always provide private VPN key over management interface, avoid exposing it in persisted openvpn config. The private key is stored encrypted instead

1 files changed, 11 insertions, 0 deletions

diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
index 08e13cf6..14c78cc3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java
@@ -29,6 +29,7 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_ALLOW_ANONYMO
 import static se.leap.bitmaskclient.base.models.Constants.TRANSPORT;
 import static se.leap.bitmaskclient.base.models.Constants.TYPE;
 import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn;
+import static se.leap.bitmaskclient.base.utils.ConfigHelper.RSAHelper.parseRsaKeyFromString;
 import static se.leap.bitmaskclient.providersetup.ProviderAPI.ERRORS;
 
 import android.os.Parcel;
@@ -44,6 +45,7 @@ import org.json.JSONObject;
 
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.security.interfaces.RSAPrivateKey;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.Locale;
@@ -79,6 +81,8 @@ public final class Provider implements Parcelable {
     private String caCert = "";
     private String apiVersion = "";
     private String privateKey = "";
+
+    private transient RSAPrivateKey rsaPrivateKey = null;
     private String vpnCertificate = "";
     private long lastEipServiceUpdate = 0L;
     private long lastGeoIpUpdate = 0L;
@@ -701,6 +705,13 @@ public final class Provider implements Parcelable {
         return privateKey;
     }
 
+    public RSAPrivateKey getRSAPrivateKey() {
+        if (rsaPrivateKey == null) {
+            rsaPrivateKey = parseRsaKeyFromString(privateKey);
+        }
+        return rsaPrivateKey;
+    }
+
     public void setPrivateKey(String privateKey) {
         this.privateKey = privateKey;
     }