summaryrefslogtreecommitdiff
path: root/app/src/main/java/se/leap/bitmaskclient/base
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2022-07-31 04:07:47 +0200
committercyBerta <cyberta@riseup.net>2022-07-31 04:07:47 +0200
commit87446cbc0c818a374c057894b57e93156443a270 (patch)
treec2fa479d2b85df5eb624c75b71a89dac2973b8a3 /app/src/main/java/se/leap/bitmaskclient/base
parent7692e1db1021460ec777928bdf418432cac9e7cb (diff)
implement obfuscation pinning
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/base')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java119
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java53
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java8
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java49
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java27
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java80
6 files changed, 333 insertions, 3 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
index b7f16fa4..df78214d 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
@@ -1,2 +1,119 @@
-package se.leap.bitmaskclient.base.fragments;public class ObfuscationProxyDialog {
+package se.leap.bitmaskclient.base.fragments;
+
+import static android.view.View.GONE;
+import static android.view.View.VISIBLE;
+
+import android.app.Dialog;
+import android.os.Bundle;
+import android.text.TextUtils;
+import android.view.View;
+import android.widget.ArrayAdapter;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.appcompat.app.AlertDialog;
+import androidx.appcompat.app.AppCompatDialogFragment;
+import androidx.appcompat.widget.AppCompatButton;
+import androidx.appcompat.widget.AppCompatEditText;
+import androidx.appcompat.widget.AppCompatSpinner;
+
+import java.util.ArrayList;
+
+import se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper;
+import se.leap.bitmaskclient.base.utils.PreferenceHelper;
+import se.leap.bitmaskclient.base.views.IconSwitchEntry;
+import se.leap.bitmaskclient.databinding.DObfuscationProxyBinding;
+import se.leap.bitmaskclient.eip.GatewaysManager;
+
+public class ObfuscationProxyDialog extends AppCompatDialogFragment {
+ public static final String TAG = ObfuscationProxyDialog.class.getSimpleName();
+ DObfuscationProxyBinding binding;
+ AppCompatEditText ipField;
+ AppCompatEditText portField;
+ AppCompatEditText certificateField;
+ AppCompatSpinner gatewayHost;
+ AppCompatButton saveButton;
+ AppCompatButton useDefaultsButton;
+ AppCompatButton cancelButton;
+ IconSwitchEntry kcpSwitch;
+ ArrayAdapter<String> gatewayHosts;
+
+ @NonNull
+ @Override
+ public Dialog onCreateDialog(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ binding = DObfuscationProxyBinding.inflate(getLayoutInflater());
+ View view = binding.getRoot();
+ AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
+ builder.setView(view);
+ ipField = binding.ipField;
+ portField = binding.portField;
+ certificateField = binding.certField;
+ gatewayHost = binding.gatewayHost;
+ saveButton = binding.buttonSave;
+ useDefaultsButton = binding.buttonDefaults;
+ cancelButton = binding.buttonCancel;
+ kcpSwitch = binding.kcpSwitch;
+
+ ipField.setText(PreferenceHelper.getObfuscationPinningIP(getContext()));
+ portField.setText(PreferenceHelper.getObfuscationPinningPort(getContext()));
+ certificateField.setText(PreferenceHelper.getObfuscationPinningCert(getContext()));
+ kcpSwitch.setChecked(PreferenceHelper.getObfuscationPinningKCP(getContext()));
+
+ GatewaysManager gatewaysManager = new GatewaysManager(getContext());
+ ArrayList<String> hostsList = gatewaysManager.getHosts();
+
+ hostsList.add(0, "Select a Gateway");
+ gatewayHosts = new ArrayAdapter<>(getContext(), android.R.layout.simple_spinner_item, hostsList);
+ gatewayHosts.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
+ gatewayHost.setAdapter(gatewayHosts);
+ String selectedHost = PreferenceHelper.getObfuscationPinningGatewayHost(getContext());
+ if (selectedHost != null) {
+ gatewayHost.setSelection(gatewayHosts.getPosition(selectedHost));
+ }
+
+ saveButton.setOnClickListener(v -> {
+ String ip = TextUtils.isEmpty(ipField.getText()) ? null : ipField.getText().toString();
+ PreferenceHelper.setObfuscationPinningIP(v.getContext(), ip);
