Bug 738515 - Null credentials in setup. r=rnewman

mobile/android/base/sync/jpake/JPakeClient.java

@@ -25,6 +25,7 @@ import org.mozilla.gecko.sync.jpake.stage.ComputeKeyVerificationStage;
 import org.mozilla.gecko.sync.jpake.stage.ComputeStepOneStage;
 import org.mozilla.gecko.sync.jpake.stage.ComputeStepTwoStage;
 import org.mozilla.gecko.sync.jpake.stage.DecryptDataStage;
+import org.mozilla.gecko.sync.jpake.stage.DeleteChannel;
 import org.mozilla.gecko.sync.jpake.stage.GetChannelStage;
 import org.mozilla.gecko.sync.jpake.stage.GetRequestStage;
 import org.mozilla.gecko.sync.jpake.stage.JPakeStage;
@@ -237,6 +238,17 @@ public class JPakeClient {
    */
   public void abort(String reason) {
     finished = true;
+    if (Constants.JPAKE_ERROR_CHANNEL.equals(reason) ||
+        Constants.JPAKE_ERROR_NETWORK.equals(reason) ||
+        Constants.JPAKE_ERROR_NODATA.equals(reason)) {
+      displayAbort(reason);
+    } else {
+      // Delete channel, then call controller's displayAbort in callback.
+      new DeleteChannel().execute(this, reason);
+    }
+  }
+
+  public void displayAbort(String reason) {
     controllerActivity.displayAbort(reason);
   }
 

mobile/android/base/sync/jpake/stage/DecryptDataStage.java

@@ -69,6 +69,13 @@ public class DecryptDataStage extends JPakeStage {
       return;
     }
 
+    // Check that credentials were actually sent over.
+    if (!checkCredentials(jClient.jCreds)) {
+      Logger.error(LOG_TAG, "Credentials contain nulls, setup cannot be completed.");
+      jClient.abort(Constants.JPAKE_ERROR_INTERNAL);
+      return;
+    }
+
     jClient.runNextStage();
   }
 
@@ -106,7 +113,22 @@ public class DecryptDataStage extends JPakeStage {
    * @throws Exception
    */
   private JSONObject getJSONObject(String jsonString) throws IOException, ParseException{
-    Reader in = new StringReader(jsonString);
+    final Reader in = new StringReader(jsonString);
     return (JSONObject) new JSONParser().parse(in);
   }
+
+  private boolean checkCredentials(JSONObject creds) {
+    final String accountName = (String) creds.get(Constants.JSON_KEY_ACCOUNT);
+    final String password    = (String) creds.get(Constants.JSON_KEY_PASSWORD);
+    final String syncKey     = (String) creds.get(Constants.JSON_KEY_SYNCKEY);
+    final String serverUrl   = (String) creds.get(Constants.JSON_KEY_SERVER);
+
+    if (accountName == null || accountName.equals("") ||
+        password    == null || password.equals("")    ||
+        syncKey     == null || syncKey.equals("")     ||
+        serverUrl   == null || serverUrl.equals("")) {
+      return false;
+    }
+    return true;
+  }
 }

mobile/android/base/sync/jpake/stage/DeleteChannel.java

@@ -0,0 +1,90 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+package org.mozilla.gecko.sync.jpake.stage;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.security.GeneralSecurityException;
+
+import org.mozilla.gecko.sync.Logger;
+import org.mozilla.gecko.sync.jpake.JPakeClient;
+import org.mozilla.gecko.sync.net.BaseResource;
+import org.mozilla.gecko.sync.net.SyncResourceDelegate;
+
+import ch.boye.httpclientandroidlib.HttpResponse;
+import ch.boye.httpclientandroidlib.client.ClientProtocolException;
+import ch.boye.httpclientandroidlib.client.methods.HttpRequestBase;
+import ch.boye.httpclientandroidlib.impl.client.DefaultHttpClient;
+import ch.boye.httpclientandroidlib.message.BasicHeader;
+
+public class DeleteChannel {
+  private static final String LOG_TAG = "DeleteChannel";
+
+  public static final String KEYEXCHANGE_ID_HEADER  = "X-KeyExchange-Id";
+  public static final String KEYEXCHANGE_CID_HEADER = "X-KeyExchange-Cid";
+
+  public void execute(final JPakeClient jClient, final String reason) {
+    final BaseResource httpResource;
+    try {
+      httpResource = new BaseResource(jClient.channelUrl);
+    } catch (URISyntaxException e) {
+      Logger.debug(LOG_TAG, "Encountered URISyntax exception, displaying abort anyway.");
+      jClient.displayAbort(reason);
+      return;
+    }
+    httpResource.delegate = new SyncResourceDelegate(httpResource) {
+
+      @Override
+      public void addHeaders(HttpRequestBase request, DefaultHttpClient client) {
+        request.setHeader(new BasicHeader(KEYEXCHANGE_ID_HEADER,  jClient.clientId));
+        request.setHeader(new BasicHeader(KEYEXCHANGE_CID_HEADER, jClient.channel));
+      }
+
+      @Override
+      public void handleHttpResponse(HttpResponse response) {
+        try {
+          int statusCode = response.getStatusLine().getStatusCode();
+          switch (statusCode) {
+            case 200:
+              Logger.info(LOG_TAG, "Successfully reported error to server.");
+              break;
+            case 403:
+              Logger.info(LOG_TAG, "IP is blacklisted.");
+              break;
+            case 400:
+              Logger.info(LOG_TAG, "Bad request (missing logs, or bad ids");
+              break;
+            default:
+              Logger.info(LOG_TAG, "Server returned " + statusCode);
+          }
+        } finally {
+          BaseResource.consumeEntity(response);
+          // Always call displayAbort, even if abort fails. We can't do anything about it.
+          jClient.displayAbort(reason);
+        }
+      }
+
+      @Override
+      public void handleHttpProtocolException(ClientProtocolException e) {
+        Logger.debug(LOG_TAG, "Encountered HttpProtocolException, displaying abort anyway.");
+        jClient.displayAbort(reason);
+      }
+
+      @Override
+      public void handleHttpIOException(IOException e) {
+        Logger.debug(LOG_TAG, "Encountered IOException, displaying abort anyway.");
+        jClient.displayAbort(reason);
+      }
+
+      @Override
+      public void handleTransportException(GeneralSecurityException e) {
+        Logger.debug(LOG_TAG, "Encountered GeneralSecurityException, displaying abort anyway.");
+        jClient.displayAbort(reason);
+      }
+    };
+
+    httpResource.delete();
+  }
+}

mobile/android/base/sync/jpake/stage/GetChannelStage.java

@@ -67,11 +67,11 @@ public class GetChannelStage extends JPakeStage {
       makeChannelRequest(callbackDelegate, jClient.jpakeServer + "new_channel", jClient.clientId);
     } catch (URISyntaxException e) {
       Logger.error(LOG_TAG, "Incorrect URI syntax.", e);
-      jClient.abort(Constants.JPAKE_ERROR_INVALID);
+      jClient.abort(Constants.JPAKE_ERROR_CHANNEL);
       return;
     } catch (Exception e) {
       Logger.error(LOG_TAG, "Unexpected exception.", e);
-      jClient.abort(Constants.JPAKE_ERROR_INTERNAL);
+      jClient.abort(Constants.JPAKE_ERROR_CHANNEL);
       return;
     }
   }