summaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/bitmask/autostart.go32
-rw-r--r--pkg/bitmask/bitmask.go30
-rw-r--r--pkg/bitmask/bitmaskd.go44
-rw-r--r--pkg/bitmask/standalone.go74
-rw-r--r--pkg/bitmaskd/events.go50
-rw-r--r--pkg/bitmaskd/main.go163
-rw-r--r--pkg/bitmaskd/vpn.go98
-rw-r--r--pkg/config/darwin.go24
-rw-r--r--pkg/config/logger.go31
-rw-r--r--pkg/config/unix.go24
-rw-r--r--pkg/config/windows.go22
-rw-r--r--pkg/standalone/bonafide.go311
-rw-r--r--pkg/standalone/bonafide_integration_test.go58
-rw-r--r--pkg/standalone/bonafide_test.go100
-rw-r--r--pkg/standalone/launcher.go97
-rw-r--r--pkg/standalone/launcher_linux.go139
-rw-r--r--pkg/standalone/main.go80
-rw-r--r--pkg/standalone/status.go91
-rw-r--r--pkg/standalone/testdata/cert54
-rw-r--r--pkg/standalone/testdata/eip-service.json113
-rw-r--r--pkg/standalone/vpn.go156
-rw-r--r--pkg/systray/config.go97
-rw-r--r--pkg/systray/notificator.go164
-rw-r--r--pkg/systray/pid.go99
-rw-r--r--pkg/systray/pid_test.go21
-rw-r--r--pkg/systray/run.go103
-rw-r--r--pkg/systray/signal_unix.go34
-rw-r--r--pkg/systray/signal_windows.go24
-rw-r--r--pkg/systray/systray.go257
29 files changed, 2590 insertions, 0 deletions
diff --git a/pkg/bitmask/autostart.go b/pkg/bitmask/autostart.go
new file mode 100644
index 0000000..ebab428
--- /dev/null
+++ b/pkg/bitmask/autostart.go
@@ -0,0 +1,32 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmask
+
+// Autostart holds the functions to enable and disable the application autostart
+type Autostart interface {
+ Disable() error
+ Enable() error
+}
+
+type dummyAutostart struct{}
+
+func (a *dummyAutostart) Disable() error {
+ return nil
+}
+
+func (a *dummyAutostart) Enable() error {
+ return nil
+}
diff --git a/pkg/bitmask/bitmask.go b/pkg/bitmask/bitmask.go
new file mode 100644
index 0000000..a7aabaa
--- /dev/null
+++ b/pkg/bitmask/bitmask.go
@@ -0,0 +1,30 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmask
+
+type Bitmask interface {
+ GetStatusCh() <-chan string
+ Close()
+ Version() (string, error)
+ StartVPN(provider string) error
+ StopVPN() error
+ ReloadFirewall() error
+ GetStatus() (string, error)
+ InstallHelpers() error
+ VPNCheck() (helpers bool, priviledge bool, err error)
+ ListGateways(provider string) ([]string, error)
+ UseGateway(name string) error
+}
diff --git a/pkg/bitmask/bitmaskd.go b/pkg/bitmask/bitmaskd.go
new file mode 100644
index 0000000..ad4da31
--- /dev/null
+++ b/pkg/bitmask/bitmaskd.go
@@ -0,0 +1,44 @@
+// +build bitmaskd
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmask
+
+import (
+ "errors"
+ "log"
+
+ "0xacab.org/leap/bitmask-systray/pkg/bitmaskd"
+ "golang.org/x/text/message"
+)
+
+const (
+ notRunning = `Is bitmaskd running? Start bitmask and try again.`
+)
+
+// Init bitmask
+func Init(printer *message.Printer) (Bitmask, error) {
+ b, err := bitmaskd.Init()
+ if err != nil {
+ log.Printf("An error ocurred starting bitmaskd: %v", err)
+ err = errors.New(printer.Sprintf(notRunning))
+ }
+ return b, err
+}
+
+// NewAutostart creates a handler for the autostart of your platform
+func NewAutostart(appName string, iconPath string) Autostart {
+ return &dummyAutostart{}
+}
diff --git a/pkg/bitmask/standalone.go b/pkg/bitmask/standalone.go
new file mode 100644
index 0000000..f3f7602
--- /dev/null
+++ b/pkg/bitmask/standalone.go
@@ -0,0 +1,74 @@
+// +build !bitmaskd
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmask
+
+import (
+ "errors"
+ "fmt"
+ "log"
+ "os"
+ "path/filepath"
+ "regexp"
+
+ "0xacab.org/leap/bitmask-systray/pkg/standalone"
+ pmautostart "github.com/ProtonMail/go-autostart"
+ "golang.org/x/text/message"
+)
+
+const (
+ errorMsg = `An error has ocurred initializing the VPN: %v`
+)
+
+// Init bitmask
+func Init(printer *message.Printer) (Bitmask, error) {
+ b, err := standalone.Init()
+ if err != nil {
+ log.Printf("An error ocurred starting standalone bitmask: %v", err)
+ err = errors.New(printer.Sprintf(errorMsg, err))
+ }
+ return b, err
+}
+
+// NewAutostart creates a handler for the autostart of your platform
+func NewAutostart(appName string, iconPath string) Autostart {
+ exec := os.Args
+ if os.Getenv("SNAP") != "" {
+ re := regexp.MustCompile("/snap/([^/]*)/")
+ match := re.FindStringSubmatch(os.Args[0])
+ if len(match) > 1 {
+ snapName := match[1]
+ exec = []string{fmt.Sprintf("/snap/bin/%s.launcher", snapName)}
+ } else {
+ log.Printf("Snap binary has unknown path: %v", os.Args[0])
+ }
+ }
+
+ if exec[0][:2] == "./" || exec[0][:2] == ".\\" {
+ var err error
+ exec[0], err = filepath.Abs(exec[0])
+ if err != nil {
+ log.Printf("Error making the path absolute directory: %v", err)
+ }
+ }
+
+ return &pmautostart.App{
+ Name: appName,
+ Exec: exec,
+ DisplayName: appName,
+ Icon: iconPath,
+ }
+}
diff --git a/pkg/bitmaskd/events.go b/pkg/bitmaskd/events.go
new file mode 100644
index 0000000..3c8bb2c
--- /dev/null
+++ b/pkg/bitmaskd/events.go
@@ -0,0 +1,50 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmaskd
+
+import (
+ "log"
+ "net/http"
+)
+
+const (
+ statusEvent = "VPN_STATUS_CHANGED"
+)
+
+func (b *Bitmask) eventsHandler() {
+ b.send("events", "register", statusEvent)
+ client := &http.Client{
+ Timeout: 0,
+ }
+ for {
+ resJSON, err := send(b.apiToken, client, "events", "poll")
+ res, ok := resJSON.([]interface{})
+ if err != nil || !ok || len(res) < 1 {
+ continue
+ }
+ event, ok := res[0].(string)
+ if !ok || event != statusEvent {
+ continue
+ }
+
+ status, err := b.GetStatus()
+ if err != nil {
+ log.Printf("Error receiving status: %v", err)
+ continue
+ }
+ b.statusCh <- status
+ }
+}
diff --git a/pkg/bitmaskd/main.go b/pkg/bitmaskd/main.go
new file mode 100644
index 0000000..f2ca650
--- /dev/null
+++ b/pkg/bitmaskd/main.go
@@ -0,0 +1,163 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmaskd
+
+import (
+ "bytes"
+ "encoding/json"
+ "errors"
+ "io/ioutil"
+ "log"
+ "net/http"
+ "path"
+ "time"
+
+ "0xacab.org/leap/bitmask-systray/pkg/config"
+)
+
+const (
+ timeout = time.Second * 15
+ url = "http://localhost:7070/API/"
+ headerAuth = "X-Bitmask-Auth"
+)
+
+// Bitmask holds the bitmask client data
+type Bitmask struct {
+ client *http.Client
+ apiToken string
+ statusCh chan string
+}
+
+// Init the connection to bitmask
+func Init() (*Bitmask, error) {
+ statusCh := make(chan string)
+ client := &http.Client{
+ Timeout: timeout,
+ }
+
+ err := waitForBitmaskd()
+ if err != nil {
+ return nil, err
+ }
+
+ apiToken, err := getToken()
+ if err != nil {
+ return nil, err
+ }
+
+ b := Bitmask{client, apiToken, statusCh}
+ go b.eventsHandler()
+ return &b, nil
+}
+
+// GetStatusCh returns a channel that will recieve VPN status changes
+func (b *Bitmask) GetStatusCh() <-chan string {
+ return b.statusCh
+}
+
+// Close the connection to bitmask
+func (b *Bitmask) Close() {
+ _, err := b.send("core", "stop")
+ if err != nil {
+ log.Printf("Got an error stopping bitmaskd: %v", err)
+ }
+}
+
+// Version gets the bitmask version string
+func (b *Bitmask) Version() (string, error) {
+ res, err := b.send("core", "version")
+ if err != nil {
+ return "", err
+ }
+ return res["version_core"].(string), nil
+}
+
+func waitForBitmaskd() error {
+ var err error
+ for i := 0; i < 30; i++ {
+ resp, err := http.Post(url, "", nil)
+ if err == nil {
+ resp.Body.Close()
+ return nil
+ }
+ log.Printf("Bitmask is not ready (iteration %d): %v", i, err)
+ time.Sleep(1 * time.Second)
+ }
+ return err
+}
+
+func (b *Bitmask) send(parts ...interface{}) (map[string]interface{}, error) {
+ resJSON, err := send(b.apiToken, b.client, parts...)
