.http.client.methods.HttpDelete;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.client.methods.HttpPut;
 import org.apache.http.client.protocol.ClientContext;
 import org.apache.http.cookie.Cookie;
+import org.apache.http.impl.client.BasicCookieStore;
 import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.cookie.BasicClientCookie;
 import org.apache.http.protocol.BasicHttpContext;
 import org.apache.http.protocol.HttpContext;
 import org.jboss.security.Util;
@@ -73,10 +81,20 @@ public class ProviderAPI extends IntentService {
 				receiver.send(ConfigHelper.INCORRECTLY_DOWNLOADED_JSON_FILES, Bundle.EMPTY);
 		}
 		else if ((task = task_for.getBundleExtra(ConfigHelper.srpAuth)) != null) {
-			if(authenticateBySRP(task))
-				receiver.send(ConfigHelper.SRP_AUTHENTICATION_SUCCESSFUL, Bundle.EMPTY);
-			else
-				receiver.send(ConfigHelper.SRP_AUTHENTICATION_FAILED, Bundle.EMPTY);
+			try {
+				JSONObject session_idAndResult = authenticateBySRP(task);
+				if(session_idAndResult.getBoolean(ConfigHelper.resultKey)) {
+					Bundle session_id_bundle = new Bundle();
+					session_id_bundle.putString(ConfigHelper.session_id_cookie_key, session_idAndResult.getString(ConfigHelper.session_id_cookie_key));
+					session_id_bundle.putString(ConfigHelper.session_id_key, session_idAndResult.getString(ConfigHelper.session_id_key));
+					receiver.send(ConfigHelper.SRP_AUTHENTICATION_SUCCESSFUL, session_id_bundle);
+				} else {
+					receiver.send(ConfigHelper.SRP_AUTHENTICATION_FAILED, Bundle.EMPTY);
+				}
+			} catch (JSONException e) {
+				// TODO Auto-generated catch block
+				e.printStackTrace();
+			}
 		}
 		else if ((task = task_for.getBundleExtra(ConfigHelper.logOut)) != null) {
 			if(logOut(task))
@@ -84,18 +102,24 @@ public class ProviderAPI extends IntentService {
 			else
 				receiver.send(ConfigHelper.LOGOUT_FAILED, Bundle.EMPTY);
 		}
+		else if ((task = task_for.getBundleExtra(ConfigHelper.downloadUserAuthedCertificate)) != null) {
+			if(getNewCert(task))
+				receiver.send(ConfigHelper.CORRECTLY_DOWNLOADED_AUTHED_USER_CERTIFICATE, Bundle.EMPTY);
+			else
+				receiver.send(ConfigHelper.INCORRECTLY_DOWNLOADED_AUTHED_USER_CERTIFICATE, Bundle.EMPTY);
+		}
 	}
 
 	private boolean downloadJsonFiles(Bundle task) {
-		String provider_name = task.getString(ConfigHelper.provider_key);
-		String cert_url = task.getString(ConfigHelper.cert_key);
+		//String provider_name = task.getString(ConfigHelper.provider_key);
+		String cert_url = task.getString(ConfigHelper.main_cert_key);
 		String eip_service_json_url = task.getString(ConfigHelper.eip_service_key);
 		boolean danger_on = task.getBoolean(ConfigHelper.danger_on);
 		try {
 			String cert_string = getStringFromProvider(cert_url, danger_on);
 			//ConfigHelper.addTrustedCertificate(provider_name, cert_string);
-			JSONObject cert_json = new JSONObject("{ \"certificate\" : \"" + cert_string + "\"}");
-			ConfigHelper.saveSharedPref(ConfigHelper.cert_key, cert_json);
+			JSONObject cert_json = new JSONObject().put(ConfigHelper.main_cert_key, cert_string);
+			ConfigHelper.saveSharedPref(ConfigHelper.main_cert_key, cert_json);
 			JSONObject eip_service_json = getJSONFromProvider(eip_service_json_url, danger_on);
 			ConfigHelper.saveSharedPref(ConfigHelper.eip_service_key, eip_service_json);
 			return true;
@@ -117,7 +141,9 @@ public class ProviderAPI extends IntentService {
 		return false;
 	}
 	
