summaryrefslogtreecommitdiff
path: root/app/src/main/java
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2017-09-15 01:38:39 +0200
committercyBerta <cyberta@riseup.net>2017-09-15 01:38:39 +0200
commitdc9a7d39dc4cfe4c752704ffb4d1f02990da2dd1 (patch)
tree071f2dadae0f1cf731632d1c39eed2005484c688 /app/src/main/java
parente6886df9083252282408cd1ee0149c88021ebb11 (diff)
vpn certificate gets renewed 3 month before current certificate expires
Diffstat (limited to 'app/src/main/java')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java39
1 files changed, 23 insertions, 16 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
index b7c26761..709dda34 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -25,32 +25,35 @@ public class VpnCertificateValidator {
public final static String TAG = VpnCertificateValidator.class.getSimpleName();
private String certificate;
- protected CalendarProviderInterface calendarProvider;
+ private CalendarProviderInterface calendarProvider;
public VpnCertificateValidator(String certificate) {
this.certificate = certificate;
- calendarProvider = new CalendarProvider();
+ this.calendarProvider = new CalendarProvider();
}
public void setCalendarProvider(CalendarProviderInterface calendarProvider) {
this.calendarProvider = calendarProvider;
}
+ /**
+ *
+ * @return true if there's a certificate that is valid for more than 3 more months
+ */
public boolean isValid() {
- if (!certificate.isEmpty()) {
- X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
- return isValid(certificate_x509);
- } else return true;
+ if (certificate.isEmpty()) {
+ return false;
+ }
+
+ X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
+ return isValid(certificate_x509);
}
- /* FIXME: the validation seems to be syntactically wrong.
- * if the valid time span of a certificate is between 01.01.14 and 01.01.16 this method would return true for current dates between 01.01.13 and 01.01.15!!!
- */
private boolean isValid(X509Certificate certificate) {
- Calendar offset_date = calculateOffsetCertificateValidity(certificate);
+ Calendar offsetDate = calculateOffsetCertificateValidity(certificate);
try {
- certificate.checkValidity(offset_date.getTime());
+ certificate.checkValidity(offsetDate.getTime());
return true;
} catch (CertificateExpiredException e) {
return false;
@@ -60,11 +63,15 @@ public class VpnCertificateValidator {
}
private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
- long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime()) / 2;
- long current_date_millis = calendarProvider.getCalendar().getTimeInMillis();
+ Calendar limitDate = calendarProvider.getCalendar();
+ Date startDate = certificate.getNotBefore();
+ // if certificates start date is before current date just return the current date without an offset
+ if (startDate.getTime() >= limitDate.getTime().getTime()) {
+ return limitDate;
+ }
+ // else add an offset of 3 months to the current date
+ limitDate.add(Calendar.MONTH, 3);
- Calendar limit_date = calendarProvider.getCalendar();
- limit_date.setTimeInMillis(current_date_millis + preventive_time);
- return limit_date;
+ return limitDate;
}
}