skip obfs4 connections using either ipv6 addresses or UDP

author: cyBerta <cyberta@riseup.net> 2021-11-14 18:34:04 +0100
committer: cyBerta <cyberta@riseup.net> 2021-11-14 18:34:04 +0100
commit: f18a85e4cd95f938c9ed78b31b8d27b2a02994c7 (patch)
tree: 94e2dfa2f6c4d82a82ef24df6be5ccd219b4e69b /app/src/test
parent: a48c6c1c719247e4663d946e4ee56bfada98b5e6 (diff)
4 files changed, 238 insertions, 0 deletions
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
index 2f2266cb..56575556 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
@@ -1149,5 +1149,47 @@ public class VpnConfigGeneratorTest {
         assertTrue(vpnProfiles.containsKey(OPENVPN));
     }
 
+    @Test
+    public void testGenerateVpnProfile_v3_obfs4IPv6_skip() throws Exception {
+        gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
+        generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+        vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+        HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+        assertFalse(vpnProfiles.containsKey(OBFS4));
+    }
+
+    @Test
+    public void testGenerateVpnProfile_v3_obfs4IPv4AndIPv6_skipIPv6() throws Exception {
+        gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
+        generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+        vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+        HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+        assertTrue(vpnProfiles.containsKey(OBFS4));
+        assertTrue(vpnProfiles.containsKey(OPENVPN));
+        assertEquals(1, vpnProfiles.get(OBFS4).mConnections.length);
+        assertEquals("37.218.247.60/32", vpnProfiles.get(OBFS4).mExcludedRoutes.trim());
+    }
+
+    @Test
+    public void testGenerateVpnProfile_v3_obfs4udp_skip() throws Exception {
+        gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONArray("gateways").getJSONObject(0);
+        generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+        vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+        HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+        assertFalse(vpnProfiles.containsKey(OBFS4));
+        assertTrue(vpnProfiles.containsKey(OPENVPN));
+    }
+
+    @Test
+    public void testGenerateVpnProfile_v3_obfs4UDPAndTCP_skipUDP() throws Exception {
+        gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONArray("gateways").getJSONObject(0);
+        generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+        vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3);
+        HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+        assertTrue(vpnProfiles.containsKey(OBFS4));
+        assertTrue(vpnProfiles.containsKey(OPENVPN));
+        assertEquals(1, vpnProfiles.get(OBFS4).mConnections.length);
+        assertFalse(vpnProfiles.get(OBFS4).mConnections[0].isUseUdp());
+    }
 
