Only use SSL for login and signup as it causes problems with GET methods

bipinvaylu · Aug 16, 2011 · f0e0622 · f0e0622
1 parent 92c5a26
commit f0e0622
Show file tree

Hide file tree

Showing 5 changed files with 136 additions and 13 deletions.
diff --git a/app/src/fm/last/android/AndroidLastFmServerFactory.java b/app/src/fm/last/android/AndroidLastFmServerFactory.java
@@ -1,3 +1,4 @@
+package fm.last.android;
 /***************************************************************************
  *   Copyright 2005-2009 Last.fm Ltd.                                      *
  *   Portions contributed by Casey Link, Lukasz Wisniewski,                *
@@ -18,16 +19,18 @@
  *   Free Software Foundation, Inc.,                                       *
  *   51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.         *
  ***************************************************************************/
-package fm.last.android;
+
 
 import fm.last.api.LastFmServer;
 import fm.last.api.LastFmServerFactory;
 
 public class AndroidLastFmServerFactory {
 	private static final String API_KEY = PrivateAPIKey.KEY;
 	private static final String API_SECRET = PrivateAPIKey.SECRET;
-	private static final String XMLRPC_ROOT_URL = "https://ws.audioscrobbler.com/2.0/";
+	private static final String XMLRPC_ROOT_URL = "http://ws.audioscrobbler.com/2.0/";
+	private static final String XMLRPC_ROOT_URL_SECURE = "https://ws.audioscrobbler.com/2.0/";
 	private static LastFmServer server;
+	private static LastFmServer secureServer;
 
 	private AndroidLastFmServerFactory() {
 	}
@@ -39,4 +42,11 @@ public static LastFmServer getServer() {
 		return server;
 	}
 
+	public static LastFmServer getSecureServer() {
+		if (secureServer == null) {
+			secureServer = LastFmServerFactory.getServer(XMLRPC_ROOT_URL_SECURE, API_KEY, API_SECRET);
+		}
+		return secureServer;
+	}
+
 }
diff --git a/app/src/fm/last/android/LastFm.java b/app/src/fm/last/android/LastFm.java
@@ -257,12 +257,13 @@ public Session doInBackground(String... params) {
 
 		Session login(String user, String pass) throws Exception, WSError {
 			user = user.toLowerCase().trim();
-			LastFmServer server = AndroidLastFmServerFactory.getServer();
+			LastFmServer server = AndroidLastFmServerFactory.getSecureServer();
 			String md5Password = MD5.getInstance().hash(pass);
 			String authToken = MD5.getInstance().hash(user + md5Password);
 			Session session = server.getMobileSession(user, authToken);
 			if (session == null)
 				throw (new WSError("auth.getMobileSession", "auth failure", WSError.ERROR_AuthenticationFailed));
+			server = AndroidLastFmServerFactory.getServer();
 			userSession = server.getSessionInfo(session.getKey());
 			if(Integer.decode(Build.VERSION.SDK) >= 6) {
 				Parcelable authResponse = null;

diff --git a/app/src/fm/last/android/activity/SignUp.java b/app/src/fm/last/android/activity/SignUp.java
@@ -44,7 +44,7 @@ public class SignUp extends Activity {
 
 	protected OnClickListener mOnSignUpClickListener = new OnClickListener() {
 		public void onClick(View v) {
-			LastFmServer server = AndroidLastFmServerFactory.getServer();
+			LastFmServer server = AndroidLastFmServerFactory.getSecureServer();
 			try {
 				String username = mUsername.getText().toString();
 				String password = mPassword.getText().toString();

diff --git a/library/src/fm/last/api/impl/LastFmServerImpl.java b/library/src/fm/last/api/impl/LastFmServerImpl.java
@@ -68,8 +68,9 @@ final class LastFmServerImpl implements LastFmServer {
 	private class Parser<T> {
 		@SuppressWarnings("unchecked")
 		public T getItem(String baseUrl, Map<String, String> params, String nodeName, XMLBuilder<?> builder) throws IOException, WSError {
+			Log.i("Last.fm", "BaseURL: " + baseUrl);
 			String response = UrlUtil.doGet(baseUrl, params);
-
+			Log.i("Last.fm", "Response: " + response);
 			Document responseXML = null;
 			try {
 				responseXML = XMLUtil.stringToDocument(response);

diff --git a/library/src/fm/last/util/UrlUtil.java b/library/src/fm/last/util/UrlUtil.java
@@ -32,9 +32,18 @@
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.net.URLEncoder;
+import java.security.cert.CertificateException;
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+import java.security.cert.X509Certificate;
+
 import android.graphics.Bitmap;
 import android.graphics.BitmapFactory;
 import android.util.Log;
@@ -54,14 +63,60 @@ private UrlUtil() {
 
 	public static String useragent;
 
