summaryrefslogtreecommitdiff
path: root/app/src/main/java/se
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2022-07-31 04:07:47 +0200
committercyBerta <cyberta@riseup.net>2022-07-31 04:07:47 +0200
commit87446cbc0c818a374c057894b57e93156443a270 (patch)
treec2fa479d2b85df5eb624c75b71a89dac2973b8a3 /app/src/main/java/se
parent7692e1db1021460ec777928bdf418432cac9e7cb (diff)
implement obfuscation pinning
Diffstat (limited to 'app/src/main/java/se')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java119
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java53
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java8
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java49
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java27
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java80
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java56
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java58
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java173
9 files changed, 549 insertions, 74 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
index b7f16fa4..df78214d 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
@@ -1,2 +1,119 @@
-package se.leap.bitmaskclient.base.fragments;public class ObfuscationProxyDialog {
+package se.leap.bitmaskclient.base.fragments;
+
+import static android.view.View.GONE;
+import static android.view.View.VISIBLE;
+
+import android.app.Dialog;
+import android.os.Bundle;
+import android.text.TextUtils;
+import android.view.View;
+import android.widget.ArrayAdapter;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.appcompat.app.AlertDialog;
+import androidx.appcompat.app.AppCompatDialogFragment;
+import androidx.appcompat.widget.AppCompatButton;
+import androidx.appcompat.widget.AppCompatEditText;
+import androidx.appcompat.widget.AppCompatSpinner;
+
+import java.util.ArrayList;
+
+import se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper;
+import se.leap.bitmaskclient.base.utils.PreferenceHelper;
+import se.leap.bitmaskclient.base.views.IconSwitchEntry;
+import se.leap.bitmaskclient.databinding.DObfuscationProxyBinding;
+import se.leap.bitmaskclient.eip.GatewaysManager;
+
+public class ObfuscationProxyDialog extends AppCompatDialogFragment {
+ public static final String TAG = ObfuscationProxyDialog.class.getSimpleName();
+ DObfuscationProxyBinding binding;
+ AppCompatEditText ipField;
+ AppCompatEditText portField;
+ AppCompatEditText certificateField;
+ AppCompatSpinner gatewayHost;
+ AppCompatButton saveButton;
+ AppCompatButton useDefaultsButton;
+ AppCompatButton cancelButton;
+ IconSwitchEntry kcpSwitch;
+ ArrayAdapter<String> gatewayHosts;
+
+ @NonNull
+ @Override
+ public Dialog onCreateDialog(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ binding = DObfuscationProxyBinding.inflate(getLayoutInflater());
+ View view = binding.getRoot();
+ AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
+ builder.setView(view);
+ ipField = binding.ipField;
+ portField = binding.portField;
+ certificateField = binding.certField;
+ gatewayHost = binding.gatewayHost;
+ saveButton = binding.buttonSave;
+ useDefaultsButton = binding.buttonDefaults;
+ cancelButton = binding.buttonCancel;
+ kcpSwitch = binding.kcpSwitch;
+
+ ipField.setText(PreferenceHelper.getObfuscationPinningIP(getContext()));
+ portField.setText(PreferenceHelper.getObfuscationPinningPort(getContext()));
+ certificateField.setText(PreferenceHelper.getObfuscationPinningCert(getContext()));
+ kcpSwitch.setChecked(PreferenceHelper.getObfuscationPinningKCP(getContext()));
+
+ GatewaysManager gatewaysManager = new GatewaysManager(getContext());
+ ArrayList<String> hostsList = gatewaysManager.getHosts();
+
+ hostsList.add(0, "Select a Gateway");
+ gatewayHosts = new ArrayAdapter<>(getContext(), android.R.layout.simple_spinner_item, hostsList);
+ gatewayHosts.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
+ gatewayHost.setAdapter(gatewayHosts);
+ String selectedHost = PreferenceHelper.getObfuscationPinningGatewayHost(getContext());
+ if (selectedHost != null) {
+ gatewayHost.setSelection(gatewayHosts.getPosition(selectedHost));
+ }
+
+ saveButton.setOnClickListener(v -> {
+ String ip = TextUtils.isEmpty(ipField.getText()) ? null : ipField.getText().toString();
+ PreferenceHelper.setObfuscationPinningIP(v.getContext(), ip);
+ String port = TextUtils.isEmpty(portField.getText()) ? null : portField.getText().toString();
+ PreferenceHelper.setObfuscationPinningPort(v.getContext(), port);
+ String cert = TextUtils.isEmpty(certificateField.getText()) ? null : certificateField.getText().toString();
