summaryrefslogtreecommitdiff
path: root/app/src
diff options
context:
space:
mode:
authorcyBerta <cyberta@riseup.net>2022-07-31 04:07:47 +0200
committercyBerta <cyberta@riseup.net>2022-07-31 04:07:47 +0200
commit87446cbc0c818a374c057894b57e93156443a270 (patch)
treec2fa479d2b85df5eb624c75b71a89dac2973b8a3 /app/src
parent7692e1db1021460ec777928bdf418432cac9e7cb (diff)
implement obfuscation pinning
Diffstat (limited to 'app/src')
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java9
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java119
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java53
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java8
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java49
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java27
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java80
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java56
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java58
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java173
-rw-r--r--app/src/main/res/layout/d_obfuscation_proxy.xml129
-rw-r--r--app/src/main/res/layout/f_settings.xml3
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java36
-rw-r--r--app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java163
-rw-r--r--app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json160
-rw-r--r--app/src/test/resources/ptdemo_misconfigured_udp2.json65
16 files changed, 1078 insertions, 110 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index 10dd7033..6063ea53 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -5,10 +5,13 @@
package de.blinkt.openvpn.core;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
+
import android.os.Build;
-import androidx.core.util.Pair;
import android.text.TextUtils;
+import androidx.core.util.Pair;
+
import java.io.BufferedReader;
import java.io.IOException;
import java.io.Reader;
@@ -27,8 +30,6 @@ import de.blinkt.openvpn.core.connection.Obfs4Connection;
import de.blinkt.openvpn.core.connection.OpenvpnConnection;
import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
-
//! Openvpn Config FIle Parser, probably not 100% accurate but close enough
// And remember, this is valid :)
@@ -807,7 +808,7 @@ public class ConfigParser {
return null;
}
else
- conn = transportType == OBFS4 ? new Obfs4Connection(obfs4Options) : new OpenvpnConnection();
+ conn = transportType.getMetaType() == PT ? new Obfs4Connection(obfs4Options) : new OpenvpnConnection();
Vector<String> port = getOption("port", 1, 1);
if (port != null) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
index b7f16fa4..df78214d 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
@@ -1,2 +1,119 @@
-package se.leap.bitmaskclient.base.fragments;public class ObfuscationProxyDialog {
+package se.leap.bitmaskclient.base.fragments;
+
+import static android.view.View.GONE;
+import static android.view.View.VISIBLE;
+
+import android.app.Dialog;
+import android.os.Bundle;
+import android.text.TextUtils;
+import android.view.View;
+import android.widget.ArrayAdapter;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.appcompat.app.AlertDialog;
+import androidx.appcompat.app.AppCompatDialogFragment;
+import androidx.appcompat.widget.AppCompatButton;
+import androidx.appcompat.widget.AppCompatEditText;
+import androidx.appcompat.widget.AppCompatSpinner;
+
+import java.util.ArrayList;
+
+import se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper;
+import se.leap.bitmaskclient.base.utils.PreferenceHelper;
+import se.leap.bitmaskclient.base.views.IconSwitchEntry;
+import se.leap.bitmaskclient.databinding.DObfuscationProxyBinding;
+import se.leap.bitmaskclient.eip.GatewaysManager;
+
+public class ObfuscationProxyDialog extends AppCompatDialogFragment {
+ public static final String TAG = ObfuscationProxyDialog.class.getSimpleName();
+ DObfuscationProxyBinding binding;
+ AppCompatEditText ipField;
+ AppCompatEditText portField;
+ AppCompatEditText certificateField;
+ AppCompatSpinner gatewayHost;
+ AppCompatButton saveButton;
+ AppCompatButton useDefaultsButton;
+ AppCompatButton cancelButton;
+ IconSwitchEntry kcpSwitch;
+ ArrayAdapter<String> gatewayHosts;
+
+ @NonNull
+ @Override
+ public Dialog onCreateDialog(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ binding = DObfuscationProxyBinding.inflate(getLayoutInflater());
+ View view = binding.getRoot();
+ AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
+ builder.setView(view);
+ ipField = binding.ipField;
+ portField = binding.portField;
+ certificateField = binding.certField;
+ gatewayHost = binding.gatewayHost;
+ saveButton = binding.buttonSave;
+ useDefaultsButton = binding.buttonDefaults;
+ cancelButton = binding.buttonCancel;
+ kcpSwitch = binding.kcpSwitch;
+
+ ipField.setText(PreferenceHelper.getObfuscationPinningIP(getContext()));
+ portField.setText(PreferenceHelper.getObfuscationPinningPort(getContext()));
+ certificateField.setText(PreferenceHelper.getObfuscationPinningCert(getContext()));
+ kcpSwitch.setChecked(PreferenceHelper.getObfuscationPinningKCP(getContext()));
+
+ GatewaysManager gatewaysManager = new GatewaysManager(getContext());
+ ArrayList<String> hostsList = gatewaysManager.getHosts();
+
+ hostsList.add(0, "Select a Gateway");
+ gatewayHosts = new ArrayAdapter<>(getContext(), android.R.layout.simple_spinner_item, hostsList);
+ gatewayHosts.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
+ gatewayHost.setAdapter(gatewayHosts);
+ String selectedHost = PreferenceHelper.getObfuscationPinningGatewayHost(getContext());
+ if (selectedHost != null) {
+ gatewayHost.setSelection(gatewayHosts.getPosition(selectedHost));
+ }
+
+ saveButton.setOnClickListener(v -> {
+ String ip = TextUtils.isEmpty(ipField.getText()) ? null : ipField.getText().toString();
+ PreferenceHelper.setObfuscationPinningIP(v.getContext(), ip);
+ String port = TextUtils.isEmpty(portField.getText()) ? null : portField.getText().toString();
