diff options
author | cyberta <cyberta@riseup.net> | 2022-05-20 11:19:12 +0000 |
---|---|---|
committer | cyberta <cyberta@riseup.net> | 2022-05-20 11:19:12 +0000 |
commit | 39cf5b1c41af8060af836b93fa9616bbb9c6a60b (patch) | |
tree | 2ef16c29798b8712bfec1b923a7fb3e2422952bb /app/src/main/java/se/leap/bitmaskclient/eip | |
parent | 18d3cc0ccbaf3bb9e797fcd542d180669b92dbd8 (diff) | |
parent | 0ebc7e3a9e84f598a0221fe64f51d0e7906ac377 (diff) |
Merge branch 'vpn_cert_update' into 'master'
improve VPN cert update
Closes #9087
See merge request leap/bitmask_android!184
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/eip')
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java | 124 | ||||
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java | 10 |
2 files changed, 83 insertions, 51 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java index 813b8b62..9d67340e 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java @@ -17,6 +17,38 @@ package se.leap.bitmaskclient.eip; +import static android.app.Activity.RESULT_CANCELED; +import static android.content.Intent.CATEGORY_DEFAULT; +import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_CONNECTING_NO_SERVER_REPLY_YET; +import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_NOTCONNECTED; +import static se.leap.bitmaskclient.appUpdate.DownloadServiceCommand.CHECK_VERSION_FILE; +import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_EIP_EVENT; +import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_GATEWAY_SETUP_OBSERVER_EVENT; +import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_PROVIDER_API_EVENT; +import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_CODE; +import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; +import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_LAUNCH_VPN; +import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_PREPARE_VPN; +import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START; +import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START_ALWAYS_ON_VPN; +import static se.leap.bitmaskclient.base.models.Constants.EIP_EARLY_ROUTES; +import static se.leap.bitmaskclient.base.models.Constants.EIP_N_CLOSEST_GATEWAY; +import static se.leap.bitmaskclient.base.models.Constants.EIP_REQUEST; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PROFILE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_EIP_SERVICE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_EXCEPTION; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_TIMEOUT; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE; + import android.content.BroadcastReceiver; import android.content.Context; import android.content.Intent; @@ -45,39 +77,8 @@ import se.leap.bitmaskclient.base.utils.PreferenceHelper; import se.leap.bitmaskclient.providersetup.ProviderAPI; import se.leap.bitmaskclient.providersetup.ProviderAPICommand; import se.leap.bitmaskclient.tor.TorServiceCommand; -import se.leap.bitmaskclient.tor.TorServiceConnection; import se.leap.bitmaskclient.tor.TorStatusObservable; -import static android.app.Activity.RESULT_CANCELED; -import static android.content.Intent.CATEGORY_DEFAULT; -import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_CONNECTING_NO_SERVER_REPLY_YET; -import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_NOTCONNECTED; -import static se.leap.bitmaskclient.appUpdate.DownloadServiceCommand.CHECK_VERSION_FILE; -import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_EIP_EVENT; -import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_GATEWAY_SETUP_OBSERVER_EVENT; -import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_PROVIDER_API_EVENT; -import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_CODE; -import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; -import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_LAUNCH_VPN; -import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_PREPARE_VPN; -import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START; -import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START_ALWAYS_ON_VPN; -import static