+ PreferenceHelper.setObfuscationPinningCert(v.getContext(), cert);
+ String gatewayHostName = gatewayHost.getSelectedItemPosition() == 0 ? null : gatewayHosts.getItem(gatewayHost.getSelectedItemPosition());
+ PreferenceHelper.setObfuscationPinningGatewayHost(v.getContext(), gatewayHostName);
+ PreferenceHelper.setObfuscationPinningGatewayIP(v.getContext(), gatewaysManager.getIpForHost(gatewayHostName));
+ PreferenceHelper.setObfuscationPinningKCP(v.getContext(), kcpSwitch.isChecked());
+ PreferenceHelper.setUseObfuscationPinning(v.getContext(), ip != null && port != null && cert != null && gatewayHostName != null);
+ PreferenceHelper.setObfuscationPinningGatewayLocation(v.getContext(), gatewaysManager.getLocationNameForHost(gatewayHostName));
+ dismiss();
+ });
+
+ useDefaultsButton.setVisibility(ObfsVpnHelper.hasObfuscationPinningDefaults() ? VISIBLE : GONE);
+ useDefaultsButton.setOnClickListener(v -> {
+ ipField.setText(ObfsVpnHelper.obfsvpnIP());
+ portField.setText(ObfsVpnHelper.obfsvpnPort());
+ certificateField.setText(ObfsVpnHelper.obfsvpnCert());
+ int position = gatewayHosts.getPosition(ObfsVpnHelper.gatewayHost());
+ if (position == -1) {
+ position = 0;
+ }
+ gatewayHost.setSelection(position);
+ kcpSwitch.setChecked(ObfsVpnHelper.useKcp());
+ });
+
+ cancelButton.setOnClickListener(v -> {
+ boolean allowPinning = !TextUtils.isEmpty(ipField.getText()) && !TextUtils.isEmpty(portField.getText()) && !TextUtils.isEmpty(certificateField.getText());
+ PreferenceHelper.setUseObfuscationPinning(
+ v.getContext(), allowPinning);
+ dismiss();
+ });
+
+ return builder.create();
+ }
+
+ @Override
+ public void onDestroyView() {
+ super.onDestroyView();
+ binding = null;
+ }
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
index 9d15f839..f7d20aa9 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
@@ -9,9 +9,10 @@ import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.isCalyxOSWithTetheringSupport;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getShowAlwaysOnDialog;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
@@ -19,7 +20,9 @@ import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseSnowflake;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.hasSnowflakePrefs;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.preferUDP;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setAllowExperimentalTransports;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setUseObfuscationPinning;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useBridges;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useSnowflake;
import static se.leap.bitmaskclient.base.utils.ViewHelper.setActionBarTitle;
@@ -86,6 +89,7 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
initTetheringEntry(view);
initGatewayPinningEntry(view);
initExperimentalTransportsEntry(view);
+ initObfuscationPinningEntry(view);
setActionBarTitle(this, advanced_settings);
return view;
}
@@ -260,6 +264,47 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
});
}
+ public void initObfuscationPinningEntry(View rootView) {
+ IconSwitchEntry obfuscationPinning = rootView.findViewById(R.id.obfuscation_proxy_pinning);
+ if (useObfsVpn()) {
+ obfuscationPinning.setVisibility(VISIBLE);
+ boolean useBridges = getUseBridges(getContext());
+ obfuscationPinning.setEnabled(useBridges);
+ obfuscationPinning.setSubtitle(useBridges ? "Connect to a specific obfuscation proxy for debugging purposes" : "Enable Bridges to use this option");
+ obfuscationPinning.setChecked(useObfuscationPinning(getContext()));
+ obfuscationPinning.setOnCheckedChangeListener((buttonView, isChecked) -> {
+ if (!buttonView.isPressed()) {
+ return;
+ }
+ if (!isChecked) {
+ setUseObfuscationPinning(getContext(), false);
+ } else {
+ showObfuscationPinningDialog();
+ }
+ });
+ obfuscationPinning.setOnClickListener(v -> {
+ if (obfuscationPinning.isChecked()) {
+ showObfuscationPinningDialog();
+ }
+ });
+ } else {
+ obfuscationPinning.setVisibility(GONE);
+ }
+ }
+
+ public void showObfuscationPinningDialog() {
+ try {
+ FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced(
+ getActivity().getSupportFragmentManager()).removePreviousFragment(
+ ObfuscationProxyDialog.TAG);
+ DialogFragment newFragment = new ObfuscationProxyDialog();
+ newFragment.setCancelable(false);
+ newFragment.show(fragmentTransaction, ObfuscationProxyDialog.TAG);
+ } catch (IllegalStateException | NullPointerException e) {
+ e.printStackTrace();
+ }
+ }
+
public void initExperimentalTransportsEntry(View rootView) {
IconSwitchEntry experimentalTransports = rootView.findViewById(R.id.experimental_transports);