+ PreferenceHelper.setObfuscationPinningPort(v.getContext(), port);
+ String cert = TextUtils.isEmpty(certificateField.getText()) ? null : certificateField.getText().toString();
+ PreferenceHelper.setObfuscationPinningCert(v.getContext(), cert);
+ String gatewayHostName = gatewayHost.getSelectedItemPosition() == 0 ? null : gatewayHosts.getItem(gatewayHost.getSelectedItemPosition());
+ PreferenceHelper.setObfuscationPinningGatewayHost(v.getContext(), gatewayHostName);
+ PreferenceHelper.setObfuscationPinningGatewayIP(v.getContext(), gatewaysManager.getIpForHost(gatewayHostName));
+ PreferenceHelper.setObfuscationPinningKCP(v.getContext(), kcpSwitch.isChecked());
+ PreferenceHelper.setUseObfuscationPinning(v.getContext(), ip != null && port != null && cert != null && gatewayHostName != null);
+ PreferenceHelper.setObfuscationPinningGatewayLocation(v.getContext(), gatewaysManager.getLocationNameForHost(gatewayHostName));
+ dismiss();
+ });
+
+ useDefaultsButton.setVisibility(ObfsVpnHelper.hasObfuscationPinningDefaults() ? VISIBLE : GONE);
+ useDefaultsButton.setOnClickListener(v -> {
+ ipField.setText(ObfsVpnHelper.obfsvpnIP());
+ portField.setText(ObfsVpnHelper.obfsvpnPort());
+ certificateField.setText(ObfsVpnHelper.obfsvpnCert());
+ int position = gatewayHosts.getPosition(ObfsVpnHelper.gatewayHost());
+ if (position == -1) {
+ position = 0;
+ }
+ gatewayHost.setSelection(position);
+ kcpSwitch.setChecked(ObfsVpnHelper.useKcp());
+ });
+
+ cancelButton.setOnClickListener(v -> {
+ boolean allowPinning = !TextUtils.isEmpty(ipField.getText()) && !TextUtils.isEmpty(portField.getText()) && !TextUtils.isEmpty(certificateField.getText());
+ PreferenceHelper.setUseObfuscationPinning(
+ v.getContext(), allowPinning);
+ dismiss();
+ });
+
+ return builder.create();
+ }
+
+ @Override
+ public void onDestroyView() {
+ super.onDestroyView();
+ binding = null;
+ }
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
index 9d15f839..f7d20aa9 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
@@ -9,9 +9,10 @@ import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
import static se.leap.bitmaskclient.base.utils.ConfigHelper.isCalyxOSWithTetheringSupport;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getShowAlwaysOnDialog;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
@@ -19,7 +20,9 @@ import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseSnowflake;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.hasSnowflakePrefs;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.preferUDP;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setAllowExperimentalTransports;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setUseObfuscationPinning;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useBridges;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useSnowflake;
import static se.leap.bitmaskclient.base.utils.ViewHelper.setActionBarTitle;
@@ -86,6 +89,7 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
initTetheringEntry(view);
initGatewayPinningEntry(view);
initExperimentalTransportsEntry(view);
+ initObfuscationPinningEntry(view);
setActionBarTitle(this, advanced_settings);
return view;
}
@@ -260,6 +264,47 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
});
}
+ public void initObfuscationPinningEntry(View rootView) {
+ IconSwitchEntry obfuscationPinning = rootView.findViewById(R.id.obfuscation_proxy_pinning);
+ if (useObfsVpn()) {
+ obfuscationPinning.setVisibility(VISIBLE);
+ boolean useBridges = getUseBridges(getContext());
+ obfuscationPinning.setEnabled(useBridges);
+ obfuscationPinning.setSubtitle(useBridges ? "Connect to a specific obfuscation proxy for debugging purposes" : "Enable Bridges to use this option");
+ obfuscationPinning.setChecked(useObfuscationPinning(getContext()));
+ obfuscationPinning.setOnCheckedChangeListener((buttonView, isChecked) -> {
+ if (!buttonView.isPressed()) {
+ return;
+ }
+ if (!isChecked) {
+ setUseObfuscationPinning(getContext(), false);
+ } else {
+ showObfuscationPinningDialog();
+ }
+ });
+ obfuscationPinning.setOnClickListener(v -> {
+ if (obfuscationPinning.isChecked()) {
+ showObfuscationPinningDialog();
+ }
+ });
+ } else {
+ obfuscationPinning.setVisibility(GONE);
+ }
+ }
+
+ public void showObfuscationPinningDialog() {
+ try {
+ FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced(
+ getActivity().getSupportFragmentManager()).removePreviousFragment(
+ ObfuscationProxyDialog.TAG);
+ DialogFragment newFragment = new ObfuscationProxyDialog();
+ newFragment.setCancelable(false);
+ newFragment.show(fragmentTransaction, ObfuscationProxyDialog.TAG);
+ } catch (IllegalStateException | NullPointerException e) {
+ e.printStackTrace();
+ }
+ }
+
public void initExperimentalTransportsEntry(View rootView) {
IconSwitchEntry experimentalTransports = rootView.findViewById(R.id.experimental_transports);
if (useObfsVpn() && ProviderObservable.getInstance().getCurrentProvider().supportsExperimentalPluggableTransports()) {
@@ -315,9 +360,13 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
initPreferUDPEntry(rootView);
} else if (key.equals(USE_IPv6_FIREWALL)) {
initFirewallEntry(getView());
- } if (key.equals(GATEWAY_PINNING)) {
+ } else if (key.equals(GATEWAY_PINNING)) {
initGatewayPinningEntry(rootView);
}
+
+ if (key.equals(USE_OBFUSCATION_PINNING) || key.equals(USE_BRIDGES)) {
+ initObfuscationPinningEntry(rootView);
+ }
}
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
index b34a31eb..8fbac35e 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java
@@ -45,6 +45,14 @@ public interface Constants {
String PREFER_UDP = "prefer_UDP";
String GATEWAY_PINNING = "gateway_pinning";
String ALLOW_EXPERIMENTAL_TRANSPORTS = "allow_experimental_transports";
+ String USE_OBFUSCATION_PINNING = "use_obfuscation_pinning";
+ String OBFUSCATION_PINNING_IP = "obfuscation_pinning_ip";
+ String OBFUSCATION_PINNING_PORT = "obfuscation_pinning_port";
