diff options
author | cyBerta <cyberta@riseup.net> | 2017-09-15 01:38:39 +0200 |
---|---|---|
committer | cyBerta <cyberta@riseup.net> | 2017-09-15 01:38:39 +0200 |
commit | dc9a7d39dc4cfe4c752704ffb4d1f02990da2dd1 (patch) | |
tree | 071f2dadae0f1cf731632d1c39eed2005484c688 | |
parent | e6886df9083252282408cd1ee0149c88021ebb11 (diff) |
vpn certificate gets renewed 3 month before current certificate expires
3 files changed, 31 insertions, 25 deletions
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java index 2704bcad..323e7e6d 100644 --- a/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java +++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java @@ -49,7 +49,6 @@ public class TestVpnCertificateValidator extends InstrumentationTestCase { } - //TODO: This test proves that the validation method is weird. Valid dates range between Nov. 2oo6 and Nov. 2017 instead of Nov. 2012 and Nov.2022 public void testIsValid() { VpnCertificateValidator validator = new VpnCertificateValidator(certificate_valid_from_nov2012_to_nov2022); Calendar calendar = Calendar.getInstance(); @@ -60,26 +59,26 @@ public class TestVpnCertificateValidator extends InstrumentationTestCase { validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis())); assertFalse(validator.isValid()); - calendar.set(Calendar.YEAR, 2010); + calendar.set(Calendar.YEAR, 2011); calendar.set(Calendar.MONTH, Calendar.NOVEMBER); calendar.set(Calendar.DAY_OF_MONTH, 6); validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis())); - assertTrue(validator.isValid()); + assertFalse(validator.isValid()); - calendar.set(Calendar.YEAR, 2011); + calendar.set(Calendar.YEAR, 2012); calendar.set(Calendar.MONTH, Calendar.NOVEMBER); calendar.set(Calendar.DAY_OF_MONTH, 6); validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis())); assertTrue(validator.isValid()); - calendar.set(Calendar.YEAR, 2017); - calendar.set(Calendar.MONTH, Calendar.NOVEMBER); + calendar.set(Calendar.YEAR, 2022); + calendar.set(Calendar.MONTH, Calendar.AUGUST); calendar.set(Calendar.DAY_OF_MONTH, 5); validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis())); assertTrue(validator.isValid()); - calendar.set(Calendar.YEAR, 2017); - calendar.set(Calendar.MONTH, Calendar.NOVEMBER); + calendar.set(Calendar.YEAR, 2022); + calendar.set(Calendar.MONTH, Calendar.AUGUST); calendar.set(Calendar.DAY_OF_MONTH, 6); validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis())); assertFalse(validator.isValid()); diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java index 9dcb4da1..b0996032 100644 --- a/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java +++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java @@ -65,7 +65,7 @@ public class VpnTestController { return iconShowsConnected(); } }; - assertTrue("condition iconShowsConnected not fulfilled within " + max_seconds_until_connected * 1000 + " seconds." , solo.waitForCondition(condition, max_seconds_until_connected * 1000)); + assertTrue("condition iconShowsConnected not fulfilled within " + max_seconds_until_connected + " seconds." , solo.waitForCondition(condition, max_seconds_until_connected * 1000)); sleepSeconds(2); } diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java index b7c26761..709dda34 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -25,32 +25,35 @@ public class VpnCertificateValidator { public final static String TAG = VpnCertificateValidator.class.getSimpleName(); private String certificate; - protected CalendarProviderInterface calendarProvider; + private CalendarProviderInterface calendarProvider; public VpnCertificateValidator(String certificate) { this.certificate = certificate; - calendarProvider = new CalendarProvider(); + this.calendarProvider = new CalendarProvider(); } public void setCalendarProvider(CalendarProviderInterface calendarProvider) { this.calendarProvider = calendarProvider; } + /** + * + * @return true if there's a certificate that is valid for more than 3 more months + */ public boolean isValid() { - if (!certificate.isEmpty()) { - X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); - return isValid(certificate_x509); - } else return true; + if (certificate.isEmpty()) { + return false; + } + + X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); + return isValid(certificate_x509); } - /* FIXME: the validation seems to be syntactically wrong. - * if the valid time span of a certificate is between 01.01.14 and 01.01.16 this method would return true for current dates between 01.01.13 and 01.01.15!!! - */ private boolean isValid(X509Certificate certificate) { - Calendar offset_date = calculateOffsetCertificateValidity(certificate); + Calendar offsetDate = calculateOffsetCertificateValidity(certificate); try { - certificate.checkValidity(offset_date.getTime()); + certificate.checkValidity(offsetDate.getTime()); return true; } catch (CertificateExpiredException e) { return false; @@ -60,11 +63,15 @@ public class VpnCertificateValidator { } private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { - long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime()) / 2; - long current_date_millis = calendarProvider.getCalendar().getTimeInMillis(); + Calendar limitDate = calendarProvider.getCalendar(); + Date startDate = certificate.getNotBefore(); + // if certificates start date is before current date just return the current date without an offset + if (startDate.getTime() >= limitDate.getTime().getTime()) { + return limitDate; + } + // else add an offset of 3 months to the current date + limitDate.add(Calendar.MONTH, 3); - Calendar limit_date = calendarProvider.getCalendar(); - limit_date.setTimeInMillis(current_date_millis + preventive_time); - return limit_date; + return limitDate; } } |