if (useObfsVpn() && ProviderObservable.getInstance().getCurrentProvider().supportsExperimentalPluggableTransports()) {
@@ -315,9 +360,13 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
initPreferUDPEntry(rootView);
} else if (key.equals(USE_IPv6_FIREWALL)) {
initFirewallEntry(getView());
- } if (key.equals(GATEWAY_PINNING)) {
+ } else if (key.equals(GATEWAY_PINNING)) {
initGatewayPinningEntry(rootView);
}
+
+ if (key.equals(USE_OBFUSCATION_PINNING) || key.equals(USE_BRIDGES)) {
+ initObfuscationPinningEntry(rootView);
+ }
}
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
index b34a31eb..8fbac35e 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
@@ -45,6 +45,14 @@ public interface Constants {
String PREFER_UDP = "prefer_UDP";
String GATEWAY_PINNING = "gateway_pinning";
String ALLOW_EXPERIMENTAL_TRANSPORTS = "allow_experimental_transports";
+ String USE_OBFUSCATION_PINNING = "use_obfuscation_pinning";
+ String OBFUSCATION_PINNING_IP = "obfuscation_pinning_ip";
+ String OBFUSCATION_PINNING_PORT = "obfuscation_pinning_port";
+ String OBFUSCATION_PINNING_CERT = "obfuscation_pinning_cert";
+ String OBFUSCATION_PINNING_KCP = "obfuscation_pinning_udp";
+ String OBFUSCATION_PINNING_GW_HOST = "obfuscation_pinning_gw_host";
+ String OBFUSCATION_PINNING_GW_IP = "obfuscation_pinning_gw_ip";
+ String OBFUSCATION_PINNING_LOCATION = "obfuscation_pinning_location";
//////////////////////////////////////////////
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java
new file mode 100644
index 00000000..90a033dd
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java
@@ -0,0 +1,49 @@
+package se.leap.bitmaskclient.base.models;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+import org.json.JSONObject;
+
+public class Transport {
+ private String type;
+ private String[] protocols;
+ private String[] ports;
+ private Options options;
+
+ public Transport(String type, String[] protocols, String[] ports, String cert) {
+ this.type = type;
+ this.protocols = protocols;
+ this.ports = ports;
+ this.options = new Options(cert);
+ }
+
+ @Override
+ public String toString() {
+ return new Gson().toJson(this);
+ }
+
+ public static Transport fromJson(JSONObject json) {
+ GsonBuilder builder = new GsonBuilder();
+ return builder.create().fromJson(json.toString(), Transport.class);
+ }
+
+ public static class Options {
+ private String cert;
+ private String iatMode;
+
+ public Options(String cert) {
+ this.cert = cert;
+ this.iatMode = "0";
+ }
+
+ @Override
+ public String toString() {
+ return new Gson().toJson(this);
+ }
+ }
+
+
+}
+
+
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
index 102756c4..c4e2fb17 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
@@ -285,5 +285,32 @@ public class ConfigHelper {
public static boolean useObfsVpn() {
return BuildConfig.use_obfsvpn;
}
+
+ public static boolean hasObfuscationPinningDefaults() {
+ return BuildConfig.obfsvpn_ip != null &&
+ BuildConfig.obfsvpn_port != null &&
+ BuildConfig.obfsvpn_cert != null &&
+ BuildConfig.obfsvpn_gateway_host != null &&
+ !BuildConfig.obfsvpn_ip.isEmpty() &&
+ !BuildConfig.obfsvpn_port.isEmpty() &&
+ !BuildConfig.obfsvpn_cert.isEmpty() &&
+ !BuildConfig.obfsvpn_gateway_host.isEmpty();
+ }
+ public static String obfsvpnIP() {
+ return BuildConfig.obfsvpn_ip;
+ }
+ public static String obfsvpnPort() {
+ return BuildConfig.obfsvpn_port;
+ }
+ public static String obfsvpnCert() {
+ return BuildConfig.obfsvpn_cert;
+ }
+ public static String gatewayHost() {
+ return BuildConfig.obfsvpn_gateway_host;
+ }
+
+ public static boolean useKcp() {
+ return BuildConfig.obfsvpn_use_kcp;
+ }
}
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
index 22fe42ff..d9beffd3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
@@ -11,6 +11,13 @@ import static se.leap.bitmaskclient.base.models.Constants.EXCLUDED_APPS;
import static se.leap.bitmaskclient.base.models.Constants.GATEWAY_PINNING;
import static se.leap.bitmaskclient.base.models.Constants.LAST_UPDATE_CHECK;
import static se.leap.bitmaskclient.base.models.Constants.LAST_USED_PROFILE;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_CERT;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_HOST;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_IP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_IP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_KCP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_LOCATION;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_PORT;
import static se.leap.bitmaskclient.base.models.Constants.PREFERRED_CITY;