-	private boolean authenticateBySRP(Bundle task) {
+	private JSONObject authenticateBySRP(Bundle task) {
+		JSONObject successfulAndsession_id = new JSONObject();
+		
 		String username = (String) task.get(ConfigHelper.username_key);
 		String password = (String) task.get(ConfigHelper.password_key);
 		String authentication_server = (String) task.get(ConfigHelper.api_url_key);
@@ -131,38 +157,36 @@ public class ProviderAPI extends IntentService {
 		try {
 			JSONObject saltAndB = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16));
 			if(saltAndB.length() > 0) {
-				/*byte[] B = saltAndB.getString("B").getBytes();
-				params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
-				client = new LeapSRPSession(username, password, params);
-				A = client.exponential();
-				saltAndB = sendAToSRPServer(authentication_server, username, new BigInteger(1, A).toString(16));*/
 				salt = saltAndB.getString("salt");
 				byte[] Bbytes = new BigInteger(saltAndB.getString("B"), 16).toByteArray();
 				byte[] M1 = client.response(new BigInteger(salt, 16).toByteArray(), Bbytes);
-				byte[] M2 = sendM1ToSRPServer(authentication_server, username, M1);
-				if( client.verify(M2) == false )
+				//byte[] M2 = sendM1ToSRPServer(authentication_server, username, M1);
+				JSONObject session_idAndM2 = sendM1ToSRPServer(authentication_server, username, M1);
+				if( client.verify((byte[])session_idAndM2.get("M2")) == false ) {
 					//throw new SecurityException("Failed to validate server reply: M2 = " + new BigInteger(1, M2).toString(16));
-					return false;
-				return true;
+					successfulAndsession_id.put(ConfigHelper.resultKey, false);
+					return successfulAndsession_id;
+				} else {
+					successfulAndsession_id.put(ConfigHelper.resultKey, true);
+					successfulAndsession_id.put(ConfigHelper.session_id_key, session_idAndM2.getString(ConfigHelper.session_id_key));
+					successfulAndsession_id.put(ConfigHelper.session_id_cookie_key, session_idAndM2.getString(ConfigHelper.session_id_cookie_key));
+					return successfulAndsession_id;
+				}
 			}
-			else return false;
 		} catch (ClientProtocolException e1) {
 			// TODO Auto-generated catch block
 			e1.printStackTrace();
-			return false;
 		} catch (IOException e1) {
 			// TODO Auto-generated catch block
 			e1.printStackTrace();
-			return false;
 		} catch (JSONException e1) {
 			// TODO Auto-generated catch block
 			e1.printStackTrace();
-			return false;
 		} catch (NoSuchAlgorithmException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
-			return false;
 		}
+		return successfulAndsession_id;
 	}
 
 	private JSONObject sendAToSRPServer(String server_url, String username, String clientA) throws ClientProtocolException, IOException, JSONException {
@@ -186,7 +210,8 @@ public class ProviderAPI extends IntentService {
 		return json_response;
 	}
 
-	private byte[] sendM1ToSRPServer(String server_url, String username, byte[] m1) throws ClientProtocolException, IOException, JSONException {
+	private JSONObject sendM1ToSRPServer(String server_url, String username, byte[] m1) throws ClientProtocolException, IOException, JSONException {
+		JSONObject session_idAndM2 = new JSONObject();
 		DefaultHttpClient client = LeapHttpClient.getInstance(getApplicationContext());
 		String parameter_chain = "client_auth" + "=" + new BigInteger(1, Util.trim(m1)).toString(16);
 		HttpPut put = new HttpPut(server_url + "/sessions/" + username +".json" + "?" + parameter_chain);
@@ -200,12 +225,15 @@ public class ProviderAPI extends IntentService {
 		String plain_response = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
 		JSONObject json_response = new JSONObject(plain_response);
 		if(!json_response.isNull("errors") || json_response.has("errors")) {
-			return new byte[0];
+			return session_idAndM2;
 		}
-		
+
+		number_of_cookies = client.getCookieStore().getCookies().size();
 		byte[] M2_not_trimmed = new BigInteger(json_response.getString("M2"), 16).toByteArray();
-		return Util.trim(M2_not_trimmed);
-		//return M2_not_trimmed;
+		session_idAndM2.put(ConfigHelper.session_id_cookie_key, client.getCookieStore().getCookies().get(0).getName());
+		session_idAndM2.put(ConfigHelper.session_id_key, client.getCookieStore().getCookies().get(0).getValue());
+		session_idAndM2.put("M2", Util.trim(M2_not_trimmed));
+		return session_idAndM2;
 	}
 