+ String OBFUSCATION_PINNING_CERT = "obfuscation_pinning_cert";
+ String OBFUSCATION_PINNING_KCP = "obfuscation_pinning_udp";
+ String OBFUSCATION_PINNING_GW_HOST = "obfuscation_pinning_gw_host";
+ String OBFUSCATION_PINNING_GW_IP = "obfuscation_pinning_gw_ip";
+ String OBFUSCATION_PINNING_LOCATION = "obfuscation_pinning_location";
//////////////////////////////////////////////
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java
new file mode 100644
index 00000000..90a033dd
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java
@@ -0,0 +1,49 @@
+package se.leap.bitmaskclient.base.models;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+import org.json.JSONObject;
+
+public class Transport {
+ private String type;
+ private String[] protocols;
+ private String[] ports;
+ private Options options;
+
+ public Transport(String type, String[] protocols, String[] ports, String cert) {
+ this.type = type;
+ this.protocols = protocols;
+ this.ports = ports;
+ this.options = new Options(cert);
+ }
+
+ @Override
+ public String toString() {
+ return new Gson().toJson(this);
+ }
+
+ public static Transport fromJson(JSONObject json) {
+ GsonBuilder builder = new GsonBuilder();
+ return builder.create().fromJson(json.toString(), Transport.class);
+ }
+
+ public static class Options {
+ private String cert;
+ private String iatMode;
+
+ public Options(String cert) {
+ this.cert = cert;
+ this.iatMode = "0";
+ }
+
+ @Override
+ public String toString() {
+ return new Gson().toJson(this);
+ }
+ }
+
+
+}
+
+
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
index 102756c4..c4e2fb17 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
@@ -285,5 +285,32 @@ public class ConfigHelper {
public static boolean useObfsVpn() {
return BuildConfig.use_obfsvpn;
}
+
+ public static boolean hasObfuscationPinningDefaults() {
+ return BuildConfig.obfsvpn_ip != null &&
+ BuildConfig.obfsvpn_port != null &&
+ BuildConfig.obfsvpn_cert != null &&
+ BuildConfig.obfsvpn_gateway_host != null &&
+ !BuildConfig.obfsvpn_ip.isEmpty() &&
+ !BuildConfig.obfsvpn_port.isEmpty() &&
+ !BuildConfig.obfsvpn_cert.isEmpty() &&
+ !BuildConfig.obfsvpn_gateway_host.isEmpty();
+ }
+ public static String obfsvpnIP() {
+ return BuildConfig.obfsvpn_ip;
+ }
+ public static String obfsvpnPort() {
+ return BuildConfig.obfsvpn_port;
+ }
+ public static String obfsvpnCert() {
+ return BuildConfig.obfsvpn_cert;
+ }
+ public static String gatewayHost() {
+ return BuildConfig.obfsvpn_gateway_host;
+ }
+
+ public static boolean useKcp() {
+ return BuildConfig.obfsvpn_use_kcp;
+ }
}
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
index 22fe42ff..d9beffd3 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java
@@ -11,6 +11,13 @@ import static se.leap.bitmaskclient.base.models.Constants.EXCLUDED_APPS;
import static se.leap.bitmaskclient.base.models.Constants.GATEWAY_PINNING;
import static se.leap.bitmaskclient.base.models.Constants.LAST_UPDATE_CHECK;
import static se.leap.bitmaskclient.base.models.Constants.LAST_USED_PROFILE;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_CERT;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_HOST;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_IP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_IP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_KCP;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_LOCATION;
+import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_PORT;
import static se.leap.bitmaskclient.base.models.Constants.PREFERRED_CITY;
import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_CONFIGURED;
@@ -22,10 +29,12 @@ import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
import static se.leap.bitmaskclient.base.models.Constants.SHOW_EXPERIMENTAL;
import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
import static se.leap.bitmaskclient.base.models.Constants.USE_SNOWFLAKE;
import android.content.Context;
import android.content.SharedPreferences;
+import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.WorkerThread;
@@ -260,6 +269,77 @@ public class PreferenceHelper {
return getBoolean(context, ALLOW_EXPERIMENTAL_TRANSPORTS, false);
}
+ public static void setUseObfuscationPinning(Context context, Boolean pinning) {
+ putBoolean(context, USE_OBFUSCATION_PINNING, pinning);
+ }
+
+ public static boolean useObfuscationPinning(Context context) {
+ return ConfigHelper.ObfsVpnHelper.useObfsVpn() &&
+ getUseBridges(context) &&
+ getBoolean(context, USE_OBFUSCATION_PINNING, false) &&
+ !TextUtils.isEmpty(getObfuscationPinningIP(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningCert(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningPort(context)) &&
+ !TextUtils.isEmpty(getObfuscationPinningGatewayHost(context));
+ }
+
+ public static void setObfuscationPinningIP(Context context, String ip) {
+ putString(context, OBFUSCATION_PINNING_IP, ip);
+ }
+
+ public static String getObfuscationPinningIP(Context context) {
+ return getString(context, OBFUSCATION_PINNING_IP, null);
+ }
+
+ public static void setObfuscationPinningPort(Context context, String port) {
+ putString(context, OBFUSCATION_PINNING_PORT, port);
+ }
+
+ public static String getObfuscationPinningPort(Context context) {
+ return getString(context, OBFUSCATION_PINNING_PORT, null);
+ }
+
+ public static void setObfuscationPinningCert(Context context, String cert) {
+ putString(context, OBFUSCATION_PINNING_CERT, cert);
+ }
+
+ public static String getObfuscationPinningCert(Context context) {
+ return getString(context, OBFUSCATION_PINNING_CERT, null);
+ }
+
+ public static void setObfuscationPinningGatewayHost(Context context, String gatewayIP) {
+ putString(context, OBFUSCATION_PINNING_GW_HOST, gatewayIP);
+ }
+
+ public static String getObfuscationPinningGatewayHost(Context context) {
+ return getString(context, OBFUSCATION_PINNING_GW_HOST, null);
+ }
+
+