import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_CONFIGURED;
@@ -22,10 +29,12 @@ import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.base.models.Constants.SHOW_EXPERIMENTAL;
import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
import static se.leap.bitmaskclient.base.models.Constants.USE_SNOWFLAKE;
import android.content.Context;
import android.content.SharedPreferences;
+import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.WorkerThread;
@@ -260,6 +269,77 @@ public class PreferenceHelper {
return getBoolean(context, ALLOW_EXPERIMENTAL_TRANSPORTS, false);
}
+ public static void setUseObfuscationPinning(Context context, Boolean pinning) {
+ putBoolean(context, USE_OBFUSCATION_PINNING, pinning);
+ }
+
+ public static boolean useObfuscationPinning(Context context) {
+ return ConfigHelper.ObfsVpnHelper.useObfsVpn() &&
+ getUseBridges(context) &&
+ getBoolean(context, USE_OBFUSCATION_PINNING, false) &&
+ !TextUtils.isEmpty(getObfuscationPinningIP(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningCert(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningPort(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningGatewayHost(context));
+ }
+
+ public static void setObfuscationPinningIP(Context context, String ip) {
+ putString(context, OBFUSCATION_PINNING_IP, ip);
+ }
+
+ public static String getObfuscationPinningIP(Context context) {
+ return getString(context, OBFUSCATION_PINNING_IP, null);
+ }
+
+ public static void setObfuscationPinningPort(Context context, String port) {
+ putString(context, OBFUSCATION_PINNING_PORT, port);
+ }
+
+ public static String getObfuscationPinningPort(Context context) {
+ return getString(context, OBFUSCATION_PINNING_PORT, null);
+ }
+
+ public static void setObfuscationPinningCert(Context context, String cert) {
+ putString(context, OBFUSCATION_PINNING_CERT, cert);
+ }
+
+ public static String getObfuscationPinningCert(Context context) {
+ return getString(context, OBFUSCATION_PINNING_CERT, null);
+ }
+
+ public static void setObfuscationPinningGatewayHost(Context context, String gatewayIP) {
+ putString(context, OBFUSCATION_PINNING_GW_HOST, gatewayIP);
+ }
+
+ public static String getObfuscationPinningGatewayHost(Context context) {
+ return getString(context, OBFUSCATION_PINNING_GW_HOST, null);
+ }
+
+
+ public static void setObfuscationPinningGatewayIP(Context context, String ipForHost) {
+ putString(context, OBFUSCATION_PINNING_GW_IP, ipForHost);
+ }
+
+ public static String getObfuscationPinningGatewayIP(Context context) {
+ return getString(context, OBFUSCATION_PINNING_GW_IP, null);
+ }
+
+ public static void setObfuscationPinningGatewayLocation(Context context, String location) {
+ putString(context, OBFUSCATION_PINNING_LOCATION, location);
+ }
+
+ public static String getObfuscationPinningGatewayLocation(Context context) {
+ return getString(context, OBFUSCATION_PINNING_LOCATION, null);
+ }
+
+ public static Boolean getObfuscationPinningKCP(Context context) {
+ return getBoolean(context, OBFUSCATION_PINNING_KCP, false);
+ }
+
+ public static void setObfuscationPinningKCP(Context context, boolean isKCP) {
+ putBoolean(context, OBFUSCATION_PINNING_KCP, isKCP);
+ }
+
public static void setUseIPv6Firewall(Context context, boolean useFirewall) {
putBoolean(context, USE_IPv6_FIREWALL, useFirewall);
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
index e9281609..ff1dd05e 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
@@ -26,6 +26,17 @@ import static se.leap.bitmaskclient.base.models.Constants.OPENVPN_CONFIGURATION;
import static se.leap.bitmaskclient.base.models.Constants.OVERLOAD;
import static se.leap.bitmaskclient.base.models.Constants.TIMEZONE;
import static se.leap.bitmaskclient.base.models.Constants.VERSION;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getExcludedApps;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningCert;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayHost;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayIP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayLocation;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningIP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningKCP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningPort;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
import android.content.Context;
@@ -45,7 +56,6 @@ import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.connection.Connection;
import se.leap.bitmaskclient.base.utils.ConfigHelper;
-import se.leap.bitmaskclient.base.utils.PreferenceHelper;
/**
* Gateway provides objects defining gateways and their metadata.