+ if err != nil {
+ return nil, err
+ }
+ result, ok := resJSON.(map[string]interface{})
+ if !ok {
+ return nil, errors.New("Not valid response")
+ }
+ return result, nil
+}
+
+func send(apiToken string, client *http.Client, parts ...interface{}) (interface{}, error) {
+ apiSection, _ := parts[0].(string)
+ reqBody, err := json.Marshal(parts[1:])
+ if err != nil {
+ return nil, err
+ }
+ req, err := http.NewRequest("POST", url+apiSection, bytes.NewReader(reqBody))
+ if err != nil {
+ return nil, err
+ }
+ req.Header.Add(headerAuth, apiToken)
+
+ resp, err := client.Do(req)
+ if err != nil {
+ return nil, err
+ }
+ defer resp.Body.Close()
+
+ resJSON, err := ioutil.ReadAll(resp.Body)
+ if err != nil {
+ return nil, err
+ }
+ return parseResponse(resJSON)
+}
+
+func parseResponse(resJSON []byte) (interface{}, error) {
+ var response struct {
+ Result interface{}
+ Error string
+ }
+ err := json.Unmarshal(resJSON, &response)
+ if response.Error != "" {
+ return nil, errors.New(response.Error)
+ }
+ return response.Result, err
+}
+
+func getToken() (string, error) {
+ var err error
+ path := path.Join(config.Path, "authtoken")
+ for i := 0; i < 30; i++ {
+ b, err := ioutil.ReadFile(path)
+ if err == nil {
+ return string(b), nil
+ }
+ log.Printf("Auth token is not ready (iteration %d): %v", i, err)
+ time.Sleep(1 * time.Second)
+ }
+ return "", err
+}
diff --git a/pkg/bitmaskd/vpn.go b/pkg/bitmaskd/vpn.go
new file mode 100644
index 0000000..48ce7dd
--- /dev/null
+++ b/pkg/bitmaskd/vpn.go
@@ -0,0 +1,98 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package bitmaskd
+
+import (
+ "errors"
+ "log"
+)
+
+// StartVPN for provider
+func (b *Bitmask) StartVPN(provider string) error {
+ _, err := b.send("vpn", "start", provider)
+ return err
+}
+
+// StopVPN or cancel
+func (b *Bitmask) StopVPN() error {
+ _, err := b.send("vpn", "stop")
+ return err
+}
+
+// ReloadFirewall restarts the firewall
+func (b *Bitmask) ReloadFirewall() error {
+ _, err := b.send("vpn", "fw_reload")
+ return err
+}
+
+// GetStatus returns the VPN status
+func (b *Bitmask) GetStatus() (string, error) {
+ res, err := b.send("vpn", "status")
+ if err != nil {
+ return "", err
+ }
+ return res["status"].(string), nil
+}
+
+// InstallHelpers into the system
+func (b *Bitmask) InstallHelpers() error {
+ _, err := b.send("vpn", "install")
+ return err
+}
+
+// VPNCheck returns if the helpers are installed and up to date and if polkit is running
+func (b *Bitmask) VPNCheck() (helpers bool, priviledge bool, err error) {
+ res, err := b.send("vpn", "check", "")
+ if err != nil {
+ return false, false, err
+ }
+ installed, ok := res["installed"].(bool)
+ if !ok {
+ log.Printf("Unexpected value for installed on 'vpn check': %v", res)
+ return false, false, errors.New("Invalid response format")
+ }
+ privcheck, ok := res["privcheck"].(bool)
+ if !ok {
+ log.Printf("Unexpected value for privcheck on 'vpn check': %v", res)
+ return installed, false, errors.New("Invalid response format")
+ }
+ return installed, privcheck, nil
+}
+
+// ListGateways return the names of the gateways
+func (b *Bitmask) ListGateways(provider string) ([]string, error) {
+ res, err := b.send("vpn", "list")
+ if err != nil {
+ return nil, err
+ }
+
+ names := []string{}
+ locations, ok := res[provider].([]interface{})
+ if !ok {
+ return nil, errors.New("Can't read the locations for provider " + provider)
+ }
+ for i := range locations {
+ loc := locations[i].(map[string]interface{})
+ names = append(names, loc["name"].(string))
+ }
+ return names, nil
+}
+
+// UseGateway selects name as the default gateway
+func (b *Bitmask) UseGateway(name string) error {
+ _, err := b.send("vpn", "locations", name)
+ return err
+}
diff --git a/pkg/config/darwin.go b/pkg/config/darwin.go
new file mode 100644
index 0000000..123060c
--- /dev/null
+++ b/pkg/config/darwin.go
@@ -0,0 +1,24 @@
+// +build darwin
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+ "os"
+)
+
+// Path for the config files
+var Path = os.Getenv("HOME") + "/Library/Preferences/leap"
diff --git a/pkg/config/logger.go b/pkg/config/logger.go
new file mode 100644
index 0000000..09d96b7
--- /dev/null
+++ b/pkg/config/logger.go
@@ -0,0 +1,31 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+ "io"
+ "log"
+ "os"
+)
+
+//ConfigureLogger to write logs into a file as well as the stderr
+func ConfigureLogger(logPath string) (io.Closer, error) {
+ logFile, err := os.OpenFile(logPath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
+ if err == nil {
+ log.SetOutput(io.MultiWriter(logFile, os.Stderr))
+ }
+ return logFile, err
+}
diff --git a/pkg/config/unix.go b/pkg/config/unix.go
new file mode 100644
index 0000000..7425f5b
--- /dev/null
+++ b/pkg/config/unix.go
@@ -0,0 +1,24 @@
+// +build !windows,!darwin
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import (
+ "os"
+)
+
+// Path for the config files
+var Path = os.Getenv("HOME") + "/.config/leap"
diff --git a/pkg/config/windows.go b/pkg/config/windows.go
new file mode 100644
index 0000000..8977842
--- /dev/null
+++ b/pkg/config/windows.go
@@ -0,0 +1,22 @@
+// +build windows
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package config
+
+import "os"
+
+// Path for the config files
+var Path = os.Getenv("LOCALAPPDATA") + "\\leap"
diff --git a/pkg/standalone/bonafide.go b/pkg/standalone/bonafide.go
new file mode 100644
index 0000000..c4d588e
--- /dev/null
+++ b/pkg/standalone/bonafide.go
@@ -0,0 +1,311 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "crypto/tls"
+ "crypto/x509"
+ "encoding/json"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "log"
+ "math/rand"
+ "net/http"
+ "sort"
+ "strconv"
+ "strings"
+ "time"
+)
+
+const (
+ certAPI = "https://api.black.riseup.net/1/cert"
+ eipAPI = "https://api.black.riseup.net/1/config/eip-service.json"
+ geolocationAPI = "https://api.black.riseup.net:9001/json"
+ secondsPerHour = 60 * 60
+)
+
+var (
+ caCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBZMRgwFgYDVQQKDA9SaXNl
+dXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UE
+AwwXUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EwHhcNMTQwNDI4MDAwMDAwWhcNMjQw
+NDI4MDAwMDAwWjBZMRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsM
+Emh0dHBzOi8vcmlzZXVwLm5ldDEgMB4GA1UEAwwXUmlzZXVwIE5ldHdvcmtzIFJv
+b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC76J4ciMJ8Sg0m
+TP7DF2DT9zNe0Csk4myoMFC57rfJeqsAlJCv1XMzBmXrw8wq/9z7XHv6n/0sWU7a
+7cF2hLR33ktjwODlx7vorU39/lXLndo492ZBhXQtG1INMShyv+nlmzO6GT7ESfNE
+LliFitEzwIegpMqxCIHXFuobGSCWF4N0qLHkq/SYUMoOJ96O3hmPSl1kFDRMtWXY
+iw1SEKjUvpyDJpVs3NGxeLCaA7bAWhDY5s5Yb2fA1o8ICAqhowurowJpW7n5ZuLK
+5VNTlNy6nZpkjt1QycYvNycffyPOFm/Q/RKDlvnorJIrihPkyniV3YY5cGgP+Qkx
+HUOT0uLA6LHtzfiyaOqkXwc4b0ZcQD5Vbf6Prd20Ppt6ei0zazkUPwxld3hgyw58
+m/4UIjG3PInWTNf293GngK2Bnz8Qx9e/6TueMSAn/3JBLem56E0WtmbLVjvko+LF
+PM5xA+m0BmuSJtrD1MUCXMhqYTtiOvgLBlUm5zkNxALzG+cXB28k6XikXt6MRG7q
+hzIPG38zwkooM55yy5i1YfcIi5NjMH6A+t4IJxxwb67MSb6UFOwg5kFokdONZcwj
+shczHdG9gLKSBIvrKa03Nd3W2dF9hMbRu//STcQxOailDBQCnXXfAATj9pYzdY4k
+ha8VCAREGAKTDAex9oXf1yRuktES4QIDAQABo2AwXjAdBgNVHQ4EFgQUC4tdmLVu
+f9hwfK4AGliaet5KkcgwDgYDVR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYD
+VR0jBBgwFoAUC4tdmLVuf9hwfK4AGliaet5KkcgwDQYJKoZIhvcNAQENBQADggIB