+ String port = TextUtils.isEmpty(portField.getText()) ? null : portField.getText().toString();
+ PreferenceHelper.setObfuscationPinningPort(v.getContext(), port);
+ String cert = TextUtils.isEmpty(certificateField.getText()) ? null : certificateField.getText().toString();
+ PreferenceHelper.setObfuscationPinningCert(v.getContext(), cert);
+ String gatewayHostName = gatewayHost.getSelectedItemPosition() == 0 ? null : gatewayHosts.getItem(gatewayHost.getSelectedItemPosition());
+ PreferenceHelper.setObfuscationPinningGatewayHost(v.getContext(), gatewayHostName);
+ PreferenceHelper.setObfuscationPinningGatewayIP(v.getContext(), gatewaysManager.getIpForHost(gatewayHostName));
+ PreferenceHelper.setObfuscationPinningKCP(v.getContext(), kcpSwitch.isChecked());
+ PreferenceHelper.setUseObfuscationPinning(v.getContext(), ip != null && port != null && cert != null && gatewayHostName != null);
+ PreferenceHelper.setObfuscationPinningGatewayLocation(v.getContext(), gatewaysManager.getLocationNameForHost(gatewayHostName));
+ dismiss();
+ });
+
+ useDefaultsButton.setVisibility(ObfsVpnHelper.hasObfuscationPinningDefaults() ? VISIBLE : GONE);
+ useDefaultsButton.setOnClickListener(v -> {
+ ipField.setText(ObfsVpnHelper.obfsvpnIP());
+ portField.setText(ObfsVpnHelper.obfsvpnPort());
+ certificateField.setText(ObfsVpnHelper.obfsvpnCert());
+ int position = gatewayHosts.getPosition(ObfsVpnHelper.gatewayHost());
+ if (position == -1) {
+ position = 0;
+ }
+ gatewayHost.setSelection(position);
+ kcpSwitch.setChecked(ObfsVpnHelper.useKcp());
+ });
+
+ cancelButton.setOnClickListener(v -> {
+ boolean allowPinning = !TextUtils.isEmpty(ipField.getText()) && !TextUtils.isEmpty(portField.getText()) && !TextUtils.isEmpty(certificateField.getText());
+ PreferenceHelper.setUseObfuscationPinning(
+ v.getContext(), allowPinning);
+ dismiss();
+ });
+
+ return builder.create();
+ }
+
+ @Override
+ public void onDestroyView() {
+ super.onDestroyView();
+ binding = null;
+ }
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
index 9d15f839..f7d20aa9 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
@@ -9,9 +9,10 @@ import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.isCalyxOSWithTetheringSupport;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getShowAlwaysOnDialog;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
@@ -19,7 +20,9 @@ import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseSnowflake;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.hasSnowflakePrefs;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.preferUDP;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setAllowExperimentalTransports;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setUseObfuscationPinning;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useBridges;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useSnowflake;
import static se.leap.bitmaskclient.base.utils.ViewHelper.setActionBarTitle;
@@ -86,6 +89,7 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
initTetheringEntry(view);
initGatewayPinningEntry(view);
initExperimentalTransportsEntry(view);
+ initObfuscationPinningEntry(view);
setActionBarTitle(this, advanced_settings);
return view;
}
@@ -260,6 +264,47 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
});
}
+ public void initObfuscationPinningEntry(View rootView) {
+ IconSwitchEntry obfuscationPinning = rootView.findViewById(R.id.obfuscation_proxy_pinning);
+ if (useObfsVpn()) {
+ obfuscationPinning.setVisibility(VISIBLE);
+ boolean useBridges = getUseBridges(getContext());
+ obfuscationPinning.setEnabled(useBridges);
+ obfuscationPinning.setSubtitle(useBridges ? "Connect to a specific obfuscation proxy for debugging purposes" : "Enable Bridges to use this option");
+ obfuscationPinning.setChecked(useObfuscationPinning(getContext()));
+ obfuscationPinning.setOnCheckedChangeListener((buttonView, isChecked) -> {
+ if (!buttonView.isPressed()) {
+ return;
+ }
+ if (!isChecked) {
+ setUseObfuscationPinning(getContext(), false);
+ } else {
+ showObfuscationPinningDialog();
+ }
+ });
+ obfuscationPinning.setOnClickListener(v -> {
+ if (obfuscationPinning.isChecked()) {
+ showObfuscationPinningDialog();
+ }
+ });
+ } else {
+ obfuscationPinning.setVisibility(GONE);
+ }
+ }
+