@@ -87,28 +97,37 @@ public class Gateway {
this.secrets = secrets;
this.load = load;
+ apiVersion = getApiVersion(eipDefinition);
+ VpnConfigGenerator.Configuration configuration = getProfileConfig(context, eipDefinition, apiVersion);
generalConfiguration = getGeneralConfiguration(eipDefinition);
timezone = getTimezone(eipDefinition);
- name = locationAsName(eipDefinition);
- apiVersion = getApiVersion(eipDefinition);
- vpnProfiles = createVPNProfiles(context);
+ name = configuration.profileName;
+ vpnProfiles = createVPNProfiles(configuration);
+ }
+
+ private VpnConfigGenerator.Configuration getProfileConfig(Context context, JSONObject eipDefinition, int apiVersion) {
+ VpnConfigGenerator.Configuration config = new VpnConfigGenerator.Configuration();
+ config.apiVersion = apiVersion;
+ config.preferUDP = getPreferUDP(context);
+ config.experimentalTransports = allowExperimentalTransports(context);
+ config.excludedApps = getExcludedApps(context);
+
+ config.useObfuscationPinning = useObfuscationPinning(context);
+ config.profileName = config.useObfuscationPinning ? getObfuscationPinningGatewayLocation(context) : locationAsName(eipDefinition);
+ config.remoteGatewayIP = config.useObfuscationPinning ? getObfuscationPinningGatewayIP(context) : gateway.optString(IP_ADDRESS);
+ if (config.useObfuscationPinning) {
+ config.obfuscationProxyIP = getObfuscationPinningIP(context);
+ config.obfuscationProxyPort = getObfuscationPinningPort(context);
+ config.obfuscationProxyCert = getObfuscationPinningCert(context);
+ config.obfuscationProxyKCP = getObfuscationPinningKCP(context);
+ }
+ return config;
}
public void updateLoad(JSONObject load) {
this.load = load;
}
- private void addProfileInfos(Context context, HashMap<Connection.TransportType, VpnProfile> profiles) {
- Set<String> excludedAppsVpn = PreferenceHelper.getExcludedApps(context);
- for (VpnProfile profile : profiles.values()) {
- profile.mName = name;
- profile.mGatewayIp = gateway.optString(IP_ADDRESS);
- if (excludedAppsVpn != null) {
- profile.mAllowedAppsVpn = new HashSet<>(excludedAppsVpn);
- }
- }
- }
-
private JSONObject getGeneralConfiguration(JSONObject eipDefinition) {
try {
return eipDefinition.getJSONObject(OPENVPN_CONFIGURATION);
@@ -172,13 +191,10 @@ public class Gateway {
/**
* Create and attach the VpnProfile to our gateway object
*/
- private @NonNull HashMap<Connection.TransportType, VpnProfile> createVPNProfiles(Context context)
+ private @NonNull HashMap<Connection.TransportType, VpnProfile> createVPNProfiles(VpnConfigGenerator.Configuration profileConfig)
throws ConfigParser.ConfigParseError, IOException, JSONException {
- boolean preferUDP = PreferenceHelper.getPreferUDP(context);
- boolean allowExperimentalTransports = PreferenceHelper.allowExperimentalTransports(context);
- VpnConfigGenerator vpnConfigurationGenerator = new VpnConfigGenerator(generalConfiguration, secrets, gateway, apiVersion, preferUDP, allowExperimentalTransports);
+ VpnConfigGenerator vpnConfigurationGenerator = new VpnConfigGenerator(generalConfiguration, secrets, gateway, profileConfig);
HashMap<Connection.TransportType, VpnProfile> profiles = vpnConfigurationGenerator.generateVpnProfiles();
- addProfileInfos(context, profiles);
return profiles;
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
index db7dd38c..7bcd0def 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
@@ -16,6 +16,20 @@
*/
package se.leap.bitmaskclient.eip;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
+import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS;
+import static se.leap.bitmaskclient.base.models.Constants.HOST;
+import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
+import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
+import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningKCP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
+
import android.content.Context;
import android.util.Log;
@@ -48,18 +62,6 @@ import se.leap.bitmaskclient.base.models.Provider;
import se.leap.bitmaskclient.base.models.ProviderObservable;
import se.leap.bitmaskclient.base.utils.PreferenceHelper;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
-import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS;
-import static se.leap.bitmaskclient.base.models.Constants.HOST;