+	// always verify the host - dont check for certificate
+	final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
+	        public boolean verify(String hostname, SSLSession session) {
+	                return true;
+	        }
+	};
+
+	/**
+	 * Trust every server - dont check for any certificate
+	 */
+	private static void trustAllHosts() {
+	        // Create a trust manager that does not validate certificate chains
+	        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
+	                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+	                        return new java.security.cert.X509Certificate[] {};
+	                }
+
+	                public void checkClientTrusted(X509Certificate[] chain,
+	                                String authType) throws CertificateException {
+	                }
+
+	                public void checkServerTrusted(X509Certificate[] chain,
+	                                String authType) throws CertificateException {
+	                }
+	        } };
+
+	        // Install the all-trusting trust manager
+	        try {
+	                SSLContext sc = SSLContext.getInstance("TLS");
+	                sc.init(null, trustAllCerts, new java.security.SecureRandom());
+	                HttpsURLConnection
+	                                .setDefaultSSLSocketFactory(sc.getSocketFactory());
+	        } catch (Exception e) {
+	                e.printStackTrace();
+	        }
+	}
+
 	/** mainly sets the User-Agent we need */
 	private static void setUserAgent(HttpURLConnection conn) {
 		if (useragent != null)
 			conn.setRequestProperty("User-Agent", useragent);
 	}
 
 	public static URL getRedirectedUrl(URL url) throws IOException {
-		HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+		HttpURLConnection conn = null;
+
+        if (url.getProtocol().toLowerCase().equals("https")) {
+            trustAllHosts();
+            HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
+            https.setHostnameVerifier(DO_NOT_VERIFY);
+            conn = https;
+        } else {
+        	conn = (HttpURLConnection) url.openConnection();
+        }
 		setUserAgent(conn);
 		conn.setRequestMethod("GET");
 		conn.setInstanceFollowRedirects(false);
@@ -115,7 +170,16 @@ public static String doPost(URL url, InputStream stuffToPost) throws IOException
 	}
 
 	public static String doPost(URL url, InputStream stuffToPost, String contentType) throws IOException {
-		HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+		HttpURLConnection conn = null;
+
+        if (url.getProtocol().toLowerCase().equals("https")) {
+            trustAllHosts();
+            HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
+            https.setHostnameVerifier(DO_NOT_VERIFY);
+            conn = https;
+        } else {
+        	conn = (HttpURLConnection) url.openConnection();
+        }
 		setUserAgent(conn);
 		conn.setRequestMethod("POST");
 		conn.setDoOutput(true);
@@ -161,7 +225,16 @@ public static String doPost(URL url, InputStream stuffToPost, String contentType
 	}
 
 	public static String doGet(URL url) throws IOException {
-		HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+		HttpURLConnection conn = null;
+
+        if (url.getProtocol().toLowerCase().equals("https")) {
+            trustAllHosts();
+            HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
+            https.setHostnameVerifier(DO_NOT_VERIFY);
+            conn = https;
+        } else {
+        	conn = (HttpURLConnection) url.openConnection();
+        }
 		setUserAgent(conn);
 		conn.setRequestMethod("GET");
 		conn.setRequestProperty("connection", "close");
@@ -192,7 +265,16 @@ public static String doGet(URL url) throws IOException {
 	 * @throws IOException
 	 */
 	public static byte[] doGetAndReturnBytes(URL url, int maxBytes) throws IOException {
-		HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+		HttpURLConnection conn = null;
+
+        if (url.getProtocol().toLowerCase().equals("https")) {
+            trustAllHosts();
+            HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
+            https.setHostnameVerifier(DO_NOT_VERIFY);
+            conn = https;
+        } else {
+        	conn = (HttpURLConnection) url.openConnection();
+        }
 		setUserAgent(conn);
 		conn.setRequestMethod("GET");
 		conn.setRequestProperty("connection", "close");
@@ -246,7 +328,7 @@ public static String doPost(String baseurl, Map<String, String> params) throws I
 
 	private static String escape(String s) {
 		try {
-			return URLEncoder.encode(s, "UTF-8").replace("/", "%2f");
+			return URLEncoder.encode(s, "UTF-8");
 		} catch (UnsupportedEncodingException e) {
 			Log.e("UrlUtil", "Cannot find UTF-8 encoding - this is not very likely!");
 			return s;
@@ -255,23 +337,52 @@ private static String escape(String s) {
 	}
 
 	public static String getXML(URL url) throws IOException {
-		HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+		HttpURLConnection conn = null;
+
+        if (url.getProtocol().toLowerCase().equals("https")) {
+            trustAllHosts();
+            HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
+            https.setHostnameVerifier(DO_NOT_VERIFY);
+            conn = https;
+        } else {
+        	conn = (HttpURLConnection) url.openConnection();
+        }
 		setUserAgent(conn);
 		conn.setRequestProperty("connection", "close");
 		conn.setRequestMethod("GET");
 		BufferedReader reader = null;
+		String output = null;
 		try {
 			reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
-			return toString(reader);
+			output = toString(reader);
 		} finally {
 			if (reader != null) {
 				reader.close();
 			}
 		}
+		// Dispatch any queued Analytics data while we've got the network
+		// open
+		try {
+			GoogleAnalyticsTracker tracker = GoogleAnalyticsTracker.getInstance();
+			if(tracker != null)
+				tracker.dispatch();
+		} catch (Exception e1) {
+			//ignore any exceptions thrown by analytics
+		}
+		return output;
 	}
 
 	public static Bitmap getImage(URL url) throws IOException {
-		HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+		HttpURLConnection conn = null;
+
+        if (url.getProtocol().toLowerCase().equals("https")) {
+            trustAllHosts();
+            HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
+            https.setHostnameVerifier(DO_NOT_VERIFY);
+            conn = https;
+        } else {
+        	conn = (HttpURLConnection) url.openConnection();
+        }
 		setUserAgent(conn);
 		conn.setRequestProperty("connection", "close");
 		conn.setRequestMethod("GET");