Merge branch 'bug/Certificate-expiration-#5821' into develop

author: Parménides GV <parmegv@sdf.org> 2014-07-10 08:57:19 +0200
committer: Parménides GV <parmegv@sdf.org> 2014-07-10 08:57:19 +0200
commit: 0a5c95eb01344aeccc3e3ed848166b6c02bedff9 (patch)
tree: 71d4ec041fd0162a8bef4b0b1ef9581b7e6511f3 /app/src/main/java/se/leap/bitmaskclient/EIP.java
parent: fccf31f212eeec368b84d86cfb3775c815fdaa2b (diff)
parent: a23c12674abd836b3abd4feeaf057236cfd0ca27 (diff)
1 files changed, 70 insertions, 29 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/EIP.java b/app/src/main/java/se/leap/bitmaskclient/EIP.java
index 21a573fe..75c6ada8 100644
--- a/app/src/main/java/se/leap/bitmaskclient/EIP.java
+++ b/app/src/main/java/se/leap/bitmaskclient/EIP.java
@@ -16,35 +16,9 @@
  */
 package se.leap.bitmaskclient;
 
-import java.io.StringReader;
-import java.io.IOException;
-import java.util.Calendar;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.NoSuchElementException;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.Vector;
 
-import org.json.JSONArray;
-import org.json.JSONException;
-import org.json.JSONObject;
 
-import se.leap.bitmaskclient.R;
-import se.leap.bitmaskclient.Dashboard;
-import se.leap.bitmaskclient.Provider;
 
-import de.blinkt.openvpn.activities.DisconnectVPN;
-import de.blinkt.openvpn.core.ConfigParser;
-import de.blinkt.openvpn.core.ConfigParser.ConfigParseError;
-import de.blinkt.openvpn.LaunchVPN;
-import de.blinkt.openvpn.core.OpenVpnManagementThread;
-import de.blinkt.openvpn.core.OpenVpnService;
-import de.blinkt.openvpn.core.OpenVpnService.LocalBinder;
-import de.blinkt.openvpn.core.ProfileManager;
-import de.blinkt.openvpn.VpnProfile;
 
 import android.app.Activity;
 import android.app.IntentService;
@@ -58,6 +32,38 @@ import android.os.Bundle;
 import android.os.IBinder;
 import android.os.ResultReceiver;
 import android.util.Log;
+import de.blinkt.openvpn.LaunchVPN;
+import de.blinkt.openvpn.VpnProfile;
+import de.blinkt.openvpn.activities.DisconnectVPN;
+import de.blinkt.openvpn.core.ConfigParser.ConfigParseError;
+import de.blinkt.openvpn.core.ConfigParser;
+import de.blinkt.openvpn.core.OpenVpnManagementThread;
+import de.blinkt.openvpn.core.OpenVpnService.LocalBinder;
+import de.blinkt.openvpn.core.OpenVpnService;
+import de.blinkt.openvpn.core.ProfileManager;
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Locale;
+import java.util.NoSuchElementException;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.Vector;
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+import se.leap.bitmaskclient.Dashboard;
+import se.leap.bitmaskclient.Provider;
+import se.leap.bitmaskclient.R;
 
 /**
  * EIP is the abstract base class for interacting with and managing the Encrypted
@@ -72,12 +78,14 @@ import android.util.Log;
 public final class EIP extends IntentService {
 	