-import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
-import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
-import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
-
/**
* @author parmegv
*/
@@ -115,6 +117,13 @@ public class GatewaysManager {
* @return the n closest Gateway
*/
public Pair<Gateway, TransportType> select(int nClosest) {
+ if (PreferenceHelper.useObfuscationPinning(context)) {
+ Gateway gateway = gateways.get(PreferenceHelper.getObfuscationPinningGatewayHost(context));
+ if (gateway == null) {
+ return null;
+ }
+ return new Pair<>(gateway, getObfuscationPinningKCP(context) ? OBFS4_KCP : OBFS4);
+ }
String selectedCity = getPreferredCity(context);
return select(nClosest, selectedCity);
}
@@ -135,6 +144,23 @@ public class GatewaysManager {
}
}
+ public ArrayList<String> getHosts() {
+ ArrayList<String> hosts = new ArrayList<>();
+ for (Gateway gateway : gateways.values()) {
+ hosts.add(gateway.getHost());
+ }
+ return hosts;
+ }
+
+
+ public String getIpForHost(String gatewayHostName) {
+ Gateway gateway = gateways.get(gatewayHostName);
+ if (gateway == null) {
+ return null;
+ }
+ return gateway.getRemoteIP();
+ }
+
public List<Location> getGatewayLocations() {
return getSortedGatewayLocations(null);
}
@@ -202,6 +228,14 @@ public class GatewaysManager {
}
}
+ public String getLocationNameForHost(String name) {
+ Gateway gateway = gateways.get(name);
+ if (gateway != null) {
+ return gateway.getName();
+ }
+ return "Unknown Location";
+ }
+
@Nullable
public Location getLocation(String name) {
List <Location> locations = getGatewayLocations();
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 58732713..a7df99bf 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -19,6 +19,7 @@ package se.leap.bitmaskclient.eip;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
import static se.leap.bitmaskclient.base.models.Constants.CAPABILITIES;
import static se.leap.bitmaskclient.base.models.Constants.IP_ADDRESS;
import static se.leap.bitmaskclient.base.models.Constants.IP_ADDRESS6;
@@ -44,14 +45,17 @@ import org.json.JSONObject;
import java.io.IOException;
import java.io.StringReader;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
+import java.util.Set;
import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.VpnStatus;
import de.blinkt.openvpn.core.connection.Connection;
-import se.leap.bitmaskclient.BuildConfig;
+import de.blinkt.openvpn.core.connection.Connection.TransportType;
import se.leap.bitmaskclient.base.models.Provider;
+import se.leap.bitmaskclient.base.models.Transport;
import se.leap.bitmaskclient.base.utils.ConfigHelper;
import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;
@@ -64,23 +68,65 @@ public class VpnConfigGenerator {
private final int apiVersion;
private final boolean preferUDP;
private final boolean experimentalTransports;
+ private final boolean useObfuscationPinning;
+ private final String obfuscationPinningIP;
+ private final String obfuscationPinningPort;
+ private final String obfuscationPinningCert;
+ private final boolean obfuscationPinningKCP;
+ private final String remoteGatewayIP;
+ private final String profileName;
+ private final Set<String> excludedApps;
public final static String TAG = VpnConfigGenerator.class.getSimpleName();
private final String newLine = System.getProperty("line.separator"); // Platform new line
- public VpnConfigGenerator(JSONObject generalConfiguration, JSONObject secrets, JSONObject gateway, int apiVersion, boolean preferUDP, boolean experimentalTransports) throws ConfigParser.ConfigParseError {
+ public static class Configuration {
+ int apiVersion;
+ boolean preferUDP;
+ boolean experimentalTransports;
+ String remoteGatewayIP = "";
+ String profileName = "";
+ Set<String> excludedApps = null;
+
+ boolean useObfuscationPinning;
+ boolean obfuscationProxyKCP;
+ String obfuscationProxyIP = "";
+ String obfuscationProxyPort = "";
+ String obfuscationProxyCert = "";
+ }
+
+ public VpnConfigGenerator(JSONObject generalConfiguration, JSONObject secrets, JSONObject gateway, Configuration config) throws ConfigParser.ConfigParseError {
this.generalConfiguration = generalConfiguration;
this.gateway = gateway;
this.secrets = secrets;
- this.apiVersion = apiVersion;
- this.preferUDP = preferUDP;