+ public static void setObfuscationPinningGatewayIP(Context context, String ipForHost) {
+ putString(context, OBFUSCATION_PINNING_GW_IP, ipForHost);
+ }
+
+ public static String getObfuscationPinningGatewayIP(Context context) {
+ return getString(context, OBFUSCATION_PINNING_GW_IP, null);
+ }
+
+ public static void setObfuscationPinningGatewayLocation(Context context, String location) {
+ putString(context, OBFUSCATION_PINNING_LOCATION, location);
+ }
+
+ public static String getObfuscationPinningGatewayLocation(Context context) {
+ return getString(context, OBFUSCATION_PINNING_LOCATION, null);
+ }
+
+ public static Boolean getObfuscationPinningKCP(Context context) {
+ return getBoolean(context, OBFUSCATION_PINNING_KCP, false);
+ }
+
+ public static void setObfuscationPinningKCP(Context context, boolean isKCP) {
+ putBoolean(context, OBFUSCATION_PINNING_KCP, isKCP);
+ }
+
public static void setUseIPv6Firewall(Context context, boolean useFirewall) {
putBoolean(context, USE_IPv6_FIREWALL, useFirewall);
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
index e9281609..ff1dd05e 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java
@@ -26,6 +26,17 @@ import static se.leap.bitmaskclient.base.models.Constants.OPENVPN_CONFIGURATION;
import static se.leap.bitmaskclient.base.models.Constants.OVERLOAD;
import static se.leap.bitmaskclient.base.models.Constants.TIMEZONE;
import static se.leap.bitmaskclient.base.models.Constants.VERSION;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getExcludedApps;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningCert;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayHost;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayIP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayLocation;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningIP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningKCP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningPort;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
import android.content.Context;
@@ -45,7 +56,6 @@ import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.connection.Connection;
import se.leap.bitmaskclient.base.utils.ConfigHelper;
-import se.leap.bitmaskclient.base.utils.PreferenceHelper;
/**
* Gateway provides objects defining gateways and their metadata.
@@ -87,28 +97,37 @@ public class Gateway {
this.secrets = secrets;
this.load = load;
+ apiVersion = getApiVersion(eipDefinition);
+ VpnConfigGenerator.Configuration configuration = getProfileConfig(context, eipDefinition, apiVersion);
generalConfiguration = getGeneralConfiguration(eipDefinition);
timezone = getTimezone(eipDefinition);
- name = locationAsName(eipDefinition);
- apiVersion = getApiVersion(eipDefinition);
- vpnProfiles = createVPNProfiles(context);
+ name = configuration.profileName;
+ vpnProfiles = createVPNProfiles(configuration);
+ }
+
+ private VpnConfigGenerator.Configuration getProfileConfig(Context context, JSONObject eipDefinition, int apiVersion) {
+ VpnConfigGenerator.Configuration config = new VpnConfigGenerator.Configuration();
+ config.apiVersion = apiVersion;
+ config.preferUDP = getPreferUDP(context);
+ config.experimentalTransports = allowExperimentalTransports(context);
+ config.excludedApps = getExcludedApps(context);
+
+ config.useObfuscationPinning = useObfuscationPinning(context);
+ config.profileName = config.useObfuscationPinning ? getObfuscationPinningGatewayLocation(context) : locationAsName(eipDefinition);
+ config.remoteGatewayIP = config.useObfuscationPinning ? getObfuscationPinningGatewayIP(context) : gateway.optString(IP_ADDRESS);
+ if (config.useObfuscationPinning) {
+ config.obfuscationProxyIP = getObfuscationPinningIP(context);
+ config.obfuscationProxyPort = getObfuscationPinningPort(context);
+ config.obfuscationProxyCert = getObfuscationPinningCert(context);
+ config.obfuscationProxyKCP = getObfuscationPinningKCP(context);
+ }
+ return config;
}
public void updateLoad(JSONObject load) {
this.load = load;
}
- private void addProfileInfos(Context context, HashMap<Connection.TransportType, VpnProfile> profiles) {
- Set<String> excludedAppsVpn = PreferenceHelper.getExcludedApps(context);
- for (VpnProfile profile : profiles.values()) {
- profile.mName = name;
- profile.mGatewayIp = gateway.optString(IP_ADDRESS);
- if (excludedAppsVpn != null) {
- profile.mAllowedAppsVpn = new HashSet<>(excludedAppsVpn);
- }
- }
- }
-
private JSONObject getGeneralConfiguration(JSONObject eipDefinition) {
try {
return eipDefinition.getJSONObject(OPENVPN_CONFIGURATION);
@@ -172,13 +191,10 @@ public class Gateway {
/**
* Create and attach the VpnProfile to our gateway object
*/
- private @NonNull HashMap<Connection.TransportType, VpnProfile> createVPNProfiles(Context context)
+ private @NonNull HashMap<Connection.TransportType, VpnProfile> createVPNProfiles(VpnConfigGenerator.Configuration profileConfig)
throws ConfigParser.ConfigParseError, IOException, JSONException {
- boolean preferUDP = PreferenceHelper.getPreferUDP(context);
- boolean allowExperimentalTransports = PreferenceHelper.allowExperimentalTransports(context);
- VpnConfigGenerator vpnConfigurationGenerator = new VpnConfigGenerator(generalConfiguration, secrets, gateway, apiVersion, preferUDP, allowExperimentalTransports);
+ VpnConfigGenerator vpnConfigurationGenerator = new VpnConfigGenerator(generalConfiguration, secrets, gateway, profileConfig);
HashMap<Connection.TransportType, VpnProfile> profiles = vpnConfigurationGenerator.generateVpnProfiles();
- addProfileInfos(context, profiles);
return profiles;
}
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
index db7dd38c..7bcd0def 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java
@@ -16,6 +16,20 @@
*/
package se.leap.bitmaskclient.eip;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
+import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS;
+import static se.leap.bitmaskclient.base.models.Constants.HOST;