se.leap.bitmaskclient.base.models.Constants.EIP_EARLY_ROUTES; -import static se.leap.bitmaskclient.base.models.Constants.EIP_N_CLOSEST_GATEWAY; -import static se.leap.bitmaskclient.base.models.Constants.EIP_REQUEST; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PROFILE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_EIP_SERVICE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK; -import static se.leap.bitmaskclient.tor.TorStatusObservable.TorStatus.OFF; - /** * Created by cyberta on 05.12.18. */ @@ -86,7 +87,7 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta private static final String TAG = EipSetupObserver.class.getName(); private static final int UPDATE_CHECK_TIMEOUT = 1000*60*60*24*7; - private Context context; + private final Context appContext; private VpnProfile setupVpnProfile; private String observedProfileFromVpnStatus; AtomicInteger reconnectTry = new AtomicInteger(); @@ -97,7 +98,7 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta private static EipSetupObserver instance; private EipSetupObserver(Context context, SharedPreferences preferences) { - this.context = context; + this.appContext = context.getApplicationContext(); this.preferences = preferences; IntentFilter updateIntentFilter = new IntentFilter(BROADCAST_GATEWAY_SETUP_OBSERVER_EVENT); updateIntentFilter.addAction(BROADCAST_EIP_EVENT); @@ -105,7 +106,7 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta updateIntentFilter.addAction(TorService.ACTION_STATUS); updateIntentFilter.addAction(TorService.ACTION_ERROR); updateIntentFilter.addCategory(CATEGORY_DEFAULT); - LocalBroadcastManager.getInstance(context.getApplicationContext()).registerReceiver(this, updateIntentFilter); + LocalBroadcastManager.getInstance(context).registerReceiver(this, updateIntentFilter); instance = this; VpnStatus.addLogListener(this); } @@ -174,7 +175,7 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta Log.d(TAG, "handle Tor status event: " + status); Integer bootstrap = intent.getIntExtra(TorService.EXTRA_STATUS_DETAIL_BOOTSTRAP, -1); String logKey = intent.getStringExtra(TorService.EXTRA_STATUS_DETAIL_LOGKEY); - TorStatusObservable.updateState(context, status, bootstrap, logKey); + TorStatusObservable.updateState(appContext, status, bootstrap, logKey); } @@ -193,14 +194,18 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta ProviderObservable.getInstance().updateProvider(provider); PreferenceHelper.storeProviderInPreferences(preferences, provider); if (EipStatus.getInstance().isDisconnected()) { - EipCommand.startVPN(context, false); + EipCommand.startVPN(appContext, false); } break; case CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE: provider = resultData.getParcelable(PROVIDER_KEY); ProviderObservable.getInstance().updateProvider(provider); PreferenceHelper.storeProviderInPreferences(preferences, provider); - EipCommand.startVPN(context, false); + EipCommand.startVPN(appContext, false); + EipStatus.getInstance().setUpdatingVpnCert(false); + if (TorStatusObservable.isRunning()) { + TorServiceCommand.stopTorServiceAsync(appContext); + } break; case CORRECTLY_DOWNLOADED_GEOIP_JSON: provider = resultData.getParcelable(PROVIDER_KEY); @@ -211,18 +216,35 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta case INCORRECTLY_DOWNLOADED_GEOIP_JSON: maybeStartEipService(resultData); break; - case PROVIDER_NOK: case INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE: + EipStatus.getInstance().setUpdatingVpnCert(false); + if (TorStatusObservable.isRunning()) { + TorServiceCommand.stopTorServiceAsync(appContext); + } + break; + case PROVIDER_NOK: case INCORRECTLY_DOWNLOADED_EIP_SERVICE: case INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE: - if (TorStatusObservable.getStatus() != OFF) { - TorServiceCommand.stopTorServiceAsync(context); + if (TorStatusObservable.isRunning()) { + TorServiceCommand.stopTorServiceAsync(appContext); } Log.d(TAG, "PROVIDER NOK - FETCH FAILED"); break; case PROVIDER_OK: Log.d(TAG, "PROVIDER OK - FETCH SUCCESSFUL"); break; + case TOR_TIMEOUT: + case TOR_EXCEPTION: + try { + JSONObject jsonObject = new JSONObject(resultData.getString(ProviderAPI.ERRORS)); + String