summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2017-09-15 01:38:39 +0200
committercyBerta <cyberta@riseup.net>2017-09-15 01:38:39 +0200
commitdc9a7d39dc4cfe4c752704ffb4d1f02990da2dd1 (patch)
tree071f2dadae0f1cf731632d1c39eed2005484c688
parente6886df9083252282408cd1ee0149c88021ebb11 (diff)
vpn certificate gets renewed 3 month before current certificate expires
-rw-r--r--app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java15
-rw-r--r--app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java2
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java39
3 files changed, 31 insertions, 25 deletions
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java
index 2704bcad..323e7e6d 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java
@@ -49,7 +49,6 @@ public class TestVpnCertificateValidator extends InstrumentationTestCase {
}
- //TODO: This test proves that the validation method is weird. Valid dates range between Nov. 2oo6 and Nov. 2017 instead of Nov. 2012 and Nov.2022
public void testIsValid() {
VpnCertificateValidator validator = new VpnCertificateValidator(certificate_valid_from_nov2012_to_nov2022);
Calendar calendar = Calendar.getInstance();
@@ -60,26 +59,26 @@ public class TestVpnCertificateValidator extends InstrumentationTestCase {
validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
assertFalse(validator.isValid());
- calendar.set(Calendar.YEAR, 2010);
+ calendar.set(Calendar.YEAR, 2011);
calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
calendar.set(Calendar.DAY_OF_MONTH, 6);
validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
- assertTrue(validator.isValid());
+ assertFalse(validator.isValid());
- calendar.set(Calendar.YEAR, 2011);
+ calendar.set(Calendar.YEAR, 2012);
calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
calendar.set(Calendar.DAY_OF_MONTH, 6);
validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
assertTrue(validator.isValid());
- calendar.set(Calendar.YEAR, 2017);
- calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
+ calendar.set(Calendar.YEAR, 2022);
+ calendar.set(Calendar.MONTH, Calendar.AUGUST);
calendar.set(Calendar.DAY_OF_MONTH, 5);
validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
assertTrue(validator.isValid());
- calendar.set(Calendar.YEAR, 2017);
- calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
+ calendar.set(Calendar.YEAR, 2022);
+ calendar.set(Calendar.MONTH, Calendar.AUGUST);
calendar.set(Calendar.DAY_OF_MONTH, 6);
validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
assertFalse(validator.isValid());
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java
index 9dcb4da1..b0996032 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java
@@ -65,7 +65,7 @@ public class VpnTestController {
return iconShowsConnected();
}
};
- assertTrue("condition iconShowsConnected not fulfilled within " + max_seconds_until_connected * 1000 + " seconds." , solo.waitForCondition(condition, max_seconds_until_connected * 1000));
+ assertTrue("condition iconShowsConnected not fulfilled within " + max_seconds_until_connected + " seconds." , solo.waitForCondition(condition, max_seconds_until_connected * 1000));
sleepSeconds(2);
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
index b7c26761..709dda34 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -25,32 +25,35 @@ public class VpnCertificateValidator {
public final static String TAG = VpnCertificateValidator.class.getSimpleName();
private String certificate;
- protected CalendarProviderInterface calendarProvider;
+ private CalendarProviderInterface calendarProvider;
public VpnCertificateValidator(String certificate) {
this.certificate = certificate;
- calendarProvider = new CalendarProvider();
+ this.calendarProvider = new CalendarProvider();
}
public void setCalendarProvider(CalendarProviderInterface calendarProvider) {
this.calendarProvider = calendarProvider;
}
+ /**
+ *
+ * @return true if there's a certificate that is valid for more than 3 more months
+ */
public boolean isValid() {
- if (!certificate.isEmpty()) {
- X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
- return isValid(certificate_x509);
- } else return true;
+ if (certificate.isEmpty()) {
+ return false;
+ }
+
+ X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
+ return isValid(certificate_x509);
}
- /* FIXME: the validation seems to be syntactically wrong.
- * if the valid time span of a certificate is between 01.01.14 and 01.01.16 this method would return true for current dates between 01.01.13 and 01.01.15!!!
- */
private boolean isValid(X509Certificate certificate) {
- Calendar offset_date = calculateOffsetCertificateValidity(certificate);
+ Calendar offsetDate = calculateOffsetCertificateValidity(certificate);
try {
- certificate.checkValidity(offset_date.getTime());
+ certificate.checkValidity(offsetDate.getTime());
return true;
} catch (CertificateExpiredException e) {
return false;
@@ -60,11 +63,15 @@ public class VpnCertificateValidator {
}
private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
- long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime()) / 2;
- long current_date_millis = calendarProvider.getCalendar().getTimeInMillis();
+ Calendar limitDate = calendarProvider.getCalendar();
+ Date startDate = certificate.getNotBefore();
+ // if certificates start date is before current date just return the current date without an offset
+ if (startDate.getTime() >= limitDate.getTime().getTime()) {
+ return limitDate;
+ }
+ // else add an offset of 3 months to the current date
+ limitDate.add(Calendar.MONTH, 3);
- Calendar limit_date = calendarProvider.getCalendar();
- limit_date.setTimeInMillis(current_date_millis + preventive_time);
- return limit_date;
+ return limitDate;
}
}