projects / pub / Android / ownCloud.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #437 from owncloud/check_server_certificates_in_SSO_webview
[pub/Android/ownCloud.git] / src / com / owncloud / android / authentication / SsoWebViewClient.java
1 /* ownCloud Android client application
2 * Copyright (C) 2012-2013 ownCloud Inc.
3 *
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2,
6 * as published by the Free Software Foundation.
7 *
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
12 *
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
15 *
16 */
17
18 package com.owncloud.android.authentication;
19
20 import java.io.ByteArrayInputStream;
21 import java.lang.ref.WeakReference;
22 import java.security.cert.Certificate;
23 import java.security.cert.CertificateException;
24 import java.security.cert.CertificateFactory;
25 import java.security.cert.X509Certificate;
26
27 import com.owncloud.android.lib.common.network.NetworkUtils;
28 import com.owncloud.android.utils.Log_OC;
29
30 import android.content.Context;
31 import android.graphics.Bitmap;
32 import android.net.http.SslCertificate;
33 import android.net.http.SslError;
34 import android.os.Bundle;
35 import android.os.Handler;
36 import android.os.Message;
37 import android.view.KeyEvent;
38 import android.view.View;
39 import android.webkit.CookieManager;
40 import android.webkit.HttpAuthHandler;
41 import android.webkit.SslErrorHandler;
42 import android.webkit.WebResourceResponse;
43 import android.webkit.WebView;
44 import android.webkit.WebViewClient;
45
46
47 /**
48 * Custom {@link WebViewClient} client aimed to catch the end of a single-sign-on process
49 * running in the {@link WebView} that is attached to.
50 *
51 * Assumes that the single-sign-on is kept thanks to a cookie set at the end of the
52 * authentication process.
53 *
54 * @author David A. Velasco
55 */
56 public class SsoWebViewClient extends WebViewClient {
57
58 private static final String TAG = SsoWebViewClient.class.getSimpleName();
59
60 public interface SsoWebViewClientListener {
61 public void onSsoFinished(String sessionCookie);
62 }
63
64 private Context mContext;
65 private Handler mListenerHandler;
66 private WeakReference<SsoWebViewClientListener> mListenerRef;
67 private String mTargetUrl;
68 private String mLastReloadedUrlAtError;
69
70 public SsoWebViewClient (Context context, Handler listenerHandler, SsoWebViewClientListener listener) {
71 mContext = context;
72 mListenerHandler = listenerHandler;
73 mListenerRef = new WeakReference<SsoWebViewClient.SsoWebViewClientListener>(listener);
74 mTargetUrl = "fake://url.to.be.set";
75 mLastReloadedUrlAtError = null;
76 }
77
78 public String getTargetUrl() {
79 return mTargetUrl;
80 }
81
82 public void setTargetUrl(String targetUrl) {
83 mTargetUrl = targetUrl;
84 }
85
86 @Override
87 public void onPageStarted (WebView view, String url, Bitmap favicon) {
88 Log_OC.d(TAG, "onPageStarted : " + url);
89 super.onPageStarted(view, url, favicon);
90 }
91
92 @Override
93 public void onFormResubmission (WebView view, Message dontResend, Message resend) {
94 Log_OC.d(TAG, "onFormResubMission ");
95
96 // necessary to grant reload of last page when device orientation is changed after sending a form
97 resend.sendToTarget();
98 }
99
100 @Override
101 public boolean shouldOverrideUrlLoading(WebView view, String url) {
102 return false;
103 }
104
105 @Override
106 public void onReceivedError (WebView view, int errorCode, String description, String failingUrl) {
107 Log_OC.e(TAG, "onReceivedError : " + failingUrl + ", code " + errorCode + ", description: " + description);
108 if (!failingUrl.equals(mLastReloadedUrlAtError)) {
109 view.reload();
110 mLastReloadedUrlAtError = failingUrl;
111 } else {
112 mLastReloadedUrlAtError = null;
113 super.onReceivedError(view, errorCode, description, failingUrl);
