1 package de.dhbwloe.campusapp.wifi;
3 import android.app.DownloadManager;
4 import android.net.NetworkInfo;
5 import android.net.SSLCertificateSocketFactory;
6 import android.net.SSLSessionCache;
7 import android.net.wifi.WifiInfo;
8 import android.os.AsyncTask;
9 import android.util.Log;
11 import java.io.BufferedReader;
12 import java.io.BufferedWriter;
13 import java.io.IOException;
14 import java.io.InputStreamReader;
15 import java.io.OutputStream;
16 import java.io.OutputStreamWriter;
17 import java.io.UnsupportedEncodingException;
18 import java.net.HttpURLConnection;
20 import java.net.URLConnection;
21 import java.net.URLEncoder;
22 import java.security.KeyManagementException;
23 import java.security.NoSuchAlgorithmException;
24 import java.util.ArrayList;
25 import java.util.List;
26 import java.util.regex.Matcher;
27 import java.util.regex.Pattern;
29 import javax.net.ssl.HttpsURLConnection;
30 import javax.net.ssl.KeyManager;
31 import javax.net.ssl.SSLContext;
32 import javax.net.ssl.SSLSocket;
33 import javax.net.ssl.SSLSocketFactory;
34 import javax.net.ssl.TrustManager;
36 import cz.msebera.android.httpclient.HttpVersion;
37 import cz.msebera.android.httpclient.NameValuePair;
38 import cz.msebera.android.httpclient.client.HttpClient;
39 import cz.msebera.android.httpclient.client.methods.HttpPost;
40 import cz.msebera.android.httpclient.conn.ClientConnectionManager;
41 import cz.msebera.android.httpclient.conn.scheme.PlainSocketFactory;
42 import cz.msebera.android.httpclient.conn.scheme.Scheme;
43 import cz.msebera.android.httpclient.conn.scheme.SchemeRegistry;
44 import cz.msebera.android.httpclient.impl.client.DefaultHttpClient;
45 import cz.msebera.android.httpclient.impl.conn.tsccm.ThreadSafeClientConnManager;
46 import cz.msebera.android.httpclient.message.BasicNameValuePair;
47 import cz.msebera.android.httpclient.params.BasicHttpParams;
48 import cz.msebera.android.httpclient.params.HttpParams;
49 import cz.msebera.android.httpclient.params.HttpProtocolParams;
50 import cz.msebera.android.httpclient.protocol.HTTP;
51 import de.dhbwloe.campusapp.CampusAppContext;
54 * Created by pk910 on 08.02.2016.
56 public class SecureLoginManager extends AsyncTask<SecureLoginTask, Void, SecureLoginTask> {
57 private static final String SECURELOGIN_URL = "https://securelogin1.dhbw-loerrach.de/cgi-bin/login";
58 private static final int SECURELOGIN_TIMEOUT = 20000;
59 private static final int SECURELOGIN_HANDSHAKE_TIMEOUT = 10000;
60 private static String SECURELOGIN_FAILED_REGEX = "Authentication failed";
61 private static String SECURELOGIN_SUCCESS_REGEX = "User Authenticated";
63 public interface SecureLoginResult {
64 void onSecureLoginFailed(String errMsg);
65 void onSecureLoginSuccess();
68 private CampusAppContext AppContext;
69 private SecureLoginTask task;
70 private String responseString;
73 protected SecureLoginTask doInBackground(SecureLoginTask... params) {
75 if (AppContext == null)
76 AppContext = CampusAppContext.getInstance();
78 task.responseReceived = false;
79 task.responseString = null;
81 //build login post request:
82 //https://securelogin1.dhbw-loerrach.de/cgi-bin/login
83 // user=***censored***
84 // password=***censored***
88 /* Dear DHBW Tech Guys
89 * Go and replace these fucking outdated and insecure SSL implementation for your "secure"login page!
92 * Ok, after ~3 days android ssl library analysis, i've finnaly made it communicating with an 3DES Endpoint.
