1 package de.dhbwloe.campusapp.wifi;
3 import android.app.DownloadManager;
4 import android.net.NetworkInfo;
5 import android.net.SSLCertificateSocketFactory;
6 import android.net.SSLSessionCache;
7 import android.net.wifi.WifiInfo;
8 import android.os.AsyncTask;
9 import android.util.Log;
11 import java.io.BufferedReader;
12 import java.io.BufferedWriter;
13 import java.io.IOException;
14 import java.io.InputStreamReader;
15 import java.io.OutputStream;
16 import java.io.OutputStreamWriter;
17 import java.io.UnsupportedEncodingException;
18 import java.net.HttpURLConnection;
20 import java.net.URLConnection;
21 import java.net.URLEncoder;
22 import java.security.KeyManagementException;
23 import java.security.NoSuchAlgorithmException;
24 import java.util.ArrayList;
25 import java.util.List;
26 import java.util.regex.Matcher;
27 import java.util.regex.Pattern;
29 import javax.net.ssl.HttpsURLConnection;
30 import javax.net.ssl.KeyManager;
31 import javax.net.ssl.SSLContext;
32 import javax.net.ssl.SSLSocket;
33 import javax.net.ssl.SSLSocketFactory;
34 import javax.net.ssl.TrustManager;
36 import cz.msebera.android.httpclient.HttpVersion;
37 import cz.msebera.android.httpclient.NameValuePair;
38 import cz.msebera.android.httpclient.client.HttpClient;
39 import cz.msebera.android.httpclient.client.methods.HttpPost;
40 import cz.msebera.android.httpclient.conn.ClientConnectionManager;
41 import cz.msebera.android.httpclient.conn.scheme.PlainSocketFactory;
42 import cz.msebera.android.httpclient.conn.scheme.Scheme;
43 import cz.msebera.android.httpclient.conn.scheme.SchemeRegistry;
44 import cz.msebera.android.httpclient.impl.client.DefaultHttpClient;
45 import cz.msebera.android.httpclient.impl.conn.tsccm.ThreadSafeClientConnManager;
46 import cz.msebera.android.httpclient.message.BasicNameValuePair;
47 import cz.msebera.android.httpclient.params.BasicHttpParams;
48 import cz.msebera.android.httpclient.params.HttpParams;
49 import cz.msebera.android.httpclient.params.HttpProtocolParams;
50 import cz.msebera.android.httpclient.protocol.HTTP;
51 import de.dhbwloe.campusapp.CampusAppContext;
54 * Created by pk910 on 08.02.2016.
56 public class SecureLoginManager extends AsyncTask<SecureLoginTask, Void, SecureLoginTask> {
57 private static final String SECURELOGIN_URL = "https://securelogin1.dhbw-loerrach.de/cgi-bin/login";
58 private static final int SECURELOGIN_TIMEOUT = 20000;
59 private static final int SECURELOGIN_HANDSHAKE_TIMEOUT = 10000;
60 private static String SECURELOGIN_FAILED_REGEX = "Authentication failed";
61 private static String SECURELOGIN_SUCCESS_REGEX = "User Authenticated";
63 public interface SecureLoginResult {
64 void onSecureLoginFailed(String errMsg);
65 void onSecureLoginSuccess();
68 private CampusAppContext AppContext;
69 private SecureLoginTask task;
70 private String responseString;
73 protected SecureLoginTask doInBackground(SecureLoginTask... params) {
75 if (AppContext == null)
76 AppContext = CampusAppContext.getInstance();
78 task.responseReceived = false;
79 task.responseString = null;
81 //build login post request:
82 //https://securelogin1.dhbw-loerrach.de/cgi-bin/login
83 // user=***censored***
84 // password=***censored***
88 /* Dear DHBW Tech Guys
89 * Go and replace these fucking outdated and insecure SSL implementation for your "secure"login page!
92 * Ok, after ~3 days android ssl library analysis, i've finnaly made it communicating with an 3DES Endpoint.
