summaryrefslogtreecommitdiff
path: root/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-07-31 12:09:49 +0200
committerParménides GV <parmegv@sdf.org>2014-07-31 12:09:49 +0200
commit0393ba6656ce6cf679a2c4663275b3ed0f1a34b9 (patch)
treef000311e97598ab3fc42e2bea23e6cb342ad166c /app/src/main/java/de/blinkt/openvpn/VpnProfile.java
parentb28eeb08e8ec3baafdd9388cc5b70c6c84db9cf1 (diff)
Updated ics-openvpn to rev 859 + no 2nd notification.
Diffstat (limited to 'app/src/main/java/de/blinkt/openvpn/VpnProfile.java')
-rw-r--r--app/src/main/java/de/blinkt/openvpn/VpnProfile.java92
1 files changed, 45 insertions, 47 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 0166eb98..d44d0f5a 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -4,6 +4,7 @@ import se.leap.bitmaskclient.R;
import se.leap.bitmaskclient.R;
+import android.annotation.SuppressLint;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
@@ -14,6 +15,7 @@ import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyChain;
import android.security.KeyChainException;
+import android.text.TextUtils;
import android.util.Base64;
import org.spongycastle.util.io.pem.PemObject;
@@ -115,8 +117,8 @@ public class VpnProfile implements Serializable {
public boolean mUseDefaultRoute = true;
public boolean mUsePull = true;
public String mCustomRoutes;
- public boolean mCheckRemoteCN = false;
- public boolean mExpectTLSCert = true;
+ public boolean mCheckRemoteCN = true;
+ public boolean mExpectTLSCert = false;
public String mRemoteCN = "";
public String mPassword = "";
public String mUsername = "";
@@ -181,6 +183,7 @@ public class VpnProfile implements Serializable {
mUseDefaultRoute = false;
mUseDefaultRoutev6 = false;
mExpectTLSCert = false;
+ mCheckRemoteCN = false;
mPersistTun = false;
mAllowLocalLAN = true;
}
@@ -199,10 +202,7 @@ public class VpnProfile implements Serializable {
public void upgradeProfile(){
if(mProfileVersion< 2) {
/* default to the behaviour the OS used */
- if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT)
- mAllowLocalLAN = true;
- else
- mAllowLocalLAN = false;
+ mAllowLocalLAN = Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT;
}
mProfileVersion= CURRENT_PROFILE_VERSION;
@@ -213,7 +213,7 @@ public class VpnProfile implements Serializable {
File cacheDir = context.getCacheDir();
String cfg = "";
- // Enable managment interface
+ // Enable management interface
cfg += "# Enables connection to GUI\n";
cfg += "management ";
@@ -230,6 +230,9 @@ public class VpnProfile implements Serializable {
cfg += "machine-readable-output\n";
+ // Users are confused by warnings that are misleading...
+ cfg += "ifconfig-nowarn\n";
+
boolean useTLSClient = (mAuthenticationType != TYPE_STATICKEYS);
@@ -327,7 +330,7 @@ public class VpnProfile implements Serializable {
else
cfg += insertFileData("tls-auth", mTLSAuthFilename);
- if (nonNull(mTLSAuthDirection)) {
+ if (!TextUtils.isEmpty(mTLSAuthDirection)) {
cfg += "key-direction ";
cfg += mTLSAuthDirection;
cfg += "\n";
@@ -336,10 +339,10 @@ public class VpnProfile implements Serializable {
}
if (!mUsePull) {
- if (nonNull(mIPv4Address))
+ if (!TextUtils.isEmpty(mIPv4Address))
cfg += "ifconfig " + cidrToIPAndNetmask(mIPv4Address) + "\n";
- if (nonNull(mIPv6Address))
+ if (!TextUtils.isEmpty(mIPv6Address))
cfg += "ifconfig-ipv6 " + mIPv6Address + "\n";
}
@@ -377,11 +380,11 @@ public class VpnProfile implements Serializable {
cfg += routes;
if (mOverrideDNS || !mUsePull) {
- if (nonNull(mDNS1))
+ if (!TextUtils.isEmpty(mDNS1))
cfg += "dhcp-option DNS " + mDNS1 + "\n";
- if (nonNull(mDNS2))
+ if (!TextUtils.isEmpty(mDNS2))
cfg += "dhcp-option DNS " + mDNS2 + "\n";
- if (nonNull(mSearchDomain))
+ if (!TextUtils.isEmpty(mSearchDomain))
cfg += "dhcp-option DOMAIN " + mSearchDomain + "\n";
}
@@ -422,11 +425,11 @@ public class VpnProfile implements Serializable {
cfg += "remote-cert-tls server\n";
}
- if (nonNull(mCipher)) {
+ if (!TextUtils.isEmpty(mCipher)) {
cfg += "cipher " + mCipher + "\n";
}
- if (nonNull(mAuth)) {
+ if (!TextUtils.isEmpty(mAuth)) {
cfg += "auth " + mAuth + "\n";
}
@@ -488,13 +491,6 @@ public class VpnProfile implements Serializable {
}
}
- private boolean nonNull(String val) {
- if (val == null || val.equals(""))
- return false;
- else
- return true;
- }
-
private Collection<String> getCustomRoutes(String routes) {
