vpn certificate gets renewed 3 month before current certificate expires

author: cyBerta <cyberta@riseup.net> 2017-09-15 01:38:39 +0200
committer: cyBerta <cyberta@riseup.net> 2017-09-15 01:38:39 +0200
commit: dc9a7d39dc4cfe4c752704ffb4d1f02990da2dd1 (patch)
tree: 071f2dadae0f1cf731632d1c39eed2005484c688
parent: e6886df9083252282408cd1ee0149c88021ebb11 (diff)
3 files changed, 31 insertions, 25 deletions
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java
index 2704bcad..323e7e6d 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/TestVpnCertificateValidator.java
@@ -49,7 +49,6 @@ public class TestVpnCertificateValidator extends InstrumentationTestCase {
     }
 
 
-    //TODO: This test proves that the validation method is weird. Valid dates range between Nov. 2oo6 and Nov. 2017 instead of Nov. 2012 and Nov.2022
     public void testIsValid() {
         VpnCertificateValidator validator = new VpnCertificateValidator(certificate_valid_from_nov2012_to_nov2022);
         Calendar calendar = Calendar.getInstance();
@@ -60,26 +59,26 @@ public class TestVpnCertificateValidator extends InstrumentationTestCase {
         validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
         assertFalse(validator.isValid());
 
-        calendar.set(Calendar.YEAR, 2010);
+        calendar.set(Calendar.YEAR, 2011);
         calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
         calendar.set(Calendar.DAY_OF_MONTH, 6);
         validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
-        assertTrue(validator.isValid());
+        assertFalse(validator.isValid());
 
-        calendar.set(Calendar.YEAR, 2011);
+        calendar.set(Calendar.YEAR, 2012);
         calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
         calendar.set(Calendar.DAY_OF_MONTH, 6);
         validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
         assertTrue(validator.isValid());
 
-        calendar.set(Calendar.YEAR, 2017);
-        calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
+        calendar.set(Calendar.YEAR, 2022);
+        calendar.set(Calendar.MONTH, Calendar.AUGUST);
         calendar.set(Calendar.DAY_OF_MONTH, 5);
         validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
         assertTrue(validator.isValid());
 
-        calendar.set(Calendar.YEAR, 2017);
-        calendar.set(Calendar.MONTH, Calendar.NOVEMBER);
+        calendar.set(Calendar.YEAR, 2022);
+        calendar.set(Calendar.MONTH, Calendar.AUGUST);
         calendar.set(Calendar.DAY_OF_MONTH, 6);
         validator.setCalendarProvider(new TestCalendarProvider(calendar.getTimeInMillis()));
         assertFalse(validator.isValid());
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java
index 9dcb4da1..b0996032 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/VpnTestController.java
@@ -65,7 +65,7 @@ public class VpnTestController {
                 return iconShowsConnected();
             }
         };
-        assertTrue("condition iconShowsConnected not fulfilled within " + max_seconds_until_connected * 1000 + " seconds." , solo.waitForCondition(condition, max_seconds_until_connected * 1000));
+        assertTrue("condition iconShowsConnected not fulfilled within " + max_seconds_until_connected + " seconds." , solo.waitForCondition(condition, max_seconds_until_connected * 1000));
         sleepSeconds(2);
     }
 
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
index b7c26761..709dda34 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -25,32 +25,35 @@ public class VpnCertificateValidator {
     public final static String TAG = VpnCertificateValidator.class.getSimpleName();
 
     private String certificate;
-    protected CalendarProviderInterface calendarProvider;
+    private CalendarProviderInterface calendarProvider;
 
     public VpnCertificateValidator(String certificate) {
         this.certificate = certificate;
-        calendarProvider = new CalendarProvider();
+        this.calendarProvider = new CalendarProvider();
     }
 
     public void setCalendarProvider(CalendarProviderInterface calendarProvider) {
         this.calendarProvider = calendarProvider;
     }
 
+    /**
+     *
+     * @return true if there's a certificate that is valid for more than 3 more months
+     */
     public boolean isValid() {
-        if (!certificate.isEmpty()) {
-            X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
-            return isValid(certificate_x509);
-        } else return true;
+        if (certificate.isEmpty()) {
+            return false;
+        }
+
+        X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
+        return isValid(certificate_x509);
     }
 
 
-    /* FIXME: the validation seems to be syntactically wrong.
-     * if the valid time span of a certificate is between 01.01.14 and 01.01.16 this method would return true for current dates between 01.01.13 and 01.01.15!!!
-     */
     private boolean isValid(X509Certificate certificate) {
-        Calendar offset_date = calculateOffsetCertificateValidity(certificate);
+        Calendar offsetDate = calculateOffsetCertificateValidity(certificate);
         try {
-            certificate.checkValidity(offset_date.getTime());
+            certificate.checkValidity(offsetDate.getTime());
             return true;
         } catch (CertificateExpiredException e) {
             return false;
@@ -60,11 +63,15 @@ public class VpnCertificateValidator {
     }
 
     private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
-        long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime()) / 2;
-        long current_date_millis = calendarProvider.getCalendar().getTimeInMillis();
+        Calendar limitDate = calendarProvider.getCalendar();
+        Date startDate = certificate.getNotBefore();
+        // if certificates start date is before current date just return the current date without an offset
+        if (startDate.getTime() >= limitDate.getTime().getTime()) {
+            return limitDate;
+        }
+        // else add an offset of 3 months to the current date
+        limitDate.add(Calendar.MONTH, 3);
 
-        Calendar limit_date = calendarProvider.getCalendar();
-        limit_date.setTimeInMillis(current_date_millis + preventive_time);
-        return limit_date;
+        return limitDate;
     }
 }
author	cyBerta <cyberta@riseup.net>	2017-09-15 01:38:39 +0200
committer	cyBerta <cyberta@riseup.net>	2017-09-15 01:38:39 +0200
commit	dc9a7d39dc4cfe4c752704ffb4d1f02990da2dd1 (patch)
tree	071f2dadae0f1cf731632d1c39eed2005484c688
parent	e6886df9083252282408cd1ee0149c88021ebb11 (diff)