- this.experimentalTransports = experimentalTransports;
+ this.apiVersion = config.apiVersion;
+ this.preferUDP = config.preferUDP;
+ this.experimentalTransports = config.experimentalTransports;
+ this.useObfuscationPinning = config.useObfuscationPinning;
+ this.obfuscationPinningIP = config.obfuscationProxyIP;
+ this.obfuscationPinningPort = config.obfuscationProxyPort;
+ this.obfuscationPinningCert = config.obfuscationProxyCert;
+ this.obfuscationPinningKCP = config.obfuscationProxyKCP;
+ this.remoteGatewayIP = config.remoteGatewayIP;
+ this.profileName = config.profileName;
+ this.excludedApps = config.excludedApps;
checkCapabilities();
}
public void checkCapabilities() throws ConfigParser.ConfigParseError {
try {
+ if (useObfuscationPinning) {
+ if (obfuscationPinningKCP) {
+ // the protocol TCP refers to the allowed openvpn protocol
+ obfs4TKcpTransport = new JSONObject(new Transport(OBFS4_KCP.toString(), new String[]{"tcp"}, new String[]{obfuscationPinningPort}, obfuscationPinningCert).toString());
+ } else {
+ String jsonTransportString = new Transport(OBFS4.toString(), new String[]{"tcp"}, new String[]{obfuscationPinningPort}, obfuscationPinningCert).toString();
+ obfs4Transport = new JSONObject(jsonTransportString);
+ }
+ return;
+ }
+
if (apiVersion >= 3) {
JSONArray supportedTransports = gateway.getJSONObject(CAPABILITIES).getJSONArray(TRANSPORT);
for (int i = 0; i < supportedTransports.length(); i++) {
@@ -101,7 +147,7 @@ public class VpnConfigGenerator {
}
}
- public HashMap<Connection.TransportType, VpnProfile> generateVpnProfiles() throws
+ public HashMap<TransportType, VpnProfile> generateVpnProfiles() throws
ConfigParser.ConfigParseError,
NumberFormatException,
JSONException,
@@ -133,7 +179,7 @@ public class VpnConfigGenerator {
return obfs4TKcpTransport != null;
}
- private String getConfigurationString(Connection.TransportType transportType) {
+ private String getConfigurationString(TransportType transportType) {
return generalConfiguration()
+ newLine
+ gatewayConfiguration(transportType)
@@ -144,7 +190,7 @@ public class VpnConfigGenerator {
}
@VisibleForTesting
- protected VpnProfile createProfile(Connection.TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException {
+ protected VpnProfile createProfile(TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException {
String configuration = getConfigurationString(transportType);
ConfigParser icsOpenvpnConfigParser = new ConfigParser();
icsOpenvpnConfigParser.parseConfig(new StringReader(configuration));
@@ -153,22 +199,30 @@ public class VpnConfigGenerator {
} else if (transportType == OBFS4_KCP) {
icsOpenvpnConfigParser.setObfs4Options(getObfs4Options(obfs4TKcpTransport, true));
}
- return icsOpenvpnConfigParser.convertProfile(transportType);
+
+ VpnProfile profile = icsOpenvpnConfigParser.convertProfile(transportType);
+ profile.mName = profileName;
+ profile.mGatewayIp = remoteGatewayIP;
+ if (excludedApps != null) {
+ profile.mAllowedAppsVpn = new HashSet<>(excludedApps);
+ }
+ return profile;
}
+ // TODO: whad does
private Obfs4Options getObfs4Options(JSONObject transportJson, boolean useUdp) throws JSONException {
JSONObject transportOptions = transportJson.getJSONObject(OPTIONS);
String iatMode = transportOptions.getString("iatMode");
String cert = transportOptions.getString("cert");
- String port = obfs4Transport.getJSONArray(PORTS).getString(0);
+ String port = transportJson.getJSONArray(PORTS).getString(0);
String ip = gateway.getString(IP_ADDRESS);
boolean udp = useUdp;
- if (BuildConfig.obfsvpn_pinning) {
- cert = BuildConfig.obfsvpn_cert;
- port = BuildConfig.obfsvpn_port;
- ip = BuildConfig.obfsvpn_port;
- udp = BuildConfig.obfsvpn_use_kcp;
+ if (useObfuscationPinning) {
+ cert = obfuscationPinningCert;
+ port = obfuscationPinningPort;
+ ip = obfuscationPinningIP;
+ udp = obfuscationPinningKCP;
}
return new Obfs4Options(ip, port, cert, iatMode, udp);
}
@@ -196,7 +250,7 @@ public class VpnConfigGenerator {
return commonOptions;
}
- private String gatewayConfiguration(Connection.TransportType transportType) {
+ private String gatewayConfiguration(TransportType transportType) {
String remotes = "";
StringBuilder stringBuilder = new StringBuilder();
@@ -217,6 +271,7 @@ public class VpnConfigGenerator {
String[] ipAddresses = ipAddress6.isEmpty() ?