+AGzL+GRnYu99zFoy0bXJKOGCF5XUXP/3gIXPRDqQf5g7Cu/jYMID9dB3No4Zmf7v
+qHjiSXiS8jx1j/6/Luk6PpFbT7QYm4QLs1f4BlfZOti2KE8r7KRDPIecUsUXW6P/
+3GJAVYH/+7OjA39za9AieM7+H5BELGccGrM5wfl7JeEz8in+V2ZWDzHQO4hMkiTQ
+4ZckuaL201F68YpiItBNnJ9N5nHr1MRiGyApHmLXY/wvlrOpclh95qn+lG6/2jk7
+3AmihLOKYMlPwPakJg4PYczm3icFLgTpjV5sq2md9bRyAg3oPGfAuWHmKj2Ikqch
+Td5CHKGxEEWbGUWEMP0s1A/JHWiCbDigc4Cfxhy56CWG4q0tYtnc2GMw8OAUO6Wf
+Xu5pYKNkzKSEtT/MrNJt44tTZWbKV/Pi/N2Fx36my7TgTUj7g3xcE9eF4JV2H/sg
+tsK3pwE0FEqGnT4qMFbixQmc8bGyuakr23wjMvfO7eZUxBuWYR2SkcP26sozF9PF
+tGhbZHQVGZUTVPyvwahMUEhbPGVerOW0IYpxkm0x/eaWdTc4vPpf/rIlgbAjarnJ
+UN9SaWRlWKSdP4haujnzCoJbM7dU9bjvlGZNyXEekgeT0W2qFeGGp+yyUWw8tNsp
+0BuC1b7uW/bBn/xKm319wXVDvBgZgcktMolak39V7DVO
+-----END CERTIFICATE-----`)
+)
+
+type bonafide struct {
+ client httpClient
+ tzOffsetHours int
+ eip *eipService
+ defaultGateway string
+}
+
+type httpClient interface {
+ Post(url, contentType string, body io.Reader) (resp *http.Response, err error)
+}
+
+type eipService struct {
+ Gateways []gateway
+ Locations map[string]struct {
+ CountryCode string
+ Hemisphere string
+ Name string
+ Timezone string
+ }
+ OpenvpnConfiguration map[string]interface{} `json:"openvpn_configuration"`
+}
+
+type gateway struct {
+ Capabilities struct {
+ Ports []string
+ Protocols []string
+ }
+ Host string
+ IPAddress string `json:"ip_address"`
+ Location string
+}
+
+type gatewayDistance struct {
+ gateway gateway
+ distance int
+}
+
+type geoLocation struct {
+ IPAddress string `json:"ip"`
+ Country string `json:"cc"`
+ City string `json:"city"`
+ Latitude float64 `json:"lat"`
+ Longitude float64 `json:"lon"`
+ SortedGateways []string `json:"gateways"`
+}
+
+func newBonafide() *bonafide {
+ certs := x509.NewCertPool()
+ certs.AppendCertsFromPEM(caCert)
+ client := &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: certs,
+ },
+ },
+ }
+ _, tzOffsetSeconds := time.Now().Zone()
+ tzOffsetHours := tzOffsetSeconds / secondsPerHour
+
+ return &bonafide{
+ client: client,
+ tzOffsetHours: tzOffsetHours,
+ eip: nil,
+ defaultGateway: "",
+ }
+}
+
+func (b *bonafide) getCertPem() ([]byte, error) {
+ resp, err := b.client.Post(certAPI, "", nil)
+ if err != nil {
+ return nil, err
+ }
+ defer resp.Body.Close()
+ if resp.StatusCode != 200 {
+ return nil, fmt.Errorf("get vpn cert has failed with status: %s", resp.Status)
+ }
+
+ return ioutil.ReadAll(resp.Body)
+}
+
+func (b *bonafide) getGateways() ([]gateway, error) {
+ if b.eip == nil {
+ err := b.fetchEipJSON()
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ return b.eip.Gateways, nil
+}
+
+func (b *bonafide) setDefaultGateway(name string) {
+ b.defaultGateway = name
+ b.sortGateways()
+}
+
+func (b *bonafide) getOpenvpnArgs() ([]string, error) {
+ if b.eip == nil {
+ err := b.fetchEipJSON()
+ if err != nil {
+ return nil, err
+ }
+ }
+
+ args := []string{}
+ for arg, value := range b.eip.OpenvpnConfiguration {
+ switch v := value.(type) {
+ case string:
+ args = append(args, "--"+arg)
+ args = append(args, strings.Split(v, " ")...)
+ case bool:
+ if v {
+ args = append(args, "--"+arg)
+ }
+ default:
+ log.Printf("Unknown openvpn argument type: %s - %v", arg, value)
+ }
+ }
+ return args, nil
+}
+
+func (b *bonafide) fetchGeolocation() ([]string, error) {
+ resp, err := b.client.Post(geolocationAPI, "", nil)
+ if err != nil {
+ return nil, err
+ }
+ defer resp.Body.Close()
+ if resp.StatusCode != 200 {
+ return nil, fmt.Errorf("get geolocation failed with status: %s", resp.Status)
+ }
+
+ geo := &geoLocation{}
+ dataJSON, err := ioutil.ReadAll(resp.Body)
+ err = json.Unmarshal(dataJSON, &geo)
+ if err != nil {
+ _ = fmt.Errorf("get vpn cert has failed with status: %s", resp.Status)
+ return nil, err
+ }
+
+ return geo.SortedGateways, nil
+
+}
+
+func (b *bonafide) fetchEipJSON() error {
+ resp, err := b.client.Post(eipAPI, "", nil)
+ if err != nil {
+ return err
+ }
+ defer resp.Body.Close()
+ if resp.StatusCode != 200 {
+ return fmt.Errorf("get eip json has failed with status: %s", resp.Status)
+ }
+
+ var eip eipService
+ decoder := json.NewDecoder(resp.Body)
+ err = decoder.Decode(&eip)
+ if err != nil {
+ return err
+ }
+
+ b.eip = &eip
+ b.sortGateways()
+ return nil
+}
+
+func (b *bonafide) sortGatewaysByGeolocation(geolocatedGateways []string) []gatewayDistance {
+ gws := []gatewayDistance{}
+
+ for i, host := range geolocatedGateways {
+ for _, gw := range b.eip.Gateways {
+ if gw.Host == host {
+ gws = append(gws, gatewayDistance{gw, i})
+ }
+ }
+ }
+ return gws
+}
+
+func (b *bonafide) sortGatewaysByTimezone() []gatewayDistance {
+ gws := []gatewayDistance{}
+
+ for _, gw := range b.eip.Gateways {
+ distance := 13
+ if gw.Location == b.defaultGateway {
+ distance = -1
+ } else {
+ gwOffset, err := strconv.Atoi(b.eip.Locations[gw.Location].Timezone)
+ if err != nil {
+ log.Printf("Error sorting gateways: %v", err)
+ } else {
+ distance = tzDistance(b.tzOffsetHours, gwOffset)
+ }
+ }
+ gws = append(gws, gatewayDistance{gw, distance})
+ }
+ rand.Seed(time.Now().UnixNano())
+ cmp := func(i, j int) bool {
+ if gws[i].distance == gws[j].distance {
+ return rand.Intn(2) == 1
+ }
+ return gws[i].distance < gws[j].distance
+ }
+ sort.Slice(gws, cmp)
+ return gws
+}
+
+func (b *bonafide) sortGateways() {
+ gws := []gatewayDistance{}
+
+ geolocatedGateways, _ := b.fetchGeolocation()
+
+ if len(geolocatedGateways) > 0 {
+ gws = b.sortGatewaysByGeolocation(geolocatedGateways)
+ } else {
+ log.Printf("Falling back to timezone heuristic for gateway selection")
+ gws = b.sortGatewaysByTimezone()
+ }
+
+ for i, gw := range gws {
+ b.eip.Gateways[i] = gw.gateway
+ }
+}
+
+func tzDistance(offset1, offset2 int) int {
+ abs := func(x int) int {
+ if x < 0 {
+ return -x
+ }
+ return x
+ }
+ distance := abs(offset1 - offset2)
+ if distance > 12 {
+ distance = 24 - distance
+ }
+ return distance
+}
diff --git a/pkg/standalone/bonafide_integration_test.go b/pkg/standalone/bonafide_integration_test.go
new file mode 100644
index 0000000..5beb8aa
--- /dev/null
+++ b/pkg/standalone/bonafide_integration_test.go
@@ -0,0 +1,58 @@
+// +build integration
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "bytes"
+ "testing"
+)
+
+var (
+ privateKeyHeader = []byte("-----BEGIN RSA PRIVATE KEY-----")
+ certHeader = []byte("-----BEGIN CERTIFICATE-----")
+)
+
+func TestIntegrationGetCert(t *testing.T) {
+ b := newBonafide()
+ cert, err := b.getCertPem()
+ if err != nil {
+ t.Fatal("getCert returned an error: ", err)
+ }
+
+ if !bytes.Contains(cert, privateKeyHeader) {
+ t.Errorf("No private key present: \n%q", cert)
+ }
+
+ if !bytes.Contains(cert, certHeader) {
+ t.Errorf("No cert present: \n%q", cert)
+ }
+}
+
+func TestGetGateways(t *testing.T) {
+ b := newBonafide()
+ gateways, err := b.getGateways()
+ if err != nil {
+ t.Fatal("getGateways returned an error: ", err)
+ }
+
+ for _, gw := range gateways {
+ if gw.IPAddress == "5.79.86.180" {
+ return
+ }
+ }
+ t.Errorf("5.79.86.180 not in the list")
+}
diff --git a/pkg/standalone/bonafide_test.go b/pkg/standalone/bonafide_test.go
new file mode 100644
index 0000000..7bfcaa0
--- /dev/null
+++ b/pkg/standalone/bonafide_test.go
@@ -0,0 +1,100 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "io"
+ "io/ioutil"
+ "net/http"
+ "os"
+ "reflect"
+ "testing"
+)
+
+const (
+ certPath = "testdata/cert"