initialAction = jsonObject.optString(ProviderAPI.INITIAL_ACTION); + if (UPDATE_INVALID_VPN_CERTIFICATE.equals(initialAction)) { + EipStatus.getInstance().setUpdatingVpnCert(false); + } + } catch (Exception e) { + //ignore + } + break; default: break; } @@ -235,7 +257,7 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta private void maybeStartEipService(Bundle resultData) { if (resultData.getBoolean(EIP_ACTION_START)) { boolean earlyRoutes = resultData.getBoolean(EIP_EARLY_ROUTES); - EipCommand.startVPN(context, earlyRoutes); + EipCommand.startVPN(appContext, earlyRoutes); } } @@ -262,14 +284,14 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta switch (error) { case NO_MORE_GATEWAYS: finishGatewaySetup(false); - EipCommand.startBlockingVPN(context); + EipCommand.startBlockingVPN(appContext); break; case ERROR_INVALID_PROFILE: selectNextGateway(); break; default: finishGatewaySetup(false); - EipCommand.stopVPN(context); + EipCommand.stopVPN(appContext); EipStatus.refresh(); } } @@ -345,11 +367,11 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta Provider provider = ProviderObservable.getInstance().getCurrentProvider(); if (setupNClosestGateway.get() > 0 || provider.shouldUpdateEipServiceJson()) { //setupNClostestGateway > 0: at least one failed gateway -> did the provider change it's gateways? - ProviderAPICommand.execute(context, ProviderAPI.DOWNLOAD_SERVICE_JSON, provider); + ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, provider); } if (shouldCheckAppUpdate()) { - DownloadServiceCommand.execute(context, CHECK_VERSION_FILE); + DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE); } finishGatewaySetup(false); } else if ("TCP_CONNECT".equals(state)) { @@ -358,13 +380,13 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta } private boolean shouldCheckAppUpdate() { - return System.currentTimeMillis() - PreferenceHelper.getLastAppUpdateCheck(context) >= UPDATE_CHECK_TIMEOUT; + return System.currentTimeMillis() - PreferenceHelper.getLastAppUpdateCheck(appContext) >= UPDATE_CHECK_TIMEOUT; } private void selectNextGateway() { changingGateway.set(true); reconnectTry.set(0); - EipCommand.startVPN(context, false, setupNClosestGateway.get() + 1); + EipCommand.startVPN(appContext, false, setupNClosestGateway.get() + 1); } private void finishGatewaySetup(boolean changingGateway) { @@ -374,8 +396,8 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta observedProfileFromVpnStatus = null; this.changingGateway.set(changingGateway); this.reconnectTry.set(0); - if (TorStatusObservable.getStatus() != OFF) { - TorServiceCommand.stopTorServiceAsync(context); + if (TorStatusObservable.isRunning()) { + TorServiceCommand.stopTorServiceAsync(appContext); } } @@ -396,9 +418,9 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta case SHAPESHIFTER: VpnProfile profile = VpnStatus.getLastConnectedVpnProfile(); if (profile == null) { - EipCommand.startVPN(context, false, 0); + EipCommand.startVPN(appContext, false, 0); } else { - GatewaysManager gatewaysManager = new GatewaysManager(context.getApplicationContext()); + GatewaysManager gatewaysManager = new GatewaysManager(appContext); int position = gatewaysManager.getPosition(profile); setupNClosestGateway.set(position >= 0 ? position : 0); selectNextGateway(); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java index bc123683..003e396f 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java @@ -56,6 +56,7 @@ public class EipStatus extends Observable implements VpnStatus.StateListener { private int lastErrorLine = 0; private String state, logMessage; private int localizedResId; + private boolean isUpdatingVPNCertificate; public static EipStatus getInstance() { if (currentStatus == null) { @@ -178,6 +179,15 @@ public class EipStatus extends Observable implements VpnStatus.StateListener { } } + public void setUpdatingVpnCert(boolean isUpdating) { + isUpdatingVPNCertificate = isUpdating; + refresh(); + } + + public boolean isUpdatingVpnCert() { + return isUpdatingVPNCertificate; + } + public boolean isConnecting() { return currentEipLevel == EipLevel.CONNECTING; } |