+ public void showObfuscationPinningDialog() {
+ try {
+ FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced(
+ getActivity().getSupportFragmentManager()).removePreviousFragment(
+ ObfuscationProxyDialog.TAG);
+ DialogFragment newFragment = new ObfuscationProxyDialog();
+ newFragment.setCancelable(false);
+ newFragment.show(fragmentTransaction, ObfuscationProxyDialog.TAG);
+ } catch (IllegalStateException | NullPointerException e) {
+ e.printStackTrace();
+ }
+ }
+
public void initExperimentalTransportsEntry(View rootView) {
IconSwitchEntry experimentalTransports = rootView.findViewById(R.id.experimental_transports);
if (useObfsVpn() && ProviderObservable.getInstance().getCurrentProvider().supportsExperimentalPluggableTransports()) {
@@ -315,9 +360,13 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
initPreferUDPEntry(rootView);
} else if (key.equals(USE_IPv6_FIREWALL)) {
initFirewallEntry(getView());
- } if (key.equals(GATEWAY_PINNING)) {
+ } else if (key.equals(GATEWAY_PINNING)) {
initGatewayPinningEntry(rootView);
}
+
+ if (key.equals(USE_OBFUSCATION_PINNING) || key.equals(USE_BRIDGES)) {
+ initObfuscationPinningEntry(rootView);
+ }
}
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
index b34a31eb..8fbac35e 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
@@ -45,6 +45,14 @@ public interface Constants {
String PREFER_UDP = "prefer_UDP";
String GATEWAY_PINNING = "gateway_pinning";
String ALLOW_EXPERIMENTAL_TRANSPORTS = "allow_experimental_transports";
+ String USE_OBFUSCATION_PINNING = "use_obfuscation_pinning";
+ String OBFUSCATION_PINNING_IP = "obfuscation_pinning_ip";
+ String OBFUSCATION_PINNING_PORT = "obfuscation_pinning_port";
+ String OBFUSCATION_PINNING_CERT = "obfuscation_pinning_cert";
+ String OBFUSCATION_PINNING_KCP = "obfuscation_pinning_udp";
+ String OBFUSCATION_PINNING_GW_HOST = "obfuscation_pinning_gw_host";
+ String OBFUSCATION_PINNING_GW_IP = "obfuscation_pinning_gw_ip";
+ String OBFUSCATION_PINNING_LOCATION = "obfuscation_pinning_location";
//////////////////////////////////////////////
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java
new file mode 100644
index 00000000..90a033dd
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java
@@ -0,0 +1,49 @@
+package se.leap.bitmaskclient.base.models;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+import org.json.JSONObject;
+
+public class Transport {
+ private String type;
+ private String[] protocols;
+ private String[] ports;
+ private Options options;
+
+ public Transport(String type, String[] protocols, String[] ports, String cert) {
+ this.type = type;
+ this.protocols = protocols;
+ this.ports = ports;
+ this.options = new Options(cert);
+ }
+
+ @Override
+ public String toString() {
+ return new Gson().toJson(this);
+ }
+
+ public static Transport fromJson(JSONObject json) {
+ GsonBuilder builder = new GsonBuilder();
+ return builder.create().fromJson(json.toString(), Transport.class);
+ }
+
+ public static class Options {
+ private String cert;
+ private String iatMode;
+
+ public Options(String cert) {
+ this.cert = cert;
+ this.iatMode = "0";
+ }
+
+ @Override
+ public String toString() {
+ return new Gson().toJson(this);
+ }
+ }
+
+
+}
+
+
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
index 102756c4..c4e2fb17 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
@@ -285,5 +285,32 @@ public class ConfigHelper {
public static boolean useObfsVpn() {
return BuildConfig.use_obfsvpn;
}
+
+ public static boolean hasObfuscationPinningDefaults() {
+ return BuildConfig.obfsvpn_ip != null &&
+ BuildConfig.obfsvpn_port != null &&
+ BuildConfig.obfsvpn_cert != null &&
+ BuildConfig.obfsvpn_gateway_host != null &&
+ !BuildConfig.obfsvpn_ip.isEmpty() &&
+ !BuildConfig.obfsvpn_port.isEmpty() &&
+ !BuildConfig.obfsvpn_cert.isEmpty() &&
+ !BuildConfig.obfsvpn_gateway_host.isEmpty();
+ }
+ public static String obfsvpnIP() {
+ return BuildConfig.obfsvpn_ip;
+ }
+ public static String obfsvpnPort() {
+ return BuildConfig.obfsvpn_port;
+ }
+ public static String obfsvpnCert() {
+ return BuildConfig.obfsvpn_cert;
+ }
+ public static String gatewayHost() {
+ return BuildConfig.obfsvpn_gateway_host;
+ }
+
+ public static boolean useKcp() {
+ return BuildConfig.obfsvpn_use_kcp;
+ }
}