Vector<String> cidrRoutes = new Vector<String>();
if (routes == null) {
@@ -636,8 +632,8 @@ public class VpnProfile implements Serializable {
synchronized String[] getKeyStoreCertificates(Context context,int tries) {
PrivateKey privateKey = null;
- X509Certificate[] cachain;
- Exception exp=null;
+ X509Certificate[] caChain;
+ Exception exp;
try {
privateKey = KeyChain.getPrivateKey(context, mAlias);
mPrivateKey = privateKey;
@@ -645,18 +641,18 @@ public class VpnProfile implements Serializable {
String keystoreChain = null;
- cachain = KeyChain.getCertificateChain(context, mAlias);
- if(cachain == null)
+ caChain = KeyChain.getCertificateChain(context, mAlias);
+ if(caChain == null)
throw new NoCertReturnedException("No certificate returned from Keystore");
- if (cachain.length <= 1 && !nonNull(mCaFilename)) {
+ if (caChain.length <= 1 && TextUtils.isEmpty(mCaFilename)) {
VpnStatus.logMessage(VpnStatus.LogLevel.ERROR, "", context.getString(R.string.keychain_nocacert));
} else {
StringWriter ksStringWriter = new StringWriter();
PemWriter pw = new PemWriter(ksStringWriter);
- for (int i = 1; i < cachain.length; i++) {
- X509Certificate cert = cachain[i];
+ for (int i = 1; i < caChain.length; i++) {
+ X509Certificate cert = caChain[i];
pw.writeObject(new PemObject("CERTIFICATE", cert.getEncoded()));
}
pw.close();
@@ -665,7 +661,7 @@ public class VpnProfile implements Serializable {
String caout = null;
- if (nonNull(mCaFilename)) {
+ if (!TextUtils.isEmpty(mCaFilename)) {
try {
Certificate cacert = X509Utils.getCertificateFromFile(mCaFilename);
StringWriter caoutWriter = new StringWriter();
@@ -684,8 +680,8 @@ public class VpnProfile implements Serializable {
StringWriter certout = new StringWriter();
- if (cachain.length >= 1) {
- X509Certificate usercert = cachain[0];
+ if (caChain.length >= 1) {
+ X509Certificate usercert = caChain[0];
PemWriter upw = new PemWriter(certout);
upw.writeObject(new PemObject("CERTIFICATE", usercert.getEncoded()));
@@ -730,15 +726,14 @@ public class VpnProfile implements Serializable {
}
return getKeyStoreCertificates(context, tries-1);
}
- if (exp != null) {
- exp.printStackTrace();
- VpnStatus.logError(R.string.keyChainAccessError, exp.getLocalizedMessage());
- VpnStatus.logError(R.string.keychain_access);
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
- if (!mAlias.matches("^[a-zA-Z0-9]$")) {
- VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug);
- }
+ exp.printStackTrace();
+ VpnStatus.logError(R.string.keyChainAccessError, exp.getLocalizedMessage());
+
+ VpnStatus.logError(R.string.keychain_access);
+ if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
+ if (!mAlias.matches("^[a-zA-Z0-9]$")) {
+ VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug);
}
}
return null;
@@ -801,7 +796,7 @@ public class VpnProfile implements Serializable {
}
public boolean requireTLSKeyPassword() {
- if (!nonNull(mClientKeyFilename))
+ if (TextUtils.isEmpty(mClientKeyFilename))
return false;
String data = "";
@@ -842,13 +837,13 @@ public class VpnProfile implements Serializable {
}
if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) {
- if (requireTLSKeyPassword() && !nonNull(mKeyPassword))
+ if (requireTLSKeyPassword() && TextUtils.isEmpty(mKeyPassword))
if (mTransientPCKS12PW == null) {
return R.string.private_key_password;
}
}
- if (isUserPWAuth() && !(nonNull(mUsername) && (nonNull(mPassword) || mTransientPW != null))) {
+ if (isUserPWAuth() && !(!TextUtils.isEmpty(mUsername) && (!TextUtils.isEmpty(mPassword) || mTransientPW != null))) {
return R.string.password;
}
return 0;
@@ -893,12 +888,15 @@ public class VpnProfile implements Serializable {
try {
+ /* ECB is perfectly fine in this special case, since we are using it for
+ the public/private part in the TLS exchange
+ */
+ @SuppressLint("GetInstance")
+ Cipher rsaSigner = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
- Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
-
- rsasinger.init(Cipher.ENCRYPT_MODE, privkey);
+ rsaSigner.init(Cipher.ENCRYPT_MODE, privkey);
- byte[] signed_bytes = rsasinger.doFinal(data);
+ byte[] signed_bytes = rsaSigner.doFinal(data);
return Base64.encodeToString(signed_bytes, Base64.NO_WRAP);
} catch (NoSuchAlgorithmException e) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 14:18:18 +0000