+ eipPath = "testdata/eip-service.json"
+)
+
+type client struct {
+ path string
+}
+
+func (c client) Post(url, contentType string, body io.Reader) (resp *http.Response, err error) {
+ f, err := os.Open(c.path)
+ return &http.Response{
+ Body: f,
+ StatusCode: 200,
+ }, err
+}
+
+func TestGetCert(t *testing.T) {
+ b := bonafide{client: client{certPath}}
+ cert, err := b.getCertPem()
+ if err != nil {
+ t.Fatal("getCert returned an error: ", err)
+ }
+
+ f, err := os.Open(certPath)
+ if err != nil {
+ t.Fatal("Can't open ", certPath, ": ", err)
+ }
+ defer f.Close()
+
+ certData, err := ioutil.ReadAll(f)
+ if err != nil {
+ t.Fatal("Can't read all: ", err)
+ }
+ if !reflect.DeepEqual(certData, cert) {
+ t.Errorf("cert doesn't match")
+ }
+}
+
+func TestGatewayTzLocation(t *testing.T) {
+ // tzOffset -> location
+ values := map[int]string{
+ -12: "c",
+ -10: "a",
+ -5: "a",
+ -3: "a",
+ -1: "b",
+ 0: "b",
+ 2: "b",
+ 5: "c",
+ 8: "c",
+ 12: "c",
+ }
+
+ for tzOffset, location := range values {
+ b := bonafide{
+ client: client{eipPath},
+ tzOffsetHours: tzOffset,
+ }
+ gateways, err := b.getGateways()
+ if err != nil {
+ t.Errorf("getGateways returned an error: %v", err)
+ continue
+ }
+ if len(gateways) < 4 {
+ t.Errorf("Wrong number of gateways: %d", len(gateways))
+ continue
+
+ }
+ if gateways[0].Location != location {
+ t.Errorf("Wrong location for tz %d: %s, expected: %s", tzOffset, gateways[0].Location, location)
+ }
+ }
+}
diff --git a/pkg/standalone/launcher.go b/pkg/standalone/launcher.go
new file mode 100644
index 0000000..4dc4761
--- /dev/null
+++ b/pkg/standalone/launcher.go
@@ -0,0 +1,97 @@
+// +build !linux
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "io"
+ "io/ioutil"
+ "net/http"
+)
+
+const (
+ helperAddr = "http://localhost:7171"
+)
+
+type launcher struct {
+}
+
+func newLauncher() (*launcher, error) {
+ return &launcher{}, nil
+}
+
+func (l *launcher) close() error {
+ return nil
+}
+
+func (l *launcher) openvpnStart(flags ...string) error {
+ byteFlags, err := json.Marshal(flags)
+ if err != nil {
+ return err
+ }
+ return l.send("/openvpn/start", byteFlags)
+}
+
+func (l *launcher) openvpnStop() error {
+ return l.send("/openvpn/stop", nil)
+}
+
+func (l *launcher) firewallStart(gateways []gateway) error {
+ ipList := make([]string, len(gateways))
+ for i, gw := range gateways {
+ ipList[i] = gw.IPAddress
+ }
+ byteIPs, err := json.Marshal(ipList)
+ if err != nil {
+ return err
+ }
+ return l.send("/firewall/start", byteIPs)
+}
+
+func (l *launcher) firewallStop() error {
+ return l.send("/firewall/stop", nil)
+}
+
+func (l *launcher) firewallIsUp() bool {
+ res, err := http.Post(helperAddr+"/firewall/isup", "", nil)
+ if err != nil {
+ return false
+ }
+ defer res.Body.Close()
+
+ return res.StatusCode == http.StatusOK
+}
+
+func (l *launcher) send(path string, body []byte) error {
+ var reader io.Reader
+ if body != nil {
+ reader = bytes.NewReader(body)
+ }
+ res, err := http.Post(helperAddr+path, "", reader)
+ if err != nil {
+ return err
+ }
+ defer res.Body.Close()
+
+ resErr, err := ioutil.ReadAll(res.Body)
+ if len(resErr) > 0 {
+ return fmt.Errorf("Helper returned an error: %q", resErr)
+ }
+ return err
+}
diff --git a/pkg/standalone/launcher_linux.go b/pkg/standalone/launcher_linux.go
new file mode 100644
index 0000000..672eb1f
--- /dev/null
+++ b/pkg/standalone/launcher_linux.go
@@ -0,0 +1,139 @@
+// +build linux
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "errors"
+ "log"
+ "os"
+ "os/exec"
+)
+
+const (
+ systemOpenvpnPath = "/usr/sbin/openvpn"
+ snapOpenvpnPath = "/snap/bin/riseup-vpn.openvpn"
+)
+
+var bitmaskRootPaths = []string{
+ "/usr/sbin/bitmask-root",
+ "/usr/local/sbin/bitmask-root",
+}
+
+type launcher struct {
+ openvpnCh chan []string
+}
+
+func newLauncher() (*launcher, error) {
+ l := launcher{make(chan []string, 1)}
+ go l.openvpnRunner()
+ return &l, nil
+}
+
+func (l *launcher) close() error {
+ return nil
+}
+
+func (l *launcher) openvpnStart(flags ...string) error {
+ log.Println("openvpn start: ", flags)
+ arg := []string{"openvpn", "start", getOpenvpnPath()}
+ arg = append(arg, flags...)
+ l.openvpnCh <- arg
+ return nil
+}
+
+func (l *launcher) openvpnStop() error {
+ l.openvpnCh <- nil
+ log.Println("openvpn stop")
+ return runBitmaskRoot("openvpn", "stop")
+}
+
+func (l *launcher) firewallStart(gateways []gateway) error {
+ log.Println("firewall start")
+ arg := []string{"firewall", "start"}
+ for _, gw := range gateways {
+ arg = append(arg, gw.IPAddress)
+ }
+ return runBitmaskRoot(arg...)
+}
+
+func (l *launcher) firewallStop() error {
+ log.Println("firewall stop")
+ return runBitmaskRoot("firewall", "stop")
+}
+
+func (l *launcher) firewallIsUp() bool {
+ err := runBitmaskRoot("firewall", "isup")
+ return err == nil
+}
+
+func (l *launcher) openvpnRunner(arg ...string) {
+ running := false
+ runOpenvpn := func(arg []string) {
+ for running {
+ err := runBitmaskRoot(arg...)
+ if err != nil {
+ log.Printf("An error ocurred running openvpn: %v", err)
+ }
+ }
+ }
+
+ for arg := range l.openvpnCh {
+ if arg == nil {
+ running = false
+ } else {
+ running = true
+ go runOpenvpn(arg)
+ }
+ }
+}
+
+func runBitmaskRoot(arg ...string) error {
+ bitmaskRoot, err := bitmaskRootPath()
+ if err != nil {
+ return err
+ }
+ arg = append([]string{bitmaskRoot}, arg...)
+
+ cmd := exec.Command("pkexec", arg...)
+ err = cmd.Run()
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
+func bitmaskRootPath() (string, error) {
+ if os.Getenv("SNAP") != "" {
+ path := "/snap/bin/riseup-vpn.bitmask-root"
+ if _, err := os.Stat(path); !os.IsNotExist(err) {
+ return path, nil
+ }
+ }
+ for _, path := range bitmaskRootPaths {
+ if _, err := os.Stat(path); !os.IsNotExist(err) {
+ return path, nil
+ }
+ }
+ return "", errors.New("No bitmask-root found")
+}
+
+func getOpenvpnPath() string {
+ if os.Getenv("SNAP") != "" {
+ return snapOpenvpnPath
+ }
+ return systemOpenvpnPath
+}
diff --git a/pkg/standalone/main.go b/pkg/standalone/main.go
new file mode 100644
index 0000000..f7e1976
--- /dev/null
+++ b/pkg/standalone/main.go
@@ -0,0 +1,80 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "io/ioutil"
+ "log"
+ "os"
+
+ "github.com/apparentlymart/go-openvpn-mgmt/openvpn"
+)
+
+// Bitmask holds the bitmask client data
+type Bitmask struct {
+ tempdir string
+ statusCh chan string
+ managementClient *openvpn.MgmtClient
+ bonafide *bonafide
+ launch *launcher
+}
+
+// Init the connection to bitmask
+func Init() (*Bitmask, error) {
+ statusCh := make(chan string, 10)
+ tempdir, err := ioutil.TempDir("", "leap-")
+ if err != nil {
+ return nil, err
+ }
+ bonafide := newBonafide()
+ launch, err := newLauncher()
+ if err != nil {
+ return nil, err
+ }
+ b := Bitmask{tempdir, statusCh, nil, bonafide, launch}
+
+ err = b.StopVPN()
+ if err != nil {
+ return nil, err
+ }
+ err = ioutil.WriteFile(b.getCaCertPath(), caCert, 0600)
+
+ go b.openvpnManagement()
+ return &b, err
+}
+
+// GetStatusCh returns a channel that will recieve VPN status changes
+func (b *Bitmask) GetStatusCh() <-chan string {
+ return b.statusCh
+}
+
+// Close the connection to bitmask
+func (b *Bitmask) Close() {
+ b.StopVPN()
+ err := b.launch.close()
+ if err != nil {
