1 /* SecureLoginManager.java
3 * This program is free software: you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License as published by
5 * the Free Software Foundation, either version 3 of the License, or
6 * (at your option) any later version.
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 package de.dhbwloe.campusapp.wifi;
18 import android.app.DownloadManager;
19 import android.net.NetworkInfo;
20 import android.net.SSLCertificateSocketFactory;
21 import android.net.SSLSessionCache;
22 import android.net.wifi.WifiInfo;
23 import android.os.AsyncTask;
24 import android.util.Log;
26 import java.io.BufferedReader;
27 import java.io.BufferedWriter;
28 import java.io.IOException;
29 import java.io.InputStreamReader;
30 import java.io.OutputStream;
31 import java.io.OutputStreamWriter;
32 import java.io.UnsupportedEncodingException;
33 import java.net.HttpURLConnection;
35 import java.net.URLConnection;
36 import java.net.URLEncoder;
37 import java.security.KeyManagementException;
38 import java.security.NoSuchAlgorithmException;
39 import java.util.ArrayList;
40 import java.util.List;
41 import java.util.regex.Matcher;
42 import java.util.regex.Pattern;
44 import javax.net.ssl.HttpsURLConnection;
45 import javax.net.ssl.KeyManager;
46 import javax.net.ssl.SSLContext;
47 import javax.net.ssl.SSLSocket;
48 import javax.net.ssl.SSLSocketFactory;
49 import javax.net.ssl.TrustManager;
51 import cz.msebera.android.httpclient.HttpVersion;
52 import cz.msebera.android.httpclient.NameValuePair;
53 import cz.msebera.android.httpclient.client.HttpClient;
54 import cz.msebera.android.httpclient.client.methods.HttpPost;
55 import cz.msebera.android.httpclient.conn.ClientConnectionManager;
56 import cz.msebera.android.httpclient.conn.scheme.PlainSocketFactory;
57 import cz.msebera.android.httpclient.conn.scheme.Scheme;
58 import cz.msebera.android.httpclient.conn.scheme.SchemeRegistry;
59 import cz.msebera.android.httpclient.impl.client.DefaultHttpClient;
60 import cz.msebera.android.httpclient.impl.conn.tsccm.ThreadSafeClientConnManager;
61 import cz.msebera.android.httpclient.message.BasicNameValuePair;
62 import cz.msebera.android.httpclient.params.BasicHttpParams;
63 import cz.msebera.android.httpclient.params.HttpParams;
64 import cz.msebera.android.httpclient.params.HttpProtocolParams;
65 import cz.msebera.android.httpclient.protocol.HTTP;
66 import de.dhbwloe.campusapp.CampusAppContext;
69 * Created by pk910 on 08.02.2016.
71 public class SecureLoginManager extends AsyncTask<SecureLoginTask, Void, SecureLoginTask> {
72 private static final String SECURELOGIN_URL = "https://securelogin1.dhbw-loerrach.de/cgi-bin/login";
73 private static final int SECURELOGIN_TIMEOUT = 20000;
74 private static final int SECURELOGIN_HANDSHAKE_TIMEOUT = 10000;
75 private static String SECURELOGIN_FAILED_REGEX = "Authentication failed";
76 private static String SECURELOGIN_SUCCESS_REGEX = "User Authenticated";
78 public interface SecureLoginResult {
79 void onSecureLoginFailed(String errMsg);
80 void onSecureLoginSuccess();
83 private CampusAppContext AppContext;
84 private SecureLoginTask task;
85 private String responseString;
88 protected SecureLoginTask doInBackground(SecureLoginTask... params) {
90 if (AppContext == null)
91 AppContext = CampusAppContext.getInstance();
93 task.responseReceived = false;
94 task.responseString = null;
96 //build login post request:
97 //https://securelogin1.dhbw-loerrach.de/cgi-bin/login
98 // user=***censored***
99 // password=***censored***
103 /* Dear DHBW Tech Guys
104 * Go and replace these fucking outdated and insecure SSL implementation for your "secure"login page!
107 * Ok, after ~3 days android ssl library analysis, i've finnaly made it communicating with an 3DES Endpoint.