 	public final static String AUTHED_EIP = "authed eip";
+	public final static String ACTION_CHECK_CERT_VALIDITY = "se.leap.bitmaskclient.CHECK_CERT_VALIDITY";
 	public final static String ACTION_START_EIP = "se.leap.bitmaskclient.START_EIP";
 	public final static String ACTION_STOP_EIP = "se.leap.bitmaskclient.STOP_EIP";
 	public final static String ACTION_UPDATE_EIP_SERVICE = "se.leap.bitmaskclient.UPDATE_EIP_SERVICE";
 	public final static String ACTION_IS_EIP_RUNNING = "se.leap.bitmaskclient.IS_RUNNING";
 	public final static String EIP_NOTIFICATION = "EIP_NOTIFICATION";
     	public final static String STATUS = "eip status";
+    	public final static String DATE_FROM_CERTIFICATE = "date from certificate";
 	public final static String ALLOWED_ANON = "allow_anonymous";
 	public final static String CERTIFICATE = "cert";
 	public final static String PRIVATE_KEY = "private_key";
@@ -87,8 +95,9 @@ public final class EIP extends IntentService {
 	public final static String RECEIVER_TAG = "receiverTag";
 	public final static String REQUEST_TAG = "requestTag";
 	public final static String TAG = "se.leap.bitmaskclient.EIP";
-	
-	
+
+    public final static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US);
+    
 	private static Context context;
 	private static ResultReceiver mReceiver;
 	private static OpenVpnService mVpnService;
@@ -138,6 +147,8 @@ public final class EIP extends IntentService {
 			this.startEIP();
 		else if ( action == ACTION_STOP_EIP )
 			this.stopEIP();
+		else if ( action == ACTION_CHECK_CERT_VALIDITY )
+			this.checkCertValidity();
 	}
 	
 	/**
@@ -273,7 +284,7 @@ public final class EIP extends IntentService {
 		    disconnect_vpn.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
 		    startActivity(disconnect_vpn);
 		}
-			
+		
 		if (mReceiver != null){
 			Bundle resultData = new Bundle();
 			resultData.putString(REQUEST_TAG, ACTION_STOP_EIP);
@@ -408,6 +419,36 @@ public final class EIP extends IntentService {
 		getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit();
 	}
 
+    private void checkCertValidity() {
+	String certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(CERTIFICATE, "");
+	String date_from_certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(DATE_FROM_CERTIFICATE, Calendar.getInstance().getTime().toString());
+	X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate_string);
+
+	Calendar offset_date = Calendar.getInstance();
+	try {
+	    long difference = Math.abs(certificate_date_format.parse(date_from_certificate_string).getTime() - certificate_x509.getNotAfter().getTime())/2;
+	    long current_date_millis = offset_date.getTimeInMillis();
+	    offset_date.setTimeInMillis(current_date_millis + difference);
+	    Log.d(TAG, "certificate not after = " + certificate_x509.getNotAfter());
+	} catch(ParseException e) {
+	    e.printStackTrace();
+	}
+	
+	Bundle result_data = new Bundle();
+	result_data.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY);
+	try {
+	    Log.d(TAG, "offset_date = " + offset_date.getTime().toString());
+	    certificate_x509.checkValidity(offset_date.getTime());
+	    mReceiver.send(Activity.RESULT_OK, result_data);
+	    Log.d(TAG, "Valid certificate");
+	} catch(CertificateExpiredException e) {
+	    mReceiver.send(Activity.RESULT_CANCELED, result_data);
+	    Log.d(TAG, "Updating certificate");
+	} catch(CertificateNotYetValidException e) {
+	    mReceiver.send(Activity.RESULT_CANCELED, result_data);
+	}
+    }
+
 	/**
 	 * OVPNGateway provides objects defining gateways and their options and metadata.
 	 * Each instance contains a VpnProfile for OpenVPN specific data and member
author	Parménides GV <parmegv@sdf.org>	2014-07-10 08:57:19 +0200
committer	Parménides GV <parmegv@sdf.org>	2014-07-10 08:57:19 +0200
commit	0a5c95eb01344aeccc3e3ed848166b6c02bedff9 (patch)
tree	71d4ec041fd0162a8bef4b0b1ef9581b7e6511f3 /app/src/main/java/se/leap/bitmaskclient/EIP.java
parent	fccf31f212eeec368b84d86cfb3775c815fdaa2b (diff)
parent	a23c12674abd836b3abd4feeaf057236cfd0ca27 (diff)