114 }
115 }
116
117 @Override
118 public void onPageFinished (WebView view, String url) {
119 Log_OC.d(TAG, "onPageFinished : " + url);
120 mLastReloadedUrlAtError = null;
121 if (url.startsWith(mTargetUrl)) {
122 view.setVisibility(View.GONE);
123 CookieManager cookieManager = CookieManager.getInstance();
124 final String cookies = cookieManager.getCookie(url);
125 Log_OC.d(TAG, "Cookies: " + cookies);
126 if (mListenerHandler != null && mListenerRef != null) {
127 // this is good idea because onPageFinished is not running in the UI thread
128 mListenerHandler.post(new Runnable() {
129 @Override
130 public void run() {
131 SsoWebViewClientListener listener = mListenerRef.get();
132 if (listener != null) {
133 // Send Cookies to the listener
134 listener.onSsoFinished(cookies);
135 }
136 }
137 });
138 }
139 }
140 }
141
142
143 @Override
144 public void doUpdateVisitedHistory (WebView view, String url, boolean isReload) {
145 Log_OC.d(TAG, "doUpdateVisitedHistory : " + url);
146 }
147
148 @Override
149 public void onReceivedSslError (final WebView view, final SslErrorHandler handler, SslError error) {
150 Log_OC.d(TAG, "onReceivedSslError : " + error);
151 // Test 1
152 X509Certificate x509Certificate = getX509CertificateFromError(error);
153 boolean isKnownServer = false;
154
155 if (x509Certificate != null) {
156 Log_OC.d(TAG, "------>>>>> x509Certificate " + x509Certificate.toString());
157
158 try {
159 isKnownServer = NetworkUtils.isCertInKnownServersStore((Certificate) x509Certificate, mContext);
160 } catch (Exception e) {
161 Log_OC.e(TAG, "Exception: " + e.getMessage());
162 }
163 }
164
165 if (isKnownServer) {
166 handler.proceed();
167 } else {
168 ((AuthenticatorActivity)mContext).showUntrustedCertDialog(x509Certificate, error, handler);
169 }
170 }
171
172 /**
173 * Obtain the X509Certificate from SslError
174 * @param error SslError
175 * @return X509Certificate from error
176 */
177 public X509Certificate getX509CertificateFromError (SslError error) {
178 Bundle bundle = SslCertificate.saveState(error.getCertificate());
179 X509Certificate x509Certificate;
180 byte[] bytes = bundle.getByteArray("x509-certificate");
181 if (bytes == null) {
182 x509Certificate = null;
183 } else {
184 try {
185 CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
186 Certificate cert = certFactory.generateCertificate(new ByteArrayInputStream(bytes));
187 x509Certificate = (X509Certificate) cert;
188 } catch (CertificateException e) {
189 x509Certificate = null;
190 }
191 }
192 return x509Certificate;
193 }
194
195 @Override
196 public void onReceivedHttpAuthRequest (WebView view, HttpAuthHandler handler, String host, String realm) {
197 Log_OC.d(TAG, "onReceivedHttpAuthRequest : " + host);
198 }
199
200 @Override
201 public WebResourceResponse shouldInterceptRequest (WebView view, String url) {
202 Log_OC.d(TAG, "shouldInterceptRequest : " + url);
203 return null;
204 }
205
206 @Override
207 public void onLoadResource (WebView view, String url) {
208 Log_OC.d(TAG, "onLoadResource : " + url);
209 }
210
211 @Override
212 public void onReceivedLoginRequest (WebView view, String realm, String account, String args) {
213 Log_OC.d(TAG, "onReceivedLoginRequest : " + realm + ", " + account + ", " + args);
214 }
215
216 @Override
217 public void onScaleChanged (WebView view, float oldScale, float newScale) {
218 Log_OC.d(TAG, "onScaleChanged : " + oldScale + " -> " + newScale);
219 super.onScaleChanged(view, oldScale, newScale);
220 }
221
222 @Override
223 public void onUnhandledKeyEvent (WebView view, KeyEvent event) {
224 Log_OC.d(TAG, "onUnhandledKeyEvent : " + event);
225 }
226
227 @Override
228 public boolean shouldOverrideKeyEvent (WebView view, KeyEvent event) {
229 Log_OC.d(TAG, "shouldOverrideKeyEvent : " + event);
230 return false;
231 }
232
233 }
ownCloud Android App