+import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
+import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
+import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningKCP;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
+
import android.content.Context;
import android.util.Log;
@@ -48,18 +62,6 @@ import se.leap.bitmaskclient.base.models.Provider;
import se.leap.bitmaskclient.base.models.ProviderObservable;
import se.leap.bitmaskclient.base.utils.PreferenceHelper;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
-import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
-import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS;
-import static se.leap.bitmaskclient.base.models.Constants.HOST;
-import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY;
-import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE;
-import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
-
/**
* @author parmegv
*/
@@ -115,6 +117,13 @@ public class GatewaysManager {
* @return the n closest Gateway
*/
public Pair<Gateway, TransportType> select(int nClosest) {
+ if (PreferenceHelper.useObfuscationPinning(context)) {
+ Gateway gateway = gateways.get(PreferenceHelper.getObfuscationPinningGatewayHost(context));
+ if (gateway == null) {
+ return null;
+ }
+ return new Pair<>(gateway, getObfuscationPinningKCP(context) ? OBFS4_KCP : OBFS4);
+ }
String selectedCity = getPreferredCity(context);
return select(nClosest, selectedCity);
}
@@ -135,6 +144,23 @@ public class GatewaysManager {
}
}
+ public ArrayList<String> getHosts() {
+ ArrayList<String> hosts = new ArrayList<>();
+ for (Gateway gateway : gateways.values()) {
+ hosts.add(gateway.getHost());
+ }
+ return hosts;
+ }
+
+
+ public String getIpForHost(String gatewayHostName) {
+ Gateway gateway = gateways.get(gatewayHostName);
+ if (gateway == null) {
+ return null;
+ }
+ return gateway.getRemoteIP();
+ }
+
public List<Location> getGatewayLocations() {
return getSortedGatewayLocations(null);
}
@@ -202,6 +228,14 @@ public class GatewaysManager {
}
}
+ public String getLocationNameForHost(String name) {
+ Gateway gateway = gateways.get(name);
+ if (gateway != null) {
+ return gateway.getName();
+ }
+ return "Unknown Location";
+ }
+
@Nullable
public Location getLocation(String name) {
List <Location> locations = getGatewayLocations();
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
index 58732713..a7df99bf 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java
@@ -19,6 +19,7 @@ package se.leap.bitmaskclient.eip;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP;
import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN;
+import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT;
import static se.leap.bitmaskclient.base.models.Constants.CAPABILITIES;
import static se.leap.bitmaskclient.base.models.Constants.IP_ADDRESS;
import static se.leap.bitmaskclient.base.models.Constants.IP_ADDRESS6;
@@ -44,14 +45,17 @@ import org.json.JSONObject;
import java.io.IOException;
import java.io.StringReader;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
+import java.util.Set;
import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ConfigParser;
import de.blinkt.openvpn.core.VpnStatus;
import de.blinkt.openvpn.core.connection.Connection;
-import se.leap.bitmaskclient.BuildConfig;
+import de.blinkt.openvpn.core.connection.Connection.TransportType;
import se.leap.bitmaskclient.base.models.Provider;
+import se.leap.bitmaskclient.base.models.Transport;
import se.leap.bitmaskclient.base.utils.ConfigHelper;
import se.leap.bitmaskclient.pluggableTransports.Obfs4Options;
@@ -64,23 +68,65 @@ public class VpnConfigGenerator {
private final int apiVersion;
private final boolean preferUDP;
private final boolean experimentalTransports;
+ private final boolean useObfuscationPinning;
+ private final String obfuscationPinningIP;
+ private final String obfuscationPinningPort;
+ private final String obfuscationPinningCert;
+ private final boolean obfuscationPinningKCP;
+ private final String remoteGatewayIP;
+ private final String profileName;
+ private final Set<String> excludedApps;
public final static String TAG = VpnConfigGenerator.class.getSimpleName();
private final String newLine = System.getProperty("line.separator"); // Platform new line
- public VpnConfigGenerator(JSONObject generalConfiguration, JSONObject secrets, JSONObject gateway, int apiVersion, boolean preferUDP, boolean experimentalTransports) throws ConfigParser.ConfigParseError {
+ public static class Configuration {
+ int apiVersion;
+ boolean preferUDP;
+ boolean experimentalTransports;
+ String remoteGatewayIP = "";
+ String profileName = "";
+ Set<String> excludedApps = null;
+
+ boolean useObfuscationPinning;
+ boolean obfuscationProxyKCP;
+ String obfuscationProxyIP = "";
+ String obfuscationProxyPort = "";
+ String obfuscationProxyCert = "";
+ }
+
+ public VpnConfigGenerator(JSONObject generalConfiguration, JSONObject secrets, JSONObject gateway, Configuration config) throws ConfigParser.ConfigParseError {
this.generalConfiguration = generalConfiguration;
this.gateway = gateway;
this.secrets = secrets;
- this.apiVersion = apiVersion;
- this.preferUDP = preferUDP;
- this.experimentalTransports = experimentalTransports;
+ this.apiVersion = config.apiVersion;
+ this.preferUDP = config.preferUDP;
+ this.experimentalTransports = config.experimentalTransports;
+ this.useObfuscationPinning = config.useObfuscationPinning;
+ this.obfuscationPinningIP = config.obfuscationProxyIP;
+ this.obfuscationPinningPort = config.obfuscationProxyPort;
+ this.obfuscationPinningCert = config.obfuscationProxyCert;
+ this.obfuscationPinningKCP = config.obfuscationProxyKCP;
+ this.remoteGatewayIP = config.remoteGatewayIP;
+ this.profileName = config.profileName;
+ this.excludedApps = config.excludedApps;
checkCapabilities();
}
public void checkCapabilities() throws ConfigParser.ConfigParseError {
try {