 	private boolean downloadNewProviderDotJSON(Bundle task) {
@@ -229,7 +257,7 @@ public class ProviderAPI extends IntentService {
 		} else {
 			String filename = provider_name + "_provider.json".replaceFirst("__", "_");
 			ConfigHelper.saveFile(filename, provider_json.toString());
-			ConfigHelper.saveSharedPref(ConfigHelper.provider_key, provider_json);
+			//ConfigHelper.saveSharedPref(ConfigHelper.provider_key, provider_json);
 
 			ProviderListContent.addItem(new ProviderItem(provider_name, provider_json_url, ConfigHelper.openFileInputStream(filename), custom, danger_on));
 			return true;
@@ -301,7 +329,8 @@ public class ProviderAPI extends IntentService {
 		try {
 			cf = CertificateFactory.getInstance("X.509");
 
-			String cert_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.cert_key);
+			String cert_json_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.main_cert_key);
+			String cert_string = new JSONObject(cert_json_string).getString(ConfigHelper.main_cert_key);
 			cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim();
 			byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT);
 			InputStream caInput =  new ByteArrayInputStream(cert_bytes);
@@ -348,24 +377,12 @@ public class ProviderAPI extends IntentService {
 		} catch (KeyManagementException e) {
 			// TODO Auto-generated catch block
 			e.printStackTrace();
+		} catch (JSONException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
 		}
 		return json_file_content;
 	}
-
-	private String getStringFromProvider_2(String string_url) throws IOException {
-		
-		String json_file_content = "";
-		
-		DefaultHttpClient client = LeapHttpClient.getInstance(getApplicationContext());
-		HttpGet get = new HttpGet(string_url);
-		// Execute the GET call and obtain the response
-		HttpResponse getResponse = client.execute(get);
-		HttpEntity responseEntity = getResponse.getEntity();
-		
-		json_file_content = new Scanner(responseEntity.getContent()).useDelimiter("\\A").next();
-		
-		return json_file_content;
-	}
 	
 	private JSONObject getJSONFromProvider(String json_url, boolean danger_on) throws JSONException {
 		String json_file_content = getStringFromProvider(json_url, danger_on);
@@ -391,4 +408,43 @@ public class ProviderAPI extends IntentService {
 		}
 		return true;
 	}
+
+	private boolean getNewCert(Bundle task) {
+		String provider_json_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.provider_key);
+		HttpCookie session_id_cookie = new HttpCookie(task.getString(ConfigHelper.session_id_cookie_key), task.getString(ConfigHelper.session_id_key));
+		
+		try {
+			JSONObject provider_json = new JSONObject(provider_json_string);
+			URL provider_main_url = new URL(provider_json.getString(ConfigHelper.api_url_key).replace("api.", ""));
+			String new_cert_string_url = provider_main_url.getProtocol() + "://" + provider_main_url.getHost() + "/" + provider_json.getString(ConfigHelper.api_version_key) + "/" + ConfigHelper.cert_key;
+
+			CookieManager cookieManager = new CookieManager();
+			cookieManager.getCookieStore().add(provider_main_url.toURI(), session_id_cookie);
+			CookieHandler.setDefault(cookieManager);
+
+			String danger_on_json_string = ConfigHelper.getStringFromSharedPref(ConfigHelper.danger_on);
+			boolean danger_on = new JSONObject(danger_on_json_string).getBoolean(ConfigHelper.danger_on);
+			String cert_string = getStringFromProvider(new_cert_string_url, danger_on);
+			if(!cert_string.isEmpty()) { 
+				JSONObject cert_json = new JSONObject().put(ConfigHelper.cert_key, cert_string);
+				ConfigHelper.saveSharedPref(ConfigHelper.cert_key, cert_json);
+				return true;
+			} else {
+				return false;
+			}
+		
+		} catch (IOException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+			return false;
+		} catch (JSONException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+			return false;
+		} catch (URISyntaxException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
+		return true;
+	}
 }