 }
 \ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json b/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json
new file mode 100644
index 00000000..5c913c14
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json
@@ -0,0 +1,65 @@
+{
+  "gateways":[
+    {
+      "capabilities":{
+        "adblock":false,
+        "filter_dns":false,
+        "limited":false,
+        "transport":[
+          {
+            "type":"obfs4",
+            "protocols":[
+              "tcp"
+            ],
+            "ports":[
+              "23049"
+            ],
+            "options": {
+              "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+              "iatMode": "0"
+            }
+          },
+          {
+            "type":"openvpn",
+            "protocols":[
+              "tcp"
+            ],
+            "ports":[
+              "1195"
+            ]
+          }
+        ],
+        "user_ips":false
+      },
+      "host":"pt.demo.bitmask.net",
+      "ip_address6":"2001:db8:123::1058",
+      "ip_address":"37.218.247.60",
+      "location":"Amsterdam"
+    }
+  ],
+  "locations":{
+    "Amsterdam":{
+      "country_code":"NL",
+      "hemisphere":"N",
+      "name":"Amsterdam",
+      "timezone":"-1"
+    }
+  },
+  "openvpn_configuration":{
+    "auth":"SHA1",
+    "cipher":"AES-256-CBC",
+    "keepalive":"10 30",
+    "tls-cipher":"DHE-RSA-AES128-SHA",
+    "tun-ipv6":true,
+    "dev" : "tun",
+    "sndbuf" : "0",
+    "rcvbuf" : "0",
+    "nobind" : true,
+    "persist-key" : true,
+    "comp-lzo" : true,
+    "key-direction" : "1",
+    "verb" : "3"
+  },
+  "serial":2,
+  "version":3
+}
+\ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_udp.json b/app/src/test/resources/ptdemo_misconfigured_udp.json
new file mode 100644
index 00000000..aa9a0d33
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_udp.json
@@ -0,0 +1,65 @@
+{
+  "gateways":[
+    {
+      "capabilities":{
+        "adblock":false,
+        "filter_dns":false,
+        "limited":false,
+        "transport":[
+          {
+            "type":"obfs4",
+            "protocols":[
+              "udp"
+            ],
+            "ports":[
+              "23049"
+            ],
+            "options": {
+              "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+              "iatMode": "0"
+            }
+          },
+          {
+            "type":"openvpn",
+            "protocols":[
+              "tcp"
+            ],
+            "ports":[
+              "1195"
+            ]
+          }
+        ],
+        "user_ips":false
+      },
+      "host":"pt.demo.bitmask.net",
+      "ip_address6":"2001:db8:123::1058",
+      "ip_address":"37.218.247.60",
+      "location":"Amsterdam"
+    }
+  ],
+  "locations":{
+    "Amsterdam":{
+      "country_code":"NL",
+      "hemisphere":"N",
+      "name":"Amsterdam",
+      "timezone":"-1"
+    }
+  },
+  "openvpn_configuration":{
+    "auth":"SHA1",
+    "cipher":"AES-256-CBC",
+    "keepalive":"10 30",
+    "tls-cipher":"DHE-RSA-AES128-SHA",
+    "tun-ipv6":true,
+    "dev" : "tun",
+    "sndbuf" : "0",
+    "rcvbuf" : "0",
+    "nobind" : true,
+    "persist-key" : true,
+    "comp-lzo" : true,
+    "key-direction" : "1",
+    "verb" : "3"
+  },
+  "serial":2,
+  "version":3
+}
+\ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_udptcp.json b/app/src/test/resources/ptdemo_misconfigured_udptcp.json
new file mode 100644
index 00000000..42d55de9
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_udptcp.json
@@ -0,0 +1,66 @@
+{
+  "gateways":[
+    {
+      "capabilities":{
+        "adblock":false,
+        "filter_dns":false,
+        "limited":false,
+        "transport":[
+          {
+            "type":"obfs4",
+            "protocols":[
+              "udp",
+              "tcp"
+            ],
+            "ports":[
+              "23049"
+            ],
+            "options": {
+              "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+              "iatMode": "0"
+            }
+          },
+          {
+            "type":"openvpn",
+            "protocols":[
+              "tcp"
+            ],
+            "ports":[
+              "1195"
+            ]
+          }
+        ],
+        "user_ips":false
+      },
+      "host":"pt.demo.bitmask.net",
+      "ip_address6":"2001:db8:123::1058",
+      "ip_address":"37.218.247.60",
+      "location":"Amsterdam"
+    }
+  ],
+  "locations":{
+    "Amsterdam":{
+      "country_code":"NL",
+      "hemisphere":"N",
+      "name":"Amsterdam",
+      "timezone":"-1"
+    }
+  },
+  "openvpn_configuration":{
+    "auth":"SHA1",
+    "cipher":"AES-256-CBC",
+    "keepalive":"10 30",
+    "tls-cipher":"DHE-RSA-AES128-SHA",
+    "tun-ipv6":true,
+    "dev" : "tun",
+    "sndbuf" : "0",
+    "rcvbuf" : "0",
+    "nobind" : true,
+    "persist-key" : true,
+    "comp-lzo" : true,
+    "key-direction" : "1",
+    "verb" : "3"
+  },
+  "serial":2,
+  "version":3
+}
+\ No newline at end of file
author	cyBerta <cyberta@riseup.net>	2021-11-14 18:34:04 +0100
committer	cyBerta <cyberta@riseup.net>	2021-11-14 18:34:04 +0100
commit	f18a85e4cd95f938c9ed78b31b8d27b2a02994c7 (patch)
tree	94e2dfa2f6c4d82a82ef24df6be5ccd219b4e69b /app/src/test
parent	a48c6c1c719247e4663d946e4ee56bfada98b5e6 (diff)