From dacf638f7dd15e291cdb23a6cf8317e1dd80ed29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Tue, 2 Jul 2013 19:38:48 +0200 Subject: New certificates are added without creating files LeapHttpClient can fetch the main CA certificate downloaded from the provider and add it to its in-memory keystore, without saving the certificate in a file. This is a very important feature, I think it can be cherry picked (it has little modifications, and very localized). It's very important because authentication does not work without this bug fix in the latest branches, because I removed the code that saved the certificate in a file but didn't test the authentication part. --- src/se/leap/leapclient/ProviderAPI.java | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) (limited to 'src/se/leap/leapclient/ProviderAPI.java') diff --git a/src/se/leap/leapclient/ProviderAPI.java b/src/se/leap/leapclient/ProviderAPI.java index f3ea5f2..25a14bb 100644 --- a/src/se/leap/leapclient/ProviderAPI.java +++ b/src/se/leap/leapclient/ProviderAPI.java @@ -452,21 +452,10 @@ public class ProviderAPI extends IntentService { if(cert_string.isEmpty()) { cert_string = downloadCertificateWithoutTrusting(url.getProtocol() + "://" + url.getHost() + "/" + "ca.crt"); ConfigHelper.saveSharedPref(ConfigHelper.MAIN_CERT_KEY, cert_string); - } - CertificateFactory cf; + } + try { - cf = CertificateFactory.getInstance("X.509"); - - cert_string = cert_string.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim(); - byte[] cert_bytes = Base64.decode(cert_string, Base64.DEFAULT); - InputStream caInput = new ByteArrayInputStream(cert_bytes); - java.security.cert.Certificate dangerous_certificate; - try { - dangerous_certificate = cf.generateCertificate(caInput); - System.out.println("dangerous certificate =" + ((X509Certificate) dangerous_certificate).getSubjectDN()); - } finally { - caInput.close(); - } + java.security.cert.Certificate dangerous_certificate = ConfigHelper.parseX509CertificateFromString(cert_string); // Create a KeyStore containing our trusted CAs String keyStoreType = KeyStore.getDefaultType(); -- cgit v1.2.3