+ log.Printf("There was an error closing the launcher: %v", err)
+ }
+ err = os.RemoveAll(b.tempdir)
+ if err != nil {
+ log.Printf("There was an error removing temp dir: %v", err)
+ }
+}
+
+// Version gets the bitmask version string
+func (b *Bitmask) Version() (string, error) {
+ return "", nil
+}
diff --git a/pkg/standalone/status.go b/pkg/standalone/status.go
new file mode 100644
index 0000000..42c4687
--- /dev/null
+++ b/pkg/standalone/status.go
@@ -0,0 +1,91 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "fmt"
+ "log"
+
+ "github.com/apparentlymart/go-openvpn-mgmt/openvpn"
+)
+
+const (
+ On = "on"
+ Off = "off"
+ Starting = "starting"
+ Stopping = "stopping"
+ Failed = "failed"
+)
+
+var statusNames = map[string]string{
+ "CONNECTING": Starting,
+ "WAIT": Starting,
+ "AUTH": Starting,
+ "GET_CONFIG": Starting,
+ "ASSIGN_IP": Starting,
+ "ADD_ROUTES": Starting,
+ "CONNECTED": On,
+ "RECONNECTING": Starting,
+ "EXITING": Stopping,
+ "OFF": Off,
+ "FAILED": Off,
+}
+
+func (b *Bitmask) openvpnManagement() {
+ // TODO: we should warn the user on ListenAndServe errors
+ newConnection := func(conn openvpn.IncomingConn) {
+ eventCh := make(chan openvpn.Event, 10)
+ log.Println("New connection into the management")
+ b.managementClient = conn.Open(eventCh)
+ b.managementClient.SetStateEvents(true)
+ b.eventHandler(eventCh)
+ }
+ log.Fatal(openvpn.ListenAndServe(
+ fmt.Sprintf("%s:%s", openvpnManagementAddr, openvpnManagementPort),
+ openvpn.IncomingConnHandlerFunc(newConnection),
+ ))
+}
+
+func (b *Bitmask) eventHandler(eventCh <-chan openvpn.Event) {
+ // TODO: we are reporing only openvpn status, missing firewall status
+ for event := range eventCh {
+ log.Printf("Event: %v", event)
+ stateEvent, ok := event.(*openvpn.StateEvent)
+ if !ok {
+ continue
+ }
+ status, ok := statusNames[stateEvent.NewState()]
+ if ok {
+ b.statusCh <- status
+ }
+ }
+ b.statusCh <- Off
+}
+
+func (b *Bitmask) getOpenvpnState() (string, error) {
+ if b.managementClient == nil {
+ return "", fmt.Errorf("No management connected")
+ }
+ stateEvent, err := b.managementClient.LatestState()
+ if err != nil {
+ return "", err
+ }
+ status, ok := statusNames[stateEvent.NewState()]
+ if !ok {
+ return "", fmt.Errorf("Unkonw status")
+ }
+ return status, nil
+}
diff --git a/pkg/standalone/testdata/cert b/pkg/standalone/testdata/cert
new file mode 100644
index 0000000..4968b3f
--- /dev/null
+++ b/pkg/standalone/testdata/cert
@@ -0,0 +1,54 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA3TQAmZs9U6e1xqQqVWkb132AGXdaO97bsXPOrrKUp63hKeXD
+2OQbmG96H3COi0uubVFQT1cAmpuym2COtgahQlnv42p0u2CYsBqfrCHw3iSK7nf6
+Q8RaG2oUIvlQj5m4DUk1wfRBgG5z0pN2HwFWmgheoT0RnOelTO3vcLCaSJA6PF4M
+Wehg5ScXi9wr0vibKsANpqab3oUxcHEYcNcKfJKRnXryJx6ctLrRp1WPv3JAXLnn
+oUtQ00S0dSHrLED5yPwGFV08q4bkv54qFai2cPO8ITReC6BpvrilBzOjT6fjCmzm
+6MCwBot7aRHYcWJgfp7H2b2S7T2qhnC4c2u6mwIDAQABAoIBAFue83SsOS2SNJdv
+Xd18qLyLzeg+aFCOET8h8YSokSwWuEGLWqBWcxujaNjm3RPTKA89c9848RYY0VTM
+HLBGdLqv183BRVJrQzMGBAbfFA5e4nC9nxo8lPnv6SFHVNf12qceILcSPaM9nJmm
+3HEhM8afGtr8GXR8+hmwH9H0RCMzXIjO1//WrY3nfOP8LRuQpSnnhsfZRyngWhot
+xsJlDP5plFNw7J/PDLtbjnbOXOktv0fhhq7aWR+A+0s0627r7Tidk1YoNwusYJeB
+uKrzNW1+c7Z9xl2yvMQ6+0Wry7A5YUVYP/BakYb/f/skB4ox/zz8vcWeQ4ShZ7m6
+LwPN0ckCgYEA+9wjSBbOlksath3QrJywikD1sQYFOdNrINTBFQnuipKOYKLJNhQM
+OzKHY1OiO7G6FcEvz9gKYMpMyMOs8TsISyKPNOXLpnwpgIUx6WRo6qxgEuyWLpBb
+Q3Kodl1a/q51dw56pPDEATKjSB1CjXXzm717m5FimH5csPKj9SzrGecCgYEA4Nbb
+QML1Jh9cu7TvlK3WqbAFJa4Mx/0+OQ+5xlhbs/ygn3/AZiSsPWdNK11XJ25jgGJw
+AucXr/kHgwJX23kFpCYB3zZE0Vh/hOqk/KlUFmptuADIDOAVst0v8MqBLZpZessN
+TXph5VBT6P51Oz/ZLC67uno02R1vUhDMB5VCyy0CgYEAoriZuuuxUXz4pw0gU0Vw
+8gICOvsuySuFHVMX5GXkTnddsaW65kuRk3WT72KLgJHVLlUAdQKZwesyLMvvonOH
+ajPL3ltRdiDmF3j2xFnxRx1TfSaJ6U+vBya/HKo4Li+9CMy8BHDh0fxLbj4pT4gT
+el2zzNDjqK6LaG976t24j6UCgYEAyTD5uRW7cIWX4Y+i4xQ7hlQwBuucHEkMKNtd
+jZL7XC+vO4qBi+U9CyUo9KjtmCc7emKbgL1xgNICWsT6ATZmSeCIxEg3hG0Ajtu5
+Dy4mRHiv/XsViA/s2sT6ZSmQNlJrx2lzWeUtPJmIvHEWThJwLw0Sh2dbavzf5DuL
+ly2FO3ECgYEA5AKnPQo45I+abEA/zKHsKHCqBPEbIaZpJJTaiInrsLiGJf+WzN4N
+zr/VAzvY+v0X5RgZmROY5ZLPVf2fTeVNzU5WzoB78hHOI67YI2Sbq7jZlatOgX4z
+Ur2BQdT0bW6VINYpDLUvS4goW5p0nQbGItdk69yyef1v3NDbCJ/Sg+Q=
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEnDCCAoSgAwIBAgIRAJzr5xxPLgDD+drzU+5p8cgwDQYJKoZIhvcNAQELBQAw
+dTEYMBYGA1UECgwPUmlzZXVwIE5ldHdvcmtzMRswGQYDVQQLDBJodHRwczovL3Jp
+c2V1cC5uZXQxPDA6BgNVBAMMM1Jpc2V1cCBOZXR3b3JrcyBSb290IENBIChjbGll
+bnQgY2VydGlmaWNhdGVzIG9ubHkhKTAeFw0xODEwMjMwMDAwMDBaFw0xOTAxMjMw
+MDAwMDBaMC0xKzApBgNVBAMMIlVOTElNSVRFRDVmbzdsMmxiY3g0OWR5ZzR5MWY4
+YXN3YXcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdNACZmz1Tp7XG
+pCpVaRvXfYAZd1o73tuxc86uspSnreEp5cPY5BuYb3ofcI6LS65tUVBPVwCam7Kb
+YI62BqFCWe/janS7YJiwGp+sIfDeJIrud/pDxFobahQi+VCPmbgNSTXB9EGAbnPS
+k3YfAVaaCF6hPRGc56VM7e9wsJpIkDo8XgxZ6GDlJxeL3CvS+JsqwA2mppvehTFw
+cRhw1wp8kpGdevInHpy0utGnVY+/ckBcueehS1DTRLR1IessQPnI/AYVXTyrhuS/
+nioVqLZw87whNF4LoGm+uKUHM6NPp+MKbObowLAGi3tpEdhxYmB+nsfZvZLtPaqG
+cLhza7qbAgMBAAGjbzBtMB0GA1UdDgQWBBRwXpI96PjilFPrkK+CHUPia++ISTAL
+BgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCQYDVR0TBAIwADAfBgNV
+HSMEGDAWgBQX9BvV5SoBAU1rol02CikJlmWARjANBgkqhkiG9w0BAQsFAAOCAgEA
+ryNFLixuicVRepocY2lTSY0cpG0eRmLuYJGupk9KeiLA5YEFzl4ZfXJLi+9UHoUR
+Bgfe6QYLBb77nO24CoeiMJQw6s593ctMLiMU++fjew31gNp6aA9DmvbLd+fNuLyO
+XObRtGw99M37cyf3ZS2SEbTBr4NBp/r3OCyUYsxPYKOzEkr9kNYa8ZZSI960i7/R
+/aiq2qemQaOQHTlmrhcBuARJoRVVlLnn2zgLSVm6ptbFLNtAk0lWriUT/WlRmn8j
+Cyn/JOuo/1wtrK1dHkaXr8bkEq1oFQzcwMN85hrZKWU0BCehELZtiUg8grqaX/sf
+/jaXD61FEqWjIXeGqY/K6ruosZCw2R8sQYzTuQNHMjxmx+J3pch7dMmJPbmA3HW2
+nA7yVp51SX8iZ26zb40S7GG6RNesU+BZxz05XVLt1GwyLx/uNxS4rFpKAT/+ifWG
+3Y1j1lMqBxx6RbuqiM1TWqU7Xtzu3hf8ytP5qP7kudXn1TyNtpZCIrzbTXbLnYiD
+nH4ZQEWGyAKBOz41eOcG6EXn0TznSGE593ueXBeFnsym7i9MjoOWNGaJ7UbkipfX
+FzxirlY5IRkWnmHCL0wGUg6YGnZ1OQ8VBBGb/dBPRMDwA7zWvoM7+3yDLR3aRaLH
+mTQzNzu3jy6CRdlpIUcPRcgbniySip1jJrHRYBui+9w=
+-----END CERTIFICATE-----
diff --git a/pkg/standalone/testdata/eip-service.json b/pkg/standalone/testdata/eip-service.json
new file mode 100644
index 0000000..d5f2413
--- /dev/null
+++ b/pkg/standalone/testdata/eip-service.json
@@ -0,0 +1,113 @@
+{
+ "gateways": [
+ {
+ "capabilities": {
+ "adblock": false,
+ "filter_dns": false,
+ "limited": false,
+ "ports": [
+ "443"
+ ],
+ "protocols": [
+ "tcp"
+ ],
+ "transport": [
+ "openvpn"
+ ],
+ "user_ips": false
+ },
+ "host": "1.example.com",
+ "ip_address": "1.1.1.1",
+ "location": "a"
+ },
+ {
+ "capabilities": {
+ "adblock": false,
+ "filter_dns": false,
+ "limited": false,
+ "ports": [
+ "443"
+ ],
+ "protocols": [
+ "tcp"
+ ],
+ "transport": [
+ "openvpn"
+ ],
+ "user_ips": false
+ },
+ "host": "2.example.com",
+ "ip_address": "2.2.2.2",
+ "location": "b"
+ },
+ {
+ "capabilities": {
+ "adblock": false,
+ "filter_dns": false,
+ "limited": false,
+ "ports": [
+ "443"
+ ],
+ "protocols": [
+ "tcp"
+ ],
+ "transport": [
+ "openvpn"
+ ],
+ "user_ips": false
+ },
+ "host": "3.example.com",
+ "ip_address": "3.3.3.3",
+ "location": "b"
+ },
+ {
+ "capabilities": {
+ "adblock": false,
+ "filter_dns": false,
+ "limited": false,
+ "ports": [
+ "443"
+ ],
+ "protocols": [
+ "tcp"
+ ],
+ "transport": [
+ "openvpn"
+ ],
+ "user_ips": false
+ },
+ "host": "4.example.com",
+ "ip_address": "4.4.4.4",
+ "location": "c"
+ }
+ ],
+ "locations": {
+ "a": {
+ "country_code": "AA",
+ "hemisphere": "N",