+ if (useObfuscationPinning) {
+ if (obfuscationPinningKCP) {
+ // the protocol TCP refers to the allowed openvpn protocol
+ obfs4TKcpTransport = new JSONObject(new Transport(OBFS4_KCP.toString(), new String[]{"tcp"}, new String[]{obfuscationPinningPort}, obfuscationPinningCert).toString());
+ } else {
+ String jsonTransportString = new Transport(OBFS4.toString(), new String[]{"tcp"}, new String[]{obfuscationPinningPort}, obfuscationPinningCert).toString();
+ obfs4Transport = new JSONObject(jsonTransportString);
+ }
+ return;
+ }
+
if (apiVersion >= 3) {
JSONArray supportedTransports = gateway.getJSONObject(CAPABILITIES).getJSONArray(TRANSPORT);
for (int i = 0; i < supportedTransports.length(); i++) {
@@ -101,7 +147,7 @@ public class VpnConfigGenerator {
}
}
- public HashMap<Connection.TransportType, VpnProfile> generateVpnProfiles() throws
+ public HashMap<TransportType, VpnProfile> generateVpnProfiles() throws
ConfigParser.ConfigParseError,
NumberFormatException,
JSONException,
@@ -133,7 +179,7 @@ public class VpnConfigGenerator {
return obfs4TKcpTransport != null;
}
- private String getConfigurationString(Connection.TransportType transportType) {
+ private String getConfigurationString(TransportType transportType) {
return generalConfiguration()
+ newLine
+ gatewayConfiguration(transportType)
@@ -144,7 +190,7 @@ public class VpnConfigGenerator {
}
@VisibleForTesting
- protected VpnProfile createProfile(Connection.TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException {
+ protected VpnProfile createProfile(TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException {
String configuration = getConfigurationString(transportType);
ConfigParser icsOpenvpnConfigParser = new ConfigParser();
icsOpenvpnConfigParser.parseConfig(new StringReader(configuration));
@@ -153,22 +199,30 @@ public class VpnConfigGenerator {
} else if (transportType == OBFS4_KCP) {
icsOpenvpnConfigParser.setObfs4Options(getObfs4Options(obfs4TKcpTransport, true));
}
- return icsOpenvpnConfigParser.convertProfile(transportType);
+
+ VpnProfile profile = icsOpenvpnConfigParser.convertProfile(transportType);
+ profile.mName = profileName;
+ profile.mGatewayIp = remoteGatewayIP;
+ if (excludedApps != null) {
+ profile.mAllowedAppsVpn = new HashSet<>(excludedApps);
+ }
+ return profile;
}
+ // TODO: whad does
private Obfs4Options getObfs4Options(JSONObject transportJson, boolean useUdp) throws JSONException {
JSONObject transportOptions = transportJson.getJSONObject(OPTIONS);
String iatMode = transportOptions.getString("iatMode");
String cert = transportOptions.getString("cert");
- String port = obfs4Transport.getJSONArray(PORTS).getString(0);
+ String port = transportJson.getJSONArray(PORTS).getString(0);
String ip = gateway.getString(IP_ADDRESS);
boolean udp = useUdp;
- if (BuildConfig.obfsvpn_pinning) {
- cert = BuildConfig.obfsvpn_cert;
- port = BuildConfig.obfsvpn_port;
- ip = BuildConfig.obfsvpn_port;
- udp = BuildConfig.obfsvpn_use_kcp;
+ if (useObfuscationPinning) {
+ cert = obfuscationPinningCert;
+ port = obfuscationPinningPort;
+ ip = obfuscationPinningIP;
+ udp = obfuscationPinningKCP;
}
return new Obfs4Options(ip, port, cert, iatMode, udp);
}
@@ -196,7 +250,7 @@ public class VpnConfigGenerator {
return commonOptions;
}
- private String gatewayConfiguration(Connection.TransportType transportType) {
+ private String gatewayConfiguration(TransportType transportType) {
String remotes = "";
StringBuilder stringBuilder = new StringBuilder();
@@ -217,6 +271,7 @@ public class VpnConfigGenerator {
String[] ipAddresses = ipAddress6.isEmpty() ?
new String[]{ipAddress} :
new String[]{ipAddress6, ipAddress};
+
JSONArray transports = capabilities.getJSONArray(TRANSPORT);
gatewayConfigMinApiv3(transportType, stringBuilder, ipAddresses, transports);
break;
@@ -234,9 +289,9 @@ public class VpnConfigGenerator {
return remotes;
}
- private void gatewayConfigMinApiv3(Connection.TransportType transportType, StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
- if (transportType == OBFS4) {
- obfs4GatewayConfigMinApiv3(stringBuilder, ipAddresses, transports);
+ private void gatewayConfigMinApiv3(TransportType transportType, StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
+ if (transportType.getMetaType() == PT) {
+ ptGatewayConfigMinApiv3(stringBuilder, ipAddresses, transportType, transports);
} else {
ovpnGatewayConfigMinApi3(stringBuilder, ipAddresses, transports);
}
@@ -296,7 +351,7 @@ public class VpnConfigGenerator {
}
}
- private JSONObject getTransport(JSONArray transports, Connection.TransportType transportType) throws JSONException {
+ private JSONObject getTransport(JSONArray transports, TransportType transportType) throws JSONException {
JSONObject selectedTransport = new JSONObject();
for (int i = 0; i < transports.length(); i++) {
JSONObject transport = transports.getJSONObject(i);
@@ -308,9 +363,35 @@ public class VpnConfigGenerator {
return selectedTransport;
}
- private void obfs4GatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException {
- JSONObject obfs4Transport = getTransport(transports, OBFS4);
- JSONArray protocols = obfs4Transport.getJSONArray(PROTOCOLS);
+ private boolean isAllowedProtocol(TransportType transportType, String protocol) {
+ switch (transportType) {
+ case OPENVPN:
+ return "tcp".equals(protocol) || "udp".equals(protocol);
+ case OBFS4:
+ case OBFS4_KCP:
+ return "tcp".equals(protocol);
+ }
+ return false;
+ }
+
+ private void ptGatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, TransportType transportType, JSONArray transports) throws JSONException {
+ if (useObfuscationPinning) {
+ JSONArray pinnedTransports = new JSONArray();
+ for (int i = 0; i < transports.length(); i++) {
+ if (OPENVPN.toString().equals(transports.getJSONObject(i).get(TYPE))) {
+ pinnedTransports.put(transports.getJSONObject(i));
+ break;
+ }
+ }
+ pinnedTransports.put(supportsObfs4() ? obfs4Transport : obfs4TKcpTransport);