93 * Dear DHBW Tech Guys, gu fuck yourself! If you don't know why, continue (^.^)
96 //SSLSocket socket = null;
97 StringBuilder responseString = new StringBuilder();
99 SSLContext sslContext = SSLContext.getInstance("TLS");
100 SecureLoginTrustManager loginTrustManager = new SecureLoginTrustManager();
101 sslContext.init(null, new TrustManager[]{loginTrustManager}, null);
102 SSLSocketFactory innerSslSocketPactory = SSLCertificateSocketFactory.getInsecure(SECURELOGIN_HANDSHAKE_TIMEOUT, new SSLSessionCache(AppContext.getMainActivity()));
103 SSLSocketFactory sslSocketFactory = new SecureLoginSocketFactory(sslContext, innerSslSocketPactory);
105 //SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket("securelogin1.dhbw-loerrach.de", 443);
106 //socket.startHandshake();
108 Log.i("SecureLogin", "HTTPS INITIALIZED");
110 URL url = new URL(SECURELOGIN_URL);
111 URLConnection conn = url.openConnection();
113 if (conn instanceof HttpsURLConnection) {
114 ((HttpsURLConnection)conn).setSSLSocketFactory(sslSocketFactory);
115 ((HttpsURLConnection )conn).setRequestMethod("POST");
116 ((HttpsURLConnection)conn).setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
118 ((HttpURLConnection) conn).setRequestMethod("POST");
120 conn.setConnectTimeout(SECURELOGIN_TIMEOUT);
121 conn.setReadTimeout(SECURELOGIN_TIMEOUT);
123 conn.setDoInput(true);
124 conn.setDoOutput(true);
126 List<NameValuePair> postData = new ArrayList<NameValuePair>();
127 postData.add(new BasicNameValuePair("cmd", "authenticate"));
128 postData.add(new BasicNameValuePair("Login", "Log+In"));
129 postData.add(new BasicNameValuePair("user", task.settings.username));
130 postData.add(new BasicNameValuePair("password", task.settings.password));
132 OutputStream os = conn.getOutputStream();
133 BufferedWriter writer = new BufferedWriter(
134 new OutputStreamWriter(os, "UTF-8"));
135 String postString = encodePostData(postData);
136 writer.write(postString);
144 if (conn instanceof HttpsURLConnection)
145 responseCode = ((HttpsURLConnection)conn).getResponseCode();
147 responseCode = ((HttpURLConnection)conn).getResponseCode();
149 if (responseCode == HttpsURLConnection.HTTP_OK) {
150 task.responseReceived = true;
152 BufferedReader br=new BufferedReader(new InputStreamReader(conn.getInputStream()));
153 while ((line=br.readLine()) != null) {
154 responseString.append(line);
157 task.responseError = "HTTP " + Integer.toString(responseCode);
160 } catch (Exception e) {
161 task.responseError = e.getMessage();
162 Log.i("SecureLogin", e.toString() + ":" + e.getMessage());
165 task.responseString = responseString.toString();
171 protected void onPreExecute() {
172 super.onPreExecute();
177 protected void onPostExecute(SecureLoginTask task) {
178 super.onPostExecute(task);
180 boolean success = false;
183 if(task.responseReceived) {
184 Pattern p1 = Pattern.compile(SECURELOGIN_SUCCESS_REGEX);
185 Pattern p2 = Pattern.compile(SECURELOGIN_FAILED_REGEX);
187 Matcher m1 = p1.matcher(task.responseString);
188 Matcher m2 = p2.matcher(task.responseString);
193 error = "Incorrect username or password code entered. Please try again.";
195 error = "An unknown error occured!";
196 } else if(task.responseError != null) {
197 error = task.responseError;
200 task.loginCallback.onSecureLoginSuccess();
202 task.loginCallback.onSecureLoginFailed(error);
205 private String encodePostData(List<NameValuePair> params) throws UnsupportedEncodingException {
206 StringBuilder result = new StringBuilder();
207 boolean first = true;
209 for (NameValuePair pair : params) {
215 result.append(URLEncoder.encode(pair.getName(), "UTF-8"));
217 result.append(URLEncoder.encode(pair.getValue(), "UTF-8"));
220 return result.toString();