93 * Dear DHBW Tech Guys, gu fuck yourself! If you don't know why, continue (^.^)
96 //SSLSocket socket = null;
97 StringBuilder responseString = new StringBuilder();
99 SSLContext sslContext = SSLContext.getInstance("TLS");
100 SecureLoginTrustManager loginTrustManager = new SecureLoginTrustManager();
101 sslContext.init(null, new TrustManager[]{loginTrustManager}, null);
102 SSLSocketFactory innerSslSocketPactory = SSLCertificateSocketFactory.getInsecure(SECURELOGIN_HANDSHAKE_TIMEOUT, new SSLSessionCache(AppContext.getMainActivity()));
103 SSLSocketFactory sslSocketFactory = new SecureLoginSocketFactory(sslContext, innerSslSocketPactory);
105 //SSLSocket socket = (SSLSocket) sslSocketFactory.createSocket("securelogin1.dhbw-loerrach.de", 443);
106 //socket.startHandshake();
108 Log.i("SecureLogin", "HTTPS INITIALIZED");
110 URL url = new URL(SECURELOGIN_URL);
111 URLConnection conn = url.openConnection();
112 if (conn instanceof HttpsURLConnection) {
113 ((HttpsURLConnection)conn).setSSLSocketFactory(sslSocketFactory);
114 ((HttpsURLConnection )conn).setRequestMethod("POST");
115 ((HttpsURLConnection)conn).setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
117 ((HttpURLConnection) conn).setRequestMethod("POST");
119 conn.setConnectTimeout(SECURELOGIN_TIMEOUT);
120 conn.setReadTimeout(SECURELOGIN_TIMEOUT);
122 conn.setDoInput(true);
123 conn.setDoOutput(true);
125 List<NameValuePair> postData = new ArrayList<NameValuePair>();
126 postData.add(new BasicNameValuePair("cmd", "authenticate"));
127 postData.add(new BasicNameValuePair("Login", "Log+In"));
128 postData.add(new BasicNameValuePair("user", task.settings.username));
129 postData.add(new BasicNameValuePair("password", task.settings.password));
131 OutputStream os = conn.getOutputStream();
132 BufferedWriter writer = new BufferedWriter(
133 new OutputStreamWriter(os, "UTF-8"));
134 String postString = encodePostData(postData);
135 writer.write(postString);
143 if (conn instanceof HttpsURLConnection)
144 responseCode = ((HttpsURLConnection)conn).getResponseCode();
146 responseCode = ((HttpURLConnection)conn).getResponseCode();
148 if (responseCode == HttpsURLConnection.HTTP_OK) {
149 task.responseReceived = true;
151 BufferedReader br=new BufferedReader(new InputStreamReader(conn.getInputStream()));
152 while ((line=br.readLine()) != null) {
153 responseString.append(line);
156 task.responseError = "HTTP " + Integer.toString(responseCode);
159 } catch (Exception e) {
160 task.responseError = e.getMessage();
163 task.responseString = responseString.toString();
169 protected void onPreExecute() {
170 super.onPreExecute();
175 protected void onPostExecute(SecureLoginTask task) {
176 super.onPostExecute(task);
178 boolean success = false;
181 if(task.responseReceived) {
182 Pattern p1 = Pattern.compile(SECURELOGIN_SUCCESS_REGEX);
183 Pattern p2 = Pattern.compile(SECURELOGIN_FAILED_REGEX);
185 Matcher m1 = p1.matcher(task.responseString);
186 Matcher m2 = p2.matcher(task.responseString);
191 error = "Incorrect username or password code entered. Please try again.";
193 error = "An unknown error occured!";
194 } else if(task.responseError != null) {
195 error = task.responseError;
198 task.loginCallback.onSecureLoginSuccess();
200 task.loginCallback.onSecureLoginFailed(error);
203 private String encodePostData(List<NameValuePair> params) throws UnsupportedEncodingException {
204 StringBuilder result = new StringBuilder();
205 boolean first = true;
207 for (NameValuePair pair : params) {
213 result.append(URLEncoder.encode(pair.getName(), "UTF-8"));
215 result.append(URLEncoder.encode(pair.getValue(), "UTF-8"));
218 return result.toString();