new String[]{ipAddress} :
new String[]{ipAddress6, ipAddress};
+
JSONArray transports = capabilities.getJSONArray(TRANSPORT);
gatewayConfigMinApiv3(transportType, stringBuilder, ipAddresses, transports);
break;
@@ -234,9 +289,9 @@ public class VpnConfigGenerator {
return remotes;
}
- private void gatewayConfigMinApiv3(Connection.TransportType transportType, StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
- if (transportType == OBFS4) {
- obfs4GatewayConfigMinApiv3(stringBuilder, ipAddresses, transports);
+ private void gatewayConfigMinApiv3(TransportType transportType, StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
+ if (transportType.getMetaType() == PT) {
+ ptGatewayConfigMinApiv3(stringBuilder, ipAddresses, transportType, transports);
} else {
ovpnGatewayConfigMinApi3(stringBuilder, ipAddresses, transports);
}
@@ -296,7 +351,7 @@ public class VpnConfigGenerator {
}
}
- private JSONObject getTransport(JSONArray transports, Connection.TransportType transportType) throws JSONException {
+ private JSONObject getTransport(JSONArray transports, TransportType transportType) throws JSONException {
JSONObject selectedTransport = new JSONObject();
for (int i = 0; i < transports.length(); i++) {
JSONObject transport = transports.getJSONObject(i);
@@ -308,9 +363,35 @@ public class VpnConfigGenerator {
return selectedTransport;
}
- private void obfs4GatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
- JSONObject obfs4Transport = getTransport(transports, OBFS4);
- JSONArray protocols = obfs4Transport.getJSONArray(PROTOCOLS);
+ private boolean isAllowedProtocol(TransportType transportType, String protocol) {
+ switch (transportType) {
+ case OPENVPN:
+ return "tcp".equals(protocol) || "udp".equals(protocol);
+ case OBFS4:
+ case OBFS4_KCP:
+ return "tcp".equals(protocol);
+ }
+ return false;
+ }
+
+ private void ptGatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, TransportType transportType, JSONArray transports) throws JSONException {
+ if (useObfuscationPinning) {
+ JSONArray pinnedTransports = new JSONArray();
+ for (int i = 0; i < transports.length(); i++) {
+ if (OPENVPN.toString().equals(transports.getJSONObject(i).get(TYPE))) {
+ pinnedTransports.put(transports.getJSONObject(i));
+ break;
+ }
+ }
+ pinnedTransports.put(supportsObfs4() ? obfs4Transport : obfs4TKcpTransport);
+ transports = pinnedTransports;
+ }
+
+ JSONObject ptTransport = getTransport(transports, transportType);
+ JSONArray ptProtocols = ptTransport.getJSONArray(PROTOCOLS);
+ JSONObject openvpnTransport = getTransport(transports, OPENVPN);
+ JSONArray gatewayProtocols = openvpnTransport.getJSONArray(PROTOCOLS);
+
//for now only use ipv4 gateway the syntax route remote_host 255.255.255.255 net_gateway is not yet working
// https://community.openvpn.net/openvpn/ticket/1161
/*for (String ipAddress : ipAddresses) {
@@ -337,41 +418,55 @@ public class VpnConfigGenerator {
return;
}
- // check if at least one protocol is TCP, UDP is currently not supported for obfs4
- boolean hasTcp = false;
- for (int i = 0; i < protocols.length(); i++) {
- String protocol = protocols.getString(i);
+ // check if at least one openvpn protocol is TCP, openvpn in UDP is currently not supported for obfs4,
+ // however on the wire UDP might be used
+ boolean hasOpenvpnTcp = false;
+ for (int i = 0; i < gatewayProtocols.length(); i++) {
+ String protocol = gatewayProtocols.getString(i);
if (protocol.contains("tcp")) {
- hasTcp = true;
+ hasOpenvpnTcp = true;
+ break;
+ }
+ }
+
+ if (!hasOpenvpnTcp) {
+ VpnStatus.logError("obfs4 currently only allows openvpn in TCP mode! Skipping obfs4 config for ip " + ipAddress);
+ return;
+ }
+
+ boolean hasAllowedPTProtocol = false;
+ for (int i = 0; i < ptProtocols.length(); i++) {
+ String protocol = ptProtocols.getString(i);
+ if (isAllowedProtocol(transportType, protocol)) {
+ hasAllowedPTProtocol = true;
+ break;
}
}
- if (!hasTcp) {
- VpnStatus.logError("obfs4 currently only allows TCP! Skipping obfs4 config for ip " + ipAddress);
+ if (!hasAllowedPTProtocol) {
+ VpnStatus.logError("Misconfigured provider: wrong protocol defined in " + transportType.toString()+ " transport JSON.");
return;
}
- JSONArray ports = obfs4Transport.getJSONArray(PORTS);
+ JSONArray ports = ptTransport.getJSONArray(PORTS);
if (ports.isNull(0)){
- VpnStatus.logError("Misconfigured provider: no ports defined in obfs4 transport JSON.");
+ VpnStatus.logError("Misconfigured provider: no ports defined in " + transportType.toString()+ " transport JSON.");
return;
}
String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine;
stringBuilder.append(route);
+ String remote;
if (useObfsVpn()) {
- String remote;
- if (BuildConfig.obfsvpn_pinning) {
- remote = REMOTE + " " + BuildConfig.obfsvpn_ip + " " + BuildConfig.obfsvpn_port + newLine;
+ if (useObfuscationPinning) {
+ remote = REMOTE + " " + obfuscationPinningIP + " " + obfuscationPinningPort + newLine;
} else {
remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine;
}
-
- stringBuilder.append(remote);
} else {
- String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
- stringBuilder.append(remote);
+ remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
}
+ stringBuilder.append(remote);
}
private String secretsConfiguration() {