diff options
| author | cyberta <cyberta@riseup.net> | 2022-07-18 21:57:07 +0000 |
|---|---|---|
| committer | cyberta <cyberta@riseup.net> | 2022-07-18 21:57:07 +0000 |
| commit | abd8c8d06f01cc5b794a18779c2ea36b9317b4e3 (patch) | |
| tree | 3bf4274594bc45c879093adbab58c2ec7a142146 /app/src/main/java/se/leap/bitmaskclient/eip | |
| parent | f90e72fb3e90d561a433278f251ee27297b42001 (diff) | |
| parent | 6ad47f6665312cfbc5c9b9e9bae1088d91b8dc99 (diff) | |
Merge branch 'eip-service.json_updates' into 'master'
Fix auto-check issues after successful connection attempt
Closes #9093
See merge request leap/bitmask_android!197
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/eip')
3 files changed, 53 insertions, 9 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java index cf4dc9bf..46f91781 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java @@ -56,6 +56,7 @@ import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.connection.Connection; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.base.OnBootReceiver; +import se.leap.bitmaskclient.base.models.Provider; import se.leap.bitmaskclient.base.models.ProviderObservable; import se.leap.bitmaskclient.base.utils.PreferenceHelper; @@ -242,6 +243,12 @@ public final class EIP extends JobIntentService implements Observer { return; } + if (shouldUpdateVPNCertificate()) { + Provider p = ProviderObservable.getInstance().getCurrentProvider(); + p.setShouldUpdateVpnCertificate(true); + ProviderObservable.getInstance().updateProvider(p); + } + GatewaysManager gatewaysManager = new GatewaysManager(getApplicationContext()); if (gatewaysManager.isEmpty()) { setErrorResult(result, warning_client_parsing_error_gateways, null); @@ -267,6 +274,12 @@ public final class EIP extends JobIntentService implements Observer { Gateway gateway = gatewaysManager.select(0); Bundle result = new Bundle(); + if (shouldUpdateVPNCertificate()) { + Provider p = ProviderObservable.getInstance().getCurrentProvider(); + p.setShouldUpdateVpnCertificate(true); + ProviderObservable.getInstance().updateProvider(p); + } + launchActiveGateway(gateway, 0, result); if (result.containsKey(BROADCAST_RESULT_KEY) && !result.getBoolean(BROADCAST_RESULT_KEY)){ VpnStatus.logWarning("ALWAYS-ON VPN: " + getString(R.string.no_vpn_profiles_defined)); @@ -415,6 +428,12 @@ public final class EIP extends JobIntentService implements Observer { return validator.isValid(); } + private boolean shouldUpdateVPNCertificate() { + VpnCertificateValidator validator = new VpnCertificateValidator(preferences.getString(PROVIDER_VPN_CERTIFICATE, "")); + return validator.shouldBeUpdated(); + } + + /** * helper function to add error to result bundle * diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java index 9d67340e..05991390 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java @@ -39,12 +39,14 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PROFILE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_EIP_SERVICE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_EXCEPTION; import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_TIMEOUT; import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE; @@ -367,11 +369,21 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta Provider provider = ProviderObservable.getInstance().getCurrentProvider(); if (setupNClosestGateway.get() > 0 || provider.shouldUpdateEipServiceJson()) { //setupNClostestGateway > 0: at least one failed gateway -> did the provider change it's gateways? - ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, provider); + Bundle parameters = new Bundle(); + parameters.putLong(DELAY, 500); + ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, parameters, provider); } if (shouldCheckAppUpdate()) { - DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE); + Bundle parameters = new Bundle(); + parameters.putLong(DELAY, 500); + DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE, parameters); + } + + if (provider.shouldUpdateVpnCertificate()) { + Bundle parameters = new Bundle(); + parameters.putLong(DELAY, 500); + ProviderAPICommand.execute(appContext, QUIETLY_UPDATE_VPN_CERTIFICATE, parameters, provider); } finishGatewaySetup(false); } else if ("TCP_CONNECT".equals(state)) { diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java index 16d1c5ad..8841ae94 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -45,9 +45,22 @@ public class VpnCertificateValidator { /** * - * @return true if all certificates are valid for more than 15 more days + * @return true if all certificates are valid for 1 more day */ public boolean isValid() { + return isValid(1); + } + + /** + * + * @return return true if certificates will expire in 8 days or less + */ + public boolean shouldBeUpdated() { + return !isValid(8); + } + + + private boolean isValid(int offsetDays) { if (certificate.isEmpty()) { return false; } @@ -57,7 +70,7 @@ public class VpnCertificateValidator { return false; } for (X509Certificate cert : x509Certificates) { - if (!isValid(cert)) { + if (!isValid(cert, offsetDays)) { return false; } } @@ -65,12 +78,12 @@ public class VpnCertificateValidator { } - private boolean isValid(X509Certificate certificate) { + private boolean isValid(X509Certificate certificate, int offsetDays) { if (certificate == null) { return false; } - Calendar offsetDate = calculateOffsetCertificateValidity(certificate); + Calendar offsetDate = calculateOffsetCertificateValidity(certificate, offsetDays); try { certificate.checkValidity(offsetDate.getTime()); return true; @@ -81,15 +94,15 @@ public class VpnCertificateValidator { } } - private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { + private Calendar calculateOffsetCertificateValidity(X509Certificate certificate, int offsetDays) { Calendar limitDate = calendarProvider.getCalendar(); Date startDate = certificate.getNotBefore(); // if certificates start date is before current date just return the current date without an offset if (startDate.getTime() >= limitDate.getTime().getTime()) { return limitDate; } - // else add an offset of 15 days to the current date - limitDate.add(Calendar.DAY_OF_YEAR, 15); + // else add an offset to the current date + limitDate.add(Calendar.DAY_OF_YEAR, offsetDays); return limitDate; } |