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
index 22fe42ff..d9beffd3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
@@ -11,6 +11,13 @@ import static se.leap.bitmaskclient.base.models.Constants.EXCLUDED_APPS;
import static se.leap.bitmaskclient.base.models.Constants.GATEWAY_PINNING;
import static se.leap.bitmaskclient.base.models.Constants.LAST_UPDATE_CHECK;
import static se.leap.bitmaskclient.base.models.Constants.LAST_USED_PROFILE;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_CERT;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_HOST;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_IP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_IP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_KCP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_LOCATION;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_PORT;
import static se.leap.bitmaskclient.base.models.Constants.PREFERRED_CITY;
import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_CONFIGURED;
@@ -22,10 +29,12 @@ import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.base.models.Constants.SHOW_EXPERIMENTAL;
import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
import static se.leap.bitmaskclient.base.models.Constants.USE_SNOWFLAKE;
import android.content.Context;
import android.content.SharedPreferences;
+import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.WorkerThread;
@@ -260,6 +269,77 @@ public class PreferenceHelper {
return getBoolean(context, ALLOW_EXPERIMENTAL_TRANSPORTS, false);
}
+ public static void setUseObfuscationPinning(Context context, Boolean pinning) {
+ putBoolean(context, USE_OBFUSCATION_PINNING, pinning);
+ }
+
+ public static boolean useObfuscationPinning(Context context) {
+ return ConfigHelper.ObfsVpnHelper.useObfsVpn() &&
+ getUseBridges(context) &&
+ getBoolean(context, USE_OBFUSCATION_PINNING, false) &&
+ !TextUtils.isEmpty(getObfuscationPinningIP(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningCert(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningPort(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningGatewayHost(context));
+ }
+
+ public static void setObfuscationPinningIP(Context context, String ip) {
+ putString(context, OBFUSCATION_PINNING_IP, ip);
+ }
+
+ public static String getObfuscationPinningIP(Context context) {
+ return getString(context, OBFUSCATION_PINNING_IP, null);
+ }
+
+ public static void setObfuscationPinningPort(Context context, String port) {
+ putString(context, OBFUSCATION_PINNING_PORT, port);
+ }
+
+ public static String getObfuscationPinningPort(Context context) {
+ return getString(context, OBFUSCATION_PINNING_PORT, null);
+ }
+
+ public static void setObfuscationPinningCert(Context context, String cert) {
+ putString(context, OBFUSCATION_PINNING_CERT, cert);
+ }
+
+ public static String getObfuscationPinningCert(Context context) {
+ return getString(context, OBFUSCATION_PINNING_CERT, null);
+ }
+
+ public static void setObfuscationPinningGatewayHost(Context context, String gatewayIP) {
+ putString(context, OBFUSCATION_PINNING_GW_HOST, gatewayIP);
+ }
+
+ public static String getObfuscationPinningGatewayHost(Context context) {
+ return getString(context, OBFUSCATION_PINNING_GW_HOST, null);
+ }
+
+
+ public static void setObfuscationPinningGatewayIP(Context context, String ipForHost) {
+ putString(context, OBFUSCATION_PINNING_GW_IP, ipForHost);
+ }
+
+ public static String getObfuscationPinningGatewayIP(Context context) {
+ return getString(context, OBFUSCATION_PINNING_GW_IP, null);
+ }
+
+ public static void setObfuscationPinningGatewayLocation(Context context, String location) {
+ putString(context, OBFUSCATION_PINNING_LOCATION, location);
+ }
+
+ public static String getObfuscationPinningGatewayLocation(Context context) {
+ return getString(context, OBFUSCATION_PINNING_LOCATION, null);
+ }
+
+ public static Boolean getObfuscationPinningKCP(Context context) {
+ return getBoolean(context, OBFUSCATION_PINNING_KCP, false);
+ }
+
+ public static void setObfuscationPinningKCP(Context context, boolean isKCP) {
+ putBoolean(context, OBFUSCATION_PINNING_KCP, isKCP);
+ }
+
public static void setUseIPv6Firewall(Context context, boolean useFirewall) {
putBoolean(context, USE_IPv6_FIREWALL, useFirewall);
}