Load CA bundle from APK

Remove Assetbridge
mapbox · Nov 17, 2014 · 80be6c4 · 80be6c4
1 parent f0e4e27
commit 80be6c4
Show file tree

Hide file tree

Showing 6 changed files with 107 additions and 177 deletions.
diff --git a/android/LICENSE_ASSETBRIDGE b/android/LICENSE_ASSETBRIDGE
diff --git a/android/java/lib/src/main/java/com/arieslabs/assetbridge/Assetbridge.java b/android/java/lib/src/main/java/com/arieslabs/assetbridge/Assetbridge.java
diff --git a/android/java/lib/src/main/java/com/mapbox/mapboxgl/lib/MapView.java b/android/java/lib/src/main/java/com/mapbox/mapboxgl/lib/MapView.java
@@ -16,7 +16,6 @@
 import android.os.Bundle;
 import android.support.annotation.NonNull;
 import android.util.AttributeSet;
-import android.util.DisplayMetrics;
 import android.util.Log;
 import android.view.GestureDetector;
 import android.view.InputDevice;
@@ -31,7 +30,6 @@
 
 import com.almeros.android.multitouch.gesturedetectors.RotateGestureDetector;
 import com.almeros.android.multitouch.gesturedetectors.TwoFingerGestureDetector;
-import com.arieslabs.assetbridge.Assetbridge;
 
 // Custom view that shows a Map
 // Based on SurfaceView as we use OpenGL ES to render
@@ -143,9 +141,6 @@ private void initialize(Context context, AttributeSet attrs) {
         String dataPath = context.getFilesDir().getAbsolutePath();
         String apkPath = context.getPackageCodePath();
 
-        // Extract the asset files
-        Assetbridge.unpack(context);
-
         // Load the map style and API key
         //mStyleUrl = "https://mapbox.github.io/mapbox-gl-styles/styles/bright-v6.json";
         mStyleUrl = "asset://styles/styles/bright-v6.json";

diff --git a/gyp/mbgl-android.gypi b/gyp/mbgl-android.gypi
@@ -12,6 +12,7 @@
           '<@(curl_cflags)',
           '<@(nu_cflags)',
           '<@(zip_cflags)',
+          '<@(openssl_cflags)',
           '-I<(boost_root)/include',
         ],
         'cflags': [

diff --git a/platform/android/asset_request_baton.cpp b/platform/android/asset_request_baton.cpp
@@ -89,25 +89,7 @@ void AssetRequestBaton::run(uv_async_t *async) {
         cleanup(async);
         return;
     }
-/*
-    if (stat.size > std::numeric_limits<int>::max()) {
-        // File is too large for us to open this way because uv_buf's only support unsigned
-        // ints as maximum size.
-        if (ptr->request) {
-            ptr->request->response = std::unique_ptr<Response>(new Response);
-            ptr->request->response->code = UV_EFBIG;
-            ptr->request->response->message = uv_strerror(UV_EFBIG);
-            ptr->request->notify();
-        }
-        zip_fclose(ptr->apk_file);
-        ptr->apk_file = nullptr;
-        zip_close(ptr->apk);
-        ptr->apk = nullptr;
-        cleanup(async);
-        return;
-    }
-*/
-    //const unsigned int size = static_cast<unsigned int>(stat.size);
+
     const std::unique_ptr<char[]> body = boost::make_unique<char[]>(stat.size);
 
     if (zip_fread(ptr->apk_file, reinterpret_cast<void *>(body.get()), stat.size) == -1 ||

diff --git a/platform/default/http_request_baton_curl.cpp b/platform/default/http_request_baton_curl.cpp
@@ -6,6 +6,9 @@
 
 #ifdef __ANDROID__
     #include <mbgl/android/jni.hpp>
+    #include <zip.h>
+    #include <boost/make_unique.hpp>
+    #include <openssl/ssl.h>
 #endif
 
 #include <uv.h>
@@ -408,6 +411,103 @@ size_t curl_header_cb(char * const buffer, const size_t size, const size_t nmemb
     return length;
 }
 
