diff options
author | cyBerta <cyberta@riseup.net> | 2023-07-19 12:51:59 +0200 |
---|---|---|
committer | cyBerta <cyberta@riseup.net> | 2023-07-19 12:51:59 +0200 |
commit | 49742738417fb3db7e60813ca170dffaab65c8c1 (patch) | |
tree | 27453a11c16247eb6cc6c5cee357f1ef285871db /app/src/main/java/se/leap/bitmaskclient/eip | |
parent | 33216d22493fa413996a49df2b1ab1def47f9fa0 (diff) |
always provide private VPN key over management interface, avoid exposing it in persisted openvpn config. The private key is stored encrypted instead
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/eip')
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java | 5 | ||||
-rw-r--r-- | app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java | 9 |
2 files changed, 2 insertions, 12 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java index d114665b..5e05b7c1 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java @@ -22,7 +22,6 @@ import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT; import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS; import static se.leap.bitmaskclient.base.models.Constants.HOST; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY; import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningCert; @@ -124,6 +123,7 @@ public class GatewaysManager { GatewaySelector gatewaySelector; + public GatewaysManager(Context context) { this.context = context; configureFromCurrentProvider(); @@ -392,7 +392,6 @@ public class GatewaysManager { try { JSONObject eipDefinition = provider.getEipServiceJson(); JSONObject secrets = secretsConfigurationFromCurrentProvider(); - JSONArray gatewaysDefined = new JSONArray(); try { gatewaysDefined = eipDefinition.getJSONArray(GATEWAYS); @@ -488,10 +487,8 @@ public class GatewaysManager { private JSONObject secretsConfigurationFromCurrentProvider() { JSONObject result = new JSONObject(); Provider provider = ProviderObservable.getInstance().getCurrentProvider(); - try { result.put(Provider.CA_CERT, provider.getCaCert()); - result.put(PROVIDER_PRIVATE_KEY, provider.getPrivateKey()); result.put(PROVIDER_VPN_CERTIFICATE, provider.getVpnCertificate()); } catch (JSONException e) { e.printStackTrace(); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java index 2c22d4f7..fa2ab352 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java @@ -490,13 +490,6 @@ public class VpnConfigGenerator { + newLine + "</ca>"; - String key = - "<key>" - + newLine - + secrets.getString(PROVIDER_PRIVATE_KEY) - + newLine - + "</key>"; - String openvpnCert = "<cert>" + newLine @@ -504,7 +497,7 @@ public class VpnConfigGenerator { + newLine + "</cert>"; - return ca + newLine + key + newLine + openvpnCert; + return ca + newLine + openvpnCert; } catch (JSONException e) { e.printStackTrace(); return ""; |