summaryrefslogtreecommitdiff
path: root/app/src/main/java/se/leap/bitmaskclient/eip
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2023-07-19 12:51:59 +0200
committercyBerta <cyberta@riseup.net>2023-07-19 12:51:59 +0200
commit49742738417fb3db7e60813ca170dffaab65c8c1 (patch)
tree27453a11c16247eb6cc6c5cee357f1ef285871db /app/src/main/java/se/leap/bitmaskclient/eip
parent33216d22493fa413996a49df2b1ab1def47f9fa0 (diff)
always provide private VPN key over management interface, avoid exposing it in persisted openvpn config. The private key is stored encrypted instead
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/eip')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java5
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java9
2 files changed, 2 insertions, 12 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
index d114665b..5e05b7c1 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
@@ -22,7 +22,6 @@ import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN
import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS;
import static se.leap.bitmaskclient.base.models.Constants.HOST;
-import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningCert;
@@ -124,6 +123,7 @@ public class GatewaysManager {
GatewaySelector gatewaySelector;
+
public GatewaysManager(Context context) {
this.context = context;
configureFromCurrentProvider();
@@ -392,7 +392,6 @@ public class GatewaysManager {
try {
JSONObject eipDefinition = provider.getEipServiceJson();
JSONObject secrets = secretsConfigurationFromCurrentProvider();
-
JSONArray gatewaysDefined = new JSONArray();
try {
gatewaysDefined = eipDefinition.getJSONArray(GATEWAYS);
@@ -488,10 +487,8 @@ public class GatewaysManager {
private JSONObject secretsConfigurationFromCurrentProvider() {
JSONObject result = new JSONObject();
Provider provider = ProviderObservable.getInstance().getCurrentProvider();
-
try {
result.put(Provider.CA_CERT, provider.getCaCert());
- result.put(PROVIDER_PRIVATE_KEY, provider.getPrivateKey());
result.put(PROVIDER_VPN_CERTIFICATE, provider.getVpnCertificate());
} catch (JSONException e) {
e.printStackTrace();
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 2c22d4f7..fa2ab352 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -490,13 +490,6 @@ public class VpnConfigGenerator {
+ newLine
+ "</ca>";
- String key =
- "<key>"
- + newLine
- + secrets.getString(PROVIDER_PRIVATE_KEY)
- + newLine
- + "</key>";
-
String openvpnCert =
"<cert>"
+ newLine
@@ -504,7 +497,7 @@ public class VpnConfigGenerator {
+ newLine
+ "</cert>";
- return ca + newLine + key + newLine + openvpnCert;
+ return ca + newLine + openvpnCert;
} catch (JSONException e) {
e.printStackTrace();
return "";
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 14:04:55 +0000