+// This function is called to load the CA bundle
+// from http://curl.haxx.se/libcurl/c/cacertinmem.html
+#ifdef __ANDROID__
+static CURLcode sslctx_function(CURL */*curl*/, void *sslctx, void */*parm*/) {
+
+    int error = 0;
+    struct zip *apk = zip_open(mbgl::android::apk_path.c_str(), 0, &error);
+    if (apk == nullptr) {
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    struct zip_file *apk_file = zip_fopen(apk, "assets/ca-bundle.crt", ZIP_FL_NOCASE);
+    if (apk_file == nullptr) {
+        zip_close(apk);
+        apk = nullptr;
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    struct zip_stat stat;
+    if (zip_stat(apk, "assets/ca-bundle.crt", ZIP_FL_NOCASE, &stat) != 0) {
+        zip_fclose(apk_file);
+        apk_file = nullptr;
+        zip_close(apk);
+        apk = nullptr;
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    if (stat.size > std::numeric_limits<int>::max()) {
+        zip_fclose(apk_file);
+        apk_file = nullptr;
+        zip_close(apk);
+        apk = nullptr;
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    const std::unique_ptr<char[]> pem = boost::make_unique<char[]>(stat.size);
+
+    if (zip_fread(apk_file, reinterpret_cast<void *>(pem.get()), stat.size) == -1) {
+        zip_fclose(apk_file);
+        apk_file = nullptr;
+        zip_close(apk);
+        apk = nullptr;
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    // get a pointer to the X509 certificate store (which may be empty!)
+    X509_STORE *store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
+    if (store == nullptr) {
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    // get a BIO
+    BIO *bio = BIO_new_mem_buf(pem.get(), static_cast<int>(stat.size));
+    if (bio == nullptr) {
+        store = nullptr;
+        return CURLE_SSL_CACERT_BADFILE;
+    }
+
+    // use it to read the PEM formatted certificate from memory into an X509
+    // structure that SSL can use
+    X509 *cert = nullptr;
+    while (PEM_read_bio_X509(bio, &cert, 0, nullptr) != nullptr) {
+        if (cert == nullptr) {
+            BIO_free(bio);
+            bio = nullptr;
+            store = nullptr;
+            return CURLE_SSL_CACERT_BADFILE;
+        }
+
+        // add our certificate to this store
+        if (X509_STORE_add_cert(store, cert) == 0) {
+            X509_free(cert);
+            cert = nullptr;
+            BIO_free(bio);
+            bio = nullptr;
+            store = nullptr;
+            return CURLE_SSL_CACERT_BADFILE;
+        }
+
+        X509_free(cert);
+        cert = nullptr;
+    }
+
+    // decrease reference counts
+    BIO_free(bio);
+    bio = nullptr;
+
+    zip_fclose(apk_file);
+    apk_file = nullptr;
+    zip_close(apk);
+    apk = nullptr;
+
+    // all set to go
+    return CURLE_OK;
+}
+#endif
+
 // This function must run in the CURL thread.
 void start_request(void *const ptr) {
     assert(uv_thread_self() == thread_id);
@@ -437,15 +537,14 @@ void start_request(void *const ptr) {
         context->baton->response = std::unique_ptr<Response>(new Response());
     }
 
+    // Carry on the shared pointer in the private information of the CURL handle.
+    curl_easy_setopt(context->handle, CURLOPT_PRIVATE, context);
 #ifndef __ANDROID__
-    std::string ca_path = "ca-bundle.crt";
+    curl_easy_setopt(context->handle, CURLOPT_CAINFO, "ca-bundle.crt")
 #else
-    std::string ca_path = mbgl::android::data_path + "/ca-bundle.crt";
+    curl_easy_setopt(context->handle, CURLOPT_SSLCERTTYPE, "PEM");
+    curl_easy_setopt(context->handle, CURLOPT_SSL_CTX_FUNCTION, sslctx_function);
 #endif
-
-    // Carry on the shared pointer in the private information of the CURL handle.
-    curl_easy_setopt(context->handle, CURLOPT_PRIVATE, context);
-    curl_easy_setopt(context->handle, CURLOPT_CAINFO, ca_path.c_str());
     curl_easy_setopt(context->handle, CURLOPT_FOLLOWLOCATION, 1);
     curl_easy_setopt(context->handle, CURLOPT_URL, context->baton->path.c_str());
     curl_easy_setopt(context->handle, CURLOPT_WRITEFUNCTION, curl_write_cb);