108 * Dear DHBW Tech Guys, gu fuck yourself! If you don't know why, continue (^.^)
111 //SSLSocket socket = null;
112 StringBuilder responseString = new StringBuilder();
114 SSLContext sslContext = SSLContext.getInstance("TLS");
115 SecureLoginTrustManager loginTrustManager = new SecureLoginTrustManager();
116 sslContext.init(null, new TrustManager[]{loginTrustManager}, null);
117 SSLSocketFactory innerSslSocketPactory = SSLCertificateSocketFactory.getInsecure(SECURELOGIN_HANDSHAKE_TIMEOUT, new SSLSessionCache(AppContext.getMainActivity()));
118 SSLSocketFactory sslSocketFactory = new SecureLoginSocketFactory(sslContext, innerSslSocketPactory);
120 //SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket("securelogin1.dhbw-loerrach.de", 443);
121 //socket.startHandshake();
123 Log.i("SecureLogin", "HTTPS INITIALIZED");
125 URL url = new URL(SECURELOGIN_URL);
126 URLConnection conn = url.openConnection();
128 if (conn instanceof HttpsURLConnection) {
129 ((HttpsURLConnection)conn).setSSLSocketFactory(sslSocketFactory);
130 ((HttpsURLConnection )conn).setRequestMethod("POST");
131 ((HttpsURLConnection)conn).setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
133 ((HttpURLConnection) conn).setRequestMethod("POST");
135 conn.setConnectTimeout(SECURELOGIN_TIMEOUT);
136 conn.setReadTimeout(SECURELOGIN_TIMEOUT);
138 conn.setDoInput(true);
139 conn.setDoOutput(true);
141 List<NameValuePair> postData = new ArrayList<NameValuePair>();
142 postData.add(new BasicNameValuePair("cmd", "authenticate"));
143 postData.add(new BasicNameValuePair("Login", "Log+In"));
144 postData.add(new BasicNameValuePair("user", task.settings.username));
145 postData.add(new BasicNameValuePair("password", task.settings.password));
147 OutputStream os = conn.getOutputStream();
148 BufferedWriter writer = new BufferedWriter(
149 new OutputStreamWriter(os, "UTF-8"));
150 String postString = encodePostData(postData);
151 writer.write(postString);
159 if (conn instanceof HttpsURLConnection)
160 responseCode = ((HttpsURLConnection)conn).getResponseCode();
162 responseCode = ((HttpURLConnection)conn).getResponseCode();
164 if (responseCode == HttpsURLConnection.HTTP_OK) {
165 task.responseReceived = true;
167 BufferedReader br=new BufferedReader(new InputStreamReader(conn.getInputStream()));
168 while ((line=br.readLine()) != null) {
169 responseString.append(line);
172 task.responseError = "HTTP " + Integer.toString(responseCode);
175 } catch (Exception e) {
176 task.responseError = e.getMessage();
177 Log.i("SecureLogin", e.toString() + ":" + e.getMessage());
180 task.responseString = responseString.toString();
186 protected void onPreExecute() {
187 super.onPreExecute();
192 protected void onPostExecute(SecureLoginTask task) {
193 super.onPostExecute(task);
195 boolean success = false;
198 if(task.responseReceived) {
199 Pattern p1 = Pattern.compile(SECURELOGIN_SUCCESS_REGEX);
200 Pattern p2 = Pattern.compile(SECURELOGIN_FAILED_REGEX);
202 Matcher m1 = p1.matcher(task.responseString);
203 Matcher m2 = p2.matcher(task.responseString);
208 error = "Incorrect username or password code entered. Please try again.";
210 error = "An unknown error occured!";
211 } else if(task.responseError != null) {
212 error = task.responseError;
215 task.loginCallback.onSecureLoginSuccess();
217 task.loginCallback.onSecureLoginFailed(error);
220 private String encodePostData(List<NameValuePair> params) throws UnsupportedEncodingException {
221 StringBuilder result = new StringBuilder();
222 boolean first = true;
224 for (NameValuePair pair : params) {
230 result.append(URLEncoder.encode(pair.getName(), "UTF-8"));
232 result.append(URLEncoder.encode(pair.getValue(), "UTF-8"));
235 return result.toString();