+ "name": "a",
+ "timezone": "-5"
+ },
+ "b": {
+ "country_code": "BB",
+ "hemisphere": "S",
+ "name": "b",
+ "timezone": "+1"
+ },
+ "c": {
+ "country_code": "CC",
+ "hemisphere": "N",
+ "name": "c",
+ "timezone": "+8"
+ }
+ },
+ "openvpn_configuration": {
+ "auth": "SHA1",
+ "cipher": "AES-128-CBC",
+ "keepalive": "10 30",
+ "tls-cipher": "DHE-RSA-AES128-SHA",
+ "tun-ipv6": true
+ },
+ "serial": 1,
+ "version": 1
+}
diff --git a/pkg/standalone/vpn.go b/pkg/standalone/vpn.go
new file mode 100644
index 0000000..941d444
--- /dev/null
+++ b/pkg/standalone/vpn.go
@@ -0,0 +1,156 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package standalone
+
+import (
+ "io/ioutil"
+ "os"
+ "path"
+)
+
+const (
+ openvpnManagementAddr = "127.0.0.1"
+ openvpnManagementPort = "6061"
+)
+
+// StartVPN for provider
+func (b *Bitmask) StartVPN(provider string) error {
+ gateways, err := b.bonafide.getGateways()
+ if err != nil {
+ return err
+ }
+ certPemPath, err := b.getCert()
+ if err != nil {
+ return err
+ }
+
+ err = b.launch.firewallStart(gateways)
+ if err != nil {
+ return err
+ }
+
+ arg, err := b.bonafide.getOpenvpnArgs()
+ if err != nil {
+ return err
+ }
+ for _, gw := range gateways {
+ arg = append(arg, "--remote", gw.IPAddress, "443", "tcp4")
+ }
+ arg = append(arg,
+ "--verb", "1",
+ "--management-client",
+ "--management", openvpnManagementAddr, openvpnManagementPort,
+ "--ca", b.getCaCertPath(),
+ "--cert", certPemPath,
+ "--key", certPemPath)
+ return b.launch.openvpnStart(arg...)
+}
+
+func (b *Bitmask) getCert() (certPath string, err error) {
+ certPath = b.getCertPemPath()
+
+ if _, err := os.Stat(certPath); os.IsNotExist(err) {
+ cert, err := b.bonafide.getCertPem()
+ if err != nil {
+ return "", err
+ }
+ err = ioutil.WriteFile(certPath, cert, 0600)
+ }
+
+ return certPath, err
+}
+
+// StopVPN or cancel
+func (b *Bitmask) StopVPN() error {
+ err := b.launch.firewallStop()
+ if err != nil {
+ return err
+ }
+ return b.launch.openvpnStop()
+}
+
+// ReloadFirewall restarts the firewall
+func (b *Bitmask) ReloadFirewall() error {
+ err := b.launch.firewallStop()
+ if err != nil {
+ return err
+ }
+
+ status, err := b.GetStatus()
+ if err != nil {
+ return err
+ }
+
+ if status != Off {
+ gateways, err := b.bonafide.getGateways()
+ if err != nil {
+ return err
+ }
+ return b.launch.firewallStart(gateways)
+ }
+ return nil
+}
+
+// GetStatus returns the VPN status
+func (b *Bitmask) GetStatus() (string, error) {
+ status, err := b.getOpenvpnState()
+ if err != nil {
+ status = Off
+ }
+ if status == Off && b.launch.firewallIsUp() {
+ return Failed, nil
+ }
+ return status, nil
+}
+
+// InstallHelpers into the system
+func (b *Bitmask) InstallHelpers() error {
+ // TODO
+ return nil
+}
+
+// VPNCheck returns if the helpers are installed and up to date and if polkit is running
+func (b *Bitmask) VPNCheck() (helpers bool, priviledge bool, err error) {
+ // TODO
+ return true, true, nil
+}
+
+// ListGateways return the names of the gateways
+func (b *Bitmask) ListGateways(provider string) ([]string, error) {
+ gateways, err := b.bonafide.getGateways()
+ if err != nil {
+ return nil, err
+ }
+ gatewayNames := make([]string, len(gateways))
+ for i, gw := range gateways {
+ gatewayNames[i] = gw.Location
+ }
+ return gatewayNames, nil
+}
+
+// UseGateway selects name as the default gateway
+func (b *Bitmask) UseGateway(name string) error {
+ b.bonafide.setDefaultGateway(name)
+ return nil
+}
+
+func (b *Bitmask) getCertPemPath() string {
+ return path.Join(b.tempdir, "openvpn.pem")
+}
+
+func (b *Bitmask) getCaCertPath() string {
+ return path.Join(b.tempdir, "cacert.pem")
+}
diff --git a/pkg/systray/config.go b/pkg/systray/config.go
new file mode 100644
index 0000000..75a7a8a
--- /dev/null
+++ b/pkg/systray/config.go
@@ -0,0 +1,97 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package systray
+
+import (
+ "encoding/json"
+ "os"
+ "path"
+ "time"
+
+ "0xacab.org/leap/bitmask-systray/pkg/config"
+ "golang.org/x/text/message"
+)
+
+const (
+ oneDay = time.Hour * 24
+ oneMonth = oneDay * 30
+)
+
+var (
+ configPath = path.Join(config.Path, "systray.json")
+)
+
+// SystrayConfig holds the configuration of the systray
+type SystrayConfig struct {
+ LastNotification time.Time
+ Donated time.Time
+ SelectGateway bool
+ UserStoppedVPN bool
+ Provider string `json:"-"`
+ ApplicationName string `json:"-"`
+ Version string `json:"-"`
+ Printer *message.Printer `json:"-"`
+}
+
+// ParseConfig reads the configuration from the configuration file
+func ParseConfig() *SystrayConfig {
+ var conf SystrayConfig
+
+ f, err := os.Open(configPath)
+ if err != nil {
+ conf.save()
+ return &conf
+ }
+ defer f.Close()
+
+ dec := json.NewDecoder(f)
+ err = dec.Decode(&conf)
+ return &conf
+}
+
+func (c *SystrayConfig) setUserStoppedVPN(vpnStopped bool) error {
+ c.UserStoppedVPN = vpnStopped
+ return c.save()
+}
+
+func (c *SystrayConfig) hasDonated() bool {
+ return c.Donated.Add(oneMonth).After(time.Now())
+}
+
+func (c *SystrayConfig) needsNotification() bool {
+ return !c.hasDonated() && c.LastNotification.Add(oneDay).Before(time.Now())
+}
+
+func (c *SystrayConfig) setNotification() error {
+ c.LastNotification = time.Now()
+ return c.save()
+}
+
+func (c *SystrayConfig) setDonated() error {
+ c.Donated = time.Now()
+ return c.save()
+}
+
+func (c *SystrayConfig) save() error {
+ f, err := os.Create(configPath)
+ if err != nil {
+ return err
+ }
+ defer f.Close()
+
+ enc := json.NewEncoder(f)
+ return enc.Encode(c)
+}
diff --git a/pkg/systray/notificator.go b/pkg/systray/notificator.go
new file mode 100644
index 0000000..e23b9d1
--- /dev/null
+++ b/pkg/systray/notificator.go
@@ -0,0 +1,164 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package systray
+
+import (
+ "io/ioutil"
+ "os"
+ "path"
+ "runtime"
+ "time"
+
+ "0xacab.org/leap/go-dialog"
+ "github.com/skratchdot/open-golang/open"
+)
+
+const (
+ donationText = `The %s service is expensive to run. Because we don't want to store personal information about you, there is no accounts or billing for this service. But if you want the service to continue, donate at least $5 each month.
+
+Do you want to donate now?`
+ aboutText = `%[1]s is an easy, fast, and secure VPN service from riseup.net. %[1]s does not require a user account, keep logs, or track you in any way.
+
+This service is paid for entirely by donations from users like you. Please donate at https://riseup.net/vpn/donate.
+
+By using this application, you agree to the Terms of Service available at https://riseup.net/tos. This service is provide as-is, without any warranty, and is intended for people who work to make the world a better place.
+
+
+%[1]v version: %[2]s`
+ missingAuthAgent = `Could not find a polkit authentication agent. Please run one and try again.`
+ errorStartingVPN = `Can't connect to %s: %v`
+ svgFileName = "riseupvpn.svg"
+)
+
+type notificator struct {
+ conf *SystrayConfig
+}
+
+func newNotificator(conf *SystrayConfig) *notificator {
+ n := notificator{conf}
+ go n.donations()
+ return &n
+}
+
+func (n *notificator) donations() {
+ for {
+ time.Sleep(time.Hour)
+ if n.conf.needsNotification() {
+ letsDonate := dialog.Message(n.conf.Printer.Sprintf(donationText, n.conf.ApplicationName)).