+ transports = pinnedTransports;
+ }
+
+ JSONObject ptTransport = getTransport(transports, transportType);
+ JSONArray ptProtocols = ptTransport.getJSONArray(PROTOCOLS);
+ JSONObject openvpnTransport = getTransport(transports, OPENVPN);
+ JSONArray gatewayProtocols = openvpnTransport.getJSONArray(PROTOCOLS);
+
//for now only use ipv4 gateway the syntax route remote_host 255.255.255.255 net_gateway is not yet working
// https://community.openvpn.net/openvpn/ticket/1161
/*for (String ipAddress : ipAddresses) {
@@ -337,41 +418,55 @@ public class VpnConfigGenerator {
return;
}
- // check if at least one protocol is TCP, UDP is currently not supported for obfs4
- boolean hasTcp = false;
- for (int i = 0; i < protocols.length(); i++) {
- String protocol = protocols.getString(i);
+ // check if at least one openvpn protocol is TCP, openvpn in UDP is currently not supported for obfs4,
+ // however on the wire UDP might be used
+ boolean hasOpenvpnTcp = false;
+ for (int i = 0; i < gatewayProtocols.length(); i++) {
+ String protocol = gatewayProtocols.getString(i);
if (protocol.contains("tcp")) {
- hasTcp = true;
+ hasOpenvpnTcp = true;
+ break;
+ }
+ }
+
+ if (!hasOpenvpnTcp) {
+ VpnStatus.logError("obfs4 currently only allows openvpn in TCP mode! Skipping obfs4 config for ip " + ipAddress);
+ return;
+ }
+
+ boolean hasAllowedPTProtocol = false;
+ for (int i = 0; i < ptProtocols.length(); i++) {
+ String protocol = ptProtocols.getString(i);
+ if (isAllowedProtocol(transportType, protocol)) {
+ hasAllowedPTProtocol = true;
+ break;
}
}
- if (!hasTcp) {
- VpnStatus.logError("obfs4 currently only allows TCP! Skipping obfs4 config for ip " + ipAddress);
+ if (!hasAllowedPTProtocol) {
+ VpnStatus.logError("Misconfigured provider: wrong protocol defined in " + transportType.toString()+ " transport JSON.");
return;
}
- JSONArray ports = obfs4Transport.getJSONArray(PORTS);
+ JSONArray ports = ptTransport.getJSONArray(PORTS);
if (ports.isNull(0)){
- VpnStatus.logError("Misconfigured provider: no ports defined in obfs4 transport JSON.");
+ VpnStatus.logError("Misconfigured provider: no ports defined in " + transportType.toString()+ " transport JSON.");
return;
}
String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine;
stringBuilder.append(route);
+ String remote;
if (useObfsVpn()) {
- String remote;
- if (BuildConfig.obfsvpn_pinning) {
- remote = REMOTE + " " + BuildConfig.obfsvpn_ip + " " + BuildConfig.obfsvpn_port + newLine;
+ if (useObfuscationPinning) {
+ remote = REMOTE + " " + obfuscationPinningIP + " " + obfuscationPinningPort + newLine;
} else {
remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine;
}
-
- stringBuilder.append(remote);
} else {
- String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
- stringBuilder.append(remote);
+ remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine;
}
+ stringBuilder.append(remote);
}
private String secretsConfiguration() {
diff --git a/app/src/main/res/layout/d_obfuscation_proxy.xml b/app/src/main/res/layout/d_obfuscation_proxy.xml
new file mode 100644
index 00000000..e8f61ebd
--- /dev/null
+++ b/app/src/main/res/layout/d_obfuscation_proxy.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ScrollView xmlns:android="http://schemas.android.com/apk/res/android"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent"
+ xmlns:app="http://schemas.android.com/apk/res-auto"
+ android:scrollbars="none">
+ <androidx.appcompat.widget.LinearLayoutCompat
+ android:orientation = "vertical"
+ android:layout_height="wrap_content"
+ android:layout_width="match_parent"
+ android:padding="@dimen/activity_margin"
+ >
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="Obfuscation Proxy Pinning"
+ android:textStyle="bold"
+ android:gravity="center_horizontal"
+ android:textAppearance="@android:style/TextAppearance.Large"
+ />
+
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="Proxy IP"
+ android:paddingTop="@dimen/activity_margin"
+ android:textStyle="bold"
+ android:textAppearance="@android:style/TextAppearance.DeviceDefault" />
+ <androidx.appcompat.widget.AppCompatEditText
+ android:id="@+id/ip_field"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ />
+
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="Proxy Port"
+ android:paddingTop="@dimen/activity_margin"
+ android:textStyle="bold"
+ android:textAppearance="@android:style/TextAppearance.DeviceDefault"
+
+ />
+ <androidx.appcompat.widget.AppCompatEditText
+ android:id="@+id/port_field"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"/>
+
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="Certificate"
+ android:textStyle="bold"
+ android:paddingTop="@dimen/activity_margin"
+ android:textAppearance="@android:style/TextAppearance.DeviceDefault" />
+ <androidx.appcompat.widget.AppCompatEditText
+ android:id="@+id/cert_field"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"/>
+
+ <TextView
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="Gateway Host Name"
+ android:textStyle="bold"
+ android:paddingTop="@dimen/activity_margin"
+ android:textAppearance="@android:style/TextAppearance.DeviceDefault" />
+ <!--<androidx.appcompat.widget.AppCompatEditText
+ android:id="@+id/gateway_ip_field"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"/>-->
+ <androidx.appcompat.widget.AppCompatSpinner
+ android:id="@+id/gateway_host"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ />
+
+ <se.leap.bitmaskclient.base.views.IconSwitchEntry
+ android:id="@+id/kcp_switch"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ app:text="KCP"
+ app:subtitle="UDP based network protocol"
+ app:icon="@drawable/ic_multiple_stop"
+ >
+
+ </se.leap.bitmaskclient.base.views.IconSwitchEntry>
+
+ <androidx.appcompat.widget.LinearLayoutCompat
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:layout_gravity="end"
+ android:layout_marginTop="@dimen/activity_margin"
+ android:gravity="right"