+ Title(n.conf.Printer.Sprintf("Donate")).
+ Icon(getIconPath()).
+ YesNo()
+ n.conf.setNotification()
+ if letsDonate {
+ open.Run("https://riseup.net/vpn/donate")
+ n.conf.setDonated()
+ }
+ }
+ }
+}
+
+func (n *notificator) about(version string) {
+ if version == "" && os.Getenv("SNAP") != "" {
+ _version, err := ioutil.ReadFile(os.Getenv("SNAP") + "/snap/version.txt")
+ if err == nil {
+ version = string(_version)
+ }
+ }
+ dialog.Message(n.conf.Printer.Sprintf(aboutText, n.conf.ApplicationName, version)).
+ Title(n.conf.Printer.Sprintf("About")).
+ Icon(getIconPath()).
+ Info()
+}
+
+func (n *notificator) initFailure(err error) {
+ dialog.Message(err.Error()).
+ Title(n.conf.Printer.Sprintf("Initialization error")).
+ Icon(getIconPath()).
+ Error()
+}
+
+func (n *notificator) authAgent() {
+ dialog.Message(n.conf.Printer.Sprintf(missingAuthAgent)).
+ Title(n.conf.Printer.Sprintf("Missing authentication agent")).
+ Icon(getIconPath()).
+ Error()
+}
+
+func (n *notificator) errorStartingVPN(err error) {
+ dialog.Message(n.conf.Printer.Sprintf(errorStartingVPN, n.conf.ApplicationName, err)).
+ Title(n.conf.Printer.Sprintf("Error starting VPN")).
+ Icon(getIconPath()).
+ Error()
+}
+
+func getIconPath() string {
+ gopath := os.Getenv("GOPATH")
+ if gopath == "" {
+ gopath = path.Join(os.Getenv("HOME"), "go")
+ }
+
+ if runtime.GOOS == "windows" {
+ icoPath := `C:\Program Files\RiseupVPN\riseupvpn.ico`
+ if fileExist(icoPath) {
+ return icoPath
+ }
+ icoPath = path.Join(gopath, "src", "0xacab.org", "leap", "riseup_vpn", "assets", "riseupvpn.ico")
+ if fileExist(icoPath) {
+ return icoPath
+ }
+ return ""
+ }
+
+ if runtime.GOOS == "darwin" {
+ icnsPath := "/Applications/RiseupVPN.app/Contents/Resources/app.icns"
+ if fileExist(icnsPath) {
+ return icnsPath
+ }
+ icnsPath = path.Join(gopath, "src", "0xacab.org", "leap", "riseup_vpn", "assets", "riseupvpn.icns")
+ if fileExist(icnsPath) {
+ return icnsPath
+ }
+ return ""
+ }
+
+ snapPath := os.Getenv("SNAP")
+ if snapPath != "" {
+ return snapPath + "/snap/gui/riseupvpn.svg"
+ }
+
+ wd, _ := os.Getwd()
+ svgPath := path.Join(wd, svgFileName)
+ if fileExist(svgPath) {
+ return svgPath
+ }
+
+ svgPath = "/usr/share/riseupvpn/riseupvpn.svg"
+ if fileExist(svgPath) {
+ return svgPath
+ }
+
+ svgPath = path.Join(gopath, "src", "0xacab.org", "leap", "bitmask-systray", svgFileName)
+ if fileExist(svgPath) {
+ return svgPath
+ }
+
+ return ""
+}
+
+func fileExist(filePath string) bool {
+ _, err := os.Stat(filePath)
+ return err == nil
+}
diff --git a/pkg/systray/pid.go b/pkg/systray/pid.go
new file mode 100644
index 0000000..6a1b32c
--- /dev/null
+++ b/pkg/systray/pid.go
@@ -0,0 +1,99 @@
+package systray
+
+import (
+ "fmt"
+ "io/ioutil"
+ "log"
+ "os"
+ "path/filepath"
+ "strconv"
+ "strings"
+ "syscall"
+
+ "0xacab.org/leap/bitmask-systray/pkg/config"
+ "github.com/mitchellh/go-ps"
+)
+
+var pidFile = filepath.Join(config.Path, "systray.pid")
+
+func acquirePID() error {
+ pid := syscall.Getpid()
+ current, err := getPID()
+ if err != nil {
+ return err
+ }
+
+ if current != pid && pidRunning(current) {
+ return fmt.Errorf("Another systray is running with pid: %d", current)
+ }
+
+ return setPID(pid)
+}
+
+func releasePID() error {
+ pid := syscall.Getpid()
+ current, err := getPID()
+ if err != nil {
+ return err
+ }
+ if current != 0 && current != pid {
+ return fmt.Errorf("Can't release pid file, is not own by this process")
+ }
+
+ if current == pid {
+ return os.Remove(pidFile)
+ }
+ return nil
+}
+
+func getPID() (int, error) {
+ _, err := os.Stat(pidFile)
+ if os.IsNotExist(err) {
+ return 0, nil
+ }
+ if err != nil {
+ return 0, err
+ }
+
+ file, err := os.Open(pidFile)
+ if err != nil {
+ return 0, err
+ }
+ defer file.Close()
+
+ b, err := ioutil.ReadAll(file)
+ if err != nil {
+ return 0, err
+ }
+ if len(b) == 0 {
+ return 0, nil
+ }
+ return strconv.Atoi(string(b))
+}
+
+func setPID(pid int) error {
+ file, err := os.Create(pidFile)
+ if err != nil {
+ return err
+ }
+ defer file.Close()
+
+ _, err = file.WriteString(fmt.Sprintf("%d", pid))
+ return err
+}
+
+func pidRunning(pid int) bool {
+ if pid == 0 {
+ return false
+ }
+ proc, err := ps.FindProcess(pid)
+ if err != nil {
+ log.Printf("An error ocurred finding process: %v", err)
+ return false
+ }
+ if proc == nil {
+ return false
+ }
+ log.Printf("There is a running process with the pid %d and executable: %s", pid, proc.Executable())
+ return strings.Contains(os.Args[0], proc.Executable())
+}
diff --git a/pkg/systray/pid_test.go b/pkg/systray/pid_test.go
new file mode 100644
index 0000000..dda8384
--- /dev/null
+++ b/pkg/systray/pid_test.go
@@ -0,0 +1,21 @@
+package systray
+
+import (
+ "syscall"
+ "testing"
+)
+
+const (
+ invalidPid = 345678
+)
+
+func TestPidRunning(t *testing.T) {
+ pid := syscall.Getpid()
+ if !pidRunning(pid) {
+ t.Errorf("pid %v is not running", pid)
+ }
+
+ if pidRunning(invalidPid) {
+ t.Errorf("pid %v is running", invalidPid)
+ }
+}
diff --git a/pkg/systray/run.go b/pkg/systray/run.go
new file mode 100644
index 0000000..0457ed4
--- /dev/null
+++ b/pkg/systray/run.go
@@ -0,0 +1,103 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package systray
+
+import (
+ "log"
+ "os"
+
+ "0xacab.org/leap/bitmask-systray/pkg/bitmask"
+ "0xacab.org/leap/bitmask-systray/pkg/config"
+)
+
+func Run(conf *SystrayConfig) {
+ bt := bmTray{conf: conf}
+ go initialize(conf, &bt)
+ bt.start()
+}
+
+func initialize(conf *SystrayConfig, bt *bmTray) {
+ if _, err := os.Stat(config.Path); os.IsNotExist(err) {
+ os.MkdirAll(config.Path, os.ModePerm)
+ }
+
+ err := acquirePID()
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer releasePID()
+
+ notify := newNotificator(conf)
+
+ b, err := bitmask.Init(conf.Printer)
+ if err != nil {
+ notify.initFailure(err)
+ return
+ }
+ defer b.Close()
+ go checkAndStartBitmask(b, notify, conf)
+ go listenSignals(b)
+
+ as := bitmask.NewAutostart(conf.ApplicationName, getIconPath())
+ err = as.Enable()
+ if err != nil {
+ log.Printf("Error enabling autostart: %v", err)
+ }
+ bt.loop(b, notify, as)
+}
+
+func checkAndStartBitmask(b bitmask.Bitmask, notify *notificator, conf *SystrayConfig) {
+ err := checkAndInstallHelpers(b, notify)
+ if err != nil {
+ log.Printf("Is bitmask running? %v", err)
+ os.Exit(1)
+ }
+ err = maybeStartVPN(b, conf)
+ if err != nil {
+ log.Println("Error starting VPN: ", err)
+ notify.errorStartingVPN(err)
+ }
+}
+
+func checkAndInstallHelpers(b bitmask.Bitmask, notify *notificator) error {
+ helpers, priviledge, err := b.VPNCheck()
+ if (err != nil && err.Error() == "nopolkit") || (err == nil && !priviledge) {
+ log.Printf("No polkit found")
+ notify.authAgent()
+ } else if err != nil {
+ log.Printf("Error checking vpn: %v", err)
+ notify.errorStartingVPN(err)
+ return err
+ }
+
+ if !helpers {
+ err = b.InstallHelpers()
+ if err != nil {
+ log.Println("Error installing helpers: ", err)
+ }
+ }
+ return nil
+}
+
+func maybeStartVPN(b bitmask.Bitmask, conf *SystrayConfig) error {
+ if conf.UserStoppedVPN {
+ return nil
+ }
+
+ err := b.StartVPN(conf.Provider)
+ conf.setUserStoppedVPN(false)
+ return err
+}
diff --git a/pkg/systray/signal_unix.go b/pkg/systray/signal_unix.go
new file mode 100644
index 0000000..06b59ae
--- /dev/null
+++ b/pkg/systray/signal_unix.go
@@ -0,0 +1,34 @@
+// +build !windows
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package systray
+
+import (
+ "os"
+ "os/signal"
+ "syscall"
+
+ "0xacab.org/leap/bitmask-systray/pkg/bitmask"
+)
+
+func listenSignals(bm bitmask.Bitmask) {
+ sigusrCh := make(chan os.Signal, 1)
+ signal.Notify(sigusrCh, syscall.SIGUSR1)
+
+ for range sigusrCh {
+ bm.ReloadFirewall()
+ }
+}
diff --git a/pkg/systray/signal_windows.go b/pkg/systray/signal_windows.go
new file mode 100644
index 0000000..f96212c
--- /dev/null
+++ b/pkg/systray/signal_windows.go
@@ -0,0 +1,24 @@
+// +build windows
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package systray
+
+import (
+ "0xacab.org/leap/bitmask-systray/pkg/bitmask"
+)
+
+func listenSignals(bm bitmask.Bitmask) {
+}
diff --git a/pkg/systray/systray.go b/pkg/systray/systray.go
new file mode 100644
index 0000000..3505958
--- /dev/null
+++ b/pkg/systray/systray.go
@@ -0,0 +1,257 @@
+// Copyright (C) 2018 LEAP
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+package systray
+
+import (
+ "fmt"
+ "log"
+ "os"
+ "os/signal"
+ "time"
+
+ "0xacab.org/leap/bitmask-systray/icon"
+ "0xacab.org/leap/bitmask-systray/pkg/bitmask"
+ "github.com/getlantern/systray"
+ "github.com/skratchdot/open-golang/open"
+)
+
+type bmTray struct {
+ bm bitmask.Bitmask
+ conf *SystrayConfig
+ notify *notificator
+ waitCh chan bool
+ mStatus *systray.MenuItem
+ mTurnOn *systray.MenuItem
+ mTurnOff *systray.MenuItem
+ mHelp *systray.MenuItem
+ mDonate *systray.MenuItem
+ mAbout *systray.MenuItem
+ mQuit *systray.MenuItem
+ activeGateway *gatewayTray
+ autostart bitmask.Autostart
+}
+
+type gatewayTray struct {
+ menuItem *systray.MenuItem
+ name string
+}
+
+func (bt *bmTray) start() {
+ // XXX this removes the snap error message, but produces an invisible icon.
+ // https://0xacab.org/leap/riseup_vpn/issues/44
+ // os.Setenv("TMPDIR", "/var/tmp")
+ systray.Run(bt.onReady, bt.onExit)
+}
+
+func (bt *bmTray) onExit() {
+ log.Println("Closing systray")
+}
+
+func (bt *bmTray) onReady() {
+ printer := bt.conf.Printer
+ systray.SetIcon(icon.Off)
+
+ bt.mStatus = systray.AddMenuItem(printer.Sprintf("Checking status..."), "")
+ bt.mStatus.Disable()
+ bt.mTurnOn = systray.AddMenuItem(printer.Sprintf("Turn on"), "")
+ bt.mTurnOn.Hide()
+ bt.mTurnOff = systray.AddMenuItem(printer.Sprintf("Turn off"), "")
+ bt.mTurnOff.Hide()
+ systray.AddSeparator()
+
+ if bt.conf.SelectGateway {
+ bt.addGateways()
+ }
+
+ bt.mHelp = systray.AddMenuItem(printer.Sprintf("Help..."), "")
+ bt.mDonate = systray.AddMenuItem(printer.Sprintf("Donate..."), "")
+ bt.mAbout = systray.AddMenuItem(printer.Sprintf("About..."), "")
+ systray.AddSeparator()
+
+ bt.mQuit = systray.AddMenuItem(printer.Sprintf("Quit"), "")
+}
+
+func (bt *bmTray) loop(bm bitmask.Bitmask, notify *notificator, as bitmask.Autostart) {
+ bt.bm = bm
+ bt.notify = notify
+ bt.autostart = as
+
+ signalCh := make(chan os.Signal, 1)
+ signal.Notify(signalCh, os.Interrupt)
+
+ ch := bt.bm.GetStatusCh()
+ if status, err := bt.bm.GetStatus(); err != nil {
+ log.Printf("Error getting status: %v", err)
+ } else {
+ bt.changeStatus(status)
+ }
+
+ for {
+ select {
+ case status := <-ch:
+ log.Println("status: " + status)
+ bt.changeStatus(status)
+
+ case <-bt.mTurnOn.ClickedCh:
+ log.Println("on")
+ bt.changeStatus("starting")
+ bt.bm.StartVPN(bt.conf.Provider)
+ bt.conf.setUserStoppedVPN(false)
+ case <-bt.mTurnOff.ClickedCh:
+ log.Println("off")
+ bt.changeStatus("stopping")
+ bt.bm.StopVPN()
+ bt.conf.setUserStoppedVPN(true)
+
+ case <-bt.mHelp.ClickedCh:
+ open.Run("https://riseup.net/vpn/support")
+ case <-bt.mDonate.ClickedCh:
+ bt.conf.setDonated()
+ open.Run("https://riseup.net/vpn/donate")
+ case <-bt.mAbout.ClickedCh:
+ bitmaskVersion, err := bt.bm.Version()
+ versionStr := bt.conf.Version
+ if err != nil {
+ log.Printf("Error getting version: %v", err)
+ } else if bitmaskVersion != "" {
+ versionStr = fmt.Sprintf("%s (bitmaskd %s)", bt.conf.Version, bitmaskVersion)
+ }
+ bt.notify.about(versionStr)
+
+ case <-bt.mQuit.ClickedCh:
+ err := bt.autostart.Disable()
+ if err != nil {
+ log.Printf("Error disabling autostart: %v", err)
+ }
+ systray.Quit()
+ return
+ case <-signalCh:
+ systray.Quit()
+ return
+
+ case <-time.After(5 * time.Second):
+ if status, err := bt.bm.GetStatus(); err != nil {
+ log.Printf("Error getting status: %v", err)
+ } else {
+ bt.changeStatus(status)
+ }
+ }
+ }
+}
+
+func (bt *bmTray) addGateways() {
+ gatewayList, err := bt.bm.ListGateways(bt.conf.Provider)
+ if err != nil {
+ log.Printf("Gateway initialization error: %v", err)
+ return
+ }
+
+ mGateway := systray.AddMenuItem(bt.conf.Printer.Sprintf("Route traffic through"), "")
+ mGateway.Disable()
+ for i, city := range gatewayList {
+ menuItem := systray.AddMenuItem(city, bt.conf.Printer.Sprintf("Use %s %v gateway", bt.conf.ApplicationName, city))
+ gateway := gatewayTray{menuItem, city}
+
+ if i == 0 {
+ menuItem.Check()
+ menuItem.SetTitle("*" + city)
+ bt.activeGateway = &gateway
+ } else {
+ menuItem.Uncheck()
+ }
+
+ go func(gateway gatewayTray) {
+ for {
+ <-menuItem.ClickedCh
+ gateway.menuItem.SetTitle("*" + gateway.name)
+ gateway.menuItem.Check()
+
+ bt.activeGateway.menuItem.Uncheck()
+ bt.activeGateway.menuItem.SetTitle(bt.activeGateway.name)
+ bt.activeGateway = &gateway
+
+ bt.bm.UseGateway(gateway.name)
+ }
+ }(gateway)
+ }
+
+ systray.AddSeparator()
+}
+
+func (bt *bmTray) changeStatus(status string) {
+ printer := bt.conf.Printer
+ if bt.waitCh != nil {
+ bt.waitCh <- true
+ bt.waitCh = nil
+ }
+
+ var statusStr string
+ switch status {
+ case "on":
+ systray.SetIcon(icon.On)
+ bt.mTurnOff.SetTitle(printer.Sprintf("Turn off"))
+ statusStr = printer.Sprintf("%s on", bt.conf.ApplicationName)
+ bt.mTurnOn.Hide()
+ bt.mTurnOff.Show()
+
+ case "off":
+ systray.SetIcon(icon.Off)
+ bt.mTurnOn.SetTitle(printer.Sprintf("Turn on"))
+ statusStr = printer.Sprintf("%s off", bt.conf.ApplicationName)
+ bt.mTurnOn.Show()
+ bt.mTurnOff.Hide()
+
+ case "starting":
+ bt.waitCh = make(chan bool)
+ go bt.waitIcon()
+ bt.mTurnOff.SetTitle(printer.Sprintf("Cancel"))
+ statusStr = printer.Sprintf("Connecting to %s", bt.conf.ApplicationName)
+ bt.mTurnOn.Hide()
+ bt.mTurnOff.Show()
+
+ case "stopping":
+ bt.waitCh = make(chan bool)
+ go bt.waitIcon()
+ statusStr = printer.Sprintf("Stopping %s", bt.conf.ApplicationName)
+ bt.mTurnOn.Hide()
+ bt.mTurnOff.Hide()
+
+ case "failed":
+ systray.SetIcon(icon.Blocked)
+ bt.mTurnOn.SetTitle(printer.Sprintf("Retry"))
+ bt.mTurnOff.SetTitle(printer.Sprintf("Turn off"))
+ statusStr = printer.Sprintf("%s blocking internet", bt.conf.ApplicationName)
+ bt.mTurnOn.Show()
+ bt.mTurnOff.Show()
+ }
+
+ systray.SetTooltip(statusStr)
+ bt.mStatus.SetTitle(statusStr)
+}
+
+func (bt *bmTray) waitIcon() {
+ icons := [][]byte{icon.Wait0, icon.Wait1, icon.Wait2, icon.Wait3}
+ for i := 0; true; i = (i + 1) % 4 {
+ systray.SetIcon(icons[i])
+
+ select {
+ case <-bt.waitCh:
+ return
+ case <-time.After(time.Millisecond * 500):
+ continue
+ }
+ }
+}