+ android:orientation="vertical">
+ <androidx.appcompat.widget.AppCompatButton
+ android:id="@+id/button_defaults"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:text="Use defaults"
+ android:background="@drawable/cust_button_secondary"
+ android:layout_marginHorizontal="@dimen/stdpadding"
+ />
+ <androidx.appcompat.widget.LinearLayoutCompat
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:layout_marginTop="@dimen/stdpadding"
+ android:orientation="horizontal">
+ <androidx.appcompat.widget.AppCompatButton
+ android:id="@+id/button_cancel"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:layout_marginHorizontal="@dimen/stdpadding"
+ android:text="@string/cancel"
+ />
+
+ <androidx.appcompat.widget.AppCompatButton
+ android:id="@+id/button_save"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:layout_marginHorizontal="@dimen/stdpadding"
+ android:text="@string/save"
+ />
+ </androidx.appcompat.widget.LinearLayoutCompat>
+
+ </androidx.appcompat.widget.LinearLayoutCompat>
+
+ </androidx.appcompat.widget.LinearLayoutCompat>
+</ScrollView> \ No newline at end of file
diff --git a/app/src/main/res/layout/f_settings.xml b/app/src/main/res/layout/f_settings.xml
index d41126b9..3ce19797 100644
--- a/app/src/main/res/layout/f_settings.xml
+++ b/app/src/main/res/layout/f_settings.xml
@@ -124,13 +124,14 @@
app:subtitle="These transports might circumvent censorship, but are still in a testing phase"
/>
- <se.leap.bitmaskclient.base.views.IconTextEntry
+ <se.leap.bitmaskclient.base.views.IconSwitchEntry
android:id="@+id/obfuscation_proxy_pinning"
android:layout_width="match_parent"
android:layout_height="wrap_content"
app:text="Obfuscation proxy pinning"
app:singleLine="false"
app:subtitle="Connect to a specific obfuscation proxy for debugging purposes"
+ android:visibility="gone"
/>
</LinearLayout>
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java
index 56242396..3b0d5552 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java
@@ -117,9 +117,11 @@ public class GatewaysManagerTest {
MockHelper.mockProviderObservable(provider);
GatewaysManager gatewaysManager = new GatewaysManager(mockContext);
- VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.remoteGatewayIP = "37.218.247.60";
+ VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration);
VpnProfile profile = configGenerator.createProfile(OBFS4);
- profile.mGatewayIp = "37.218.247.60";
assertEquals(0, gatewaysManager.getPosition(profile));
}
@@ -132,9 +134,11 @@ public class GatewaysManagerTest {
MockHelper.mockProviderObservable(provider);
GatewaysManager gatewaysManager = new GatewaysManager(mockContext);
- VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.remoteGatewayIP = "37.218.247.60";
+ VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration);
VpnProfile profile = configGenerator.createProfile(OPENVPN);
- profile.mGatewayIp = "37.218.247.60";
assertEquals(0, gatewaysManager.getPosition(profile));
}
@@ -147,9 +151,11 @@ public class GatewaysManagerTest {
MockHelper.mockProviderObservable(provider);
GatewaysManager gatewaysManager = new GatewaysManager(mockContext);
- VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.remoteGatewayIP = "37.218.247.60";
+ VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration);
VpnProfile profile = configGenerator.createProfile(OBFS4);
- profile.mGatewayIp = "37.218.247.60";
assertEquals(1, gatewaysManager.getPosition(profile));
}
@@ -162,9 +168,11 @@ public class GatewaysManagerTest {
MockHelper.mockProviderObservable(provider);
GatewaysManager gatewaysManager = new GatewaysManager(mockContext);
- VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.remoteGatewayIP = "37.218.247.60";
+ VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration);
VpnProfile profile = configGenerator.createProfile(OPENVPN);
- profile.mGatewayIp = "37.218.247.60";
assertEquals(2, gatewaysManager.getPosition(profile));
}
@@ -177,9 +185,11 @@ public class GatewaysManagerTest {
MockHelper.mockProviderObservable(provider);
GatewaysManager gatewaysManager = new GatewaysManager(mockContext);
- VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.remoteGatewayIP = "37.218.247.61";
+ VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration);
VpnProfile profile = configGenerator.createProfile(OBFS4);
- profile.mGatewayIp = "37.218.247.61";
assertEquals(-1, gatewaysManager.getPosition(profile));
}
@@ -192,9 +202,11 @@ public class GatewaysManagerTest {
MockHelper.mockProviderObservable(provider);
GatewaysManager gatewaysManager = new GatewaysManager(mockContext);
- VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.remoteGatewayIP = "3.21.247.89";
+ VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration);
VpnProfile profile = configGenerator.createProfile(OBFS4);
- profile.mGatewayIp = "3.21.247.89";
assertEquals(1, gatewaysManager.getPosition(profile));
}
diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
index f0db65d9..86a287ad 100644
--- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
+++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java
@@ -1437,7 +1437,9 @@ public class VpnConfigGeneratorTest {
@Test
public void testGenerateVpnProfile_v1_tcp_udp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_tcp_udp.json")));
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 1, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 1;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertFalse(vpnProfiles.containsKey(OBFS4));
assertEquals(expectedVPNConfig_v1_tcp_udp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim());
@@ -1446,7 +1448,9 @@ public class VpnConfigGeneratorTest {
@Test
public void testGenerateVpnProfile_v1_udp_tcp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_udp_tcp.json")));
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 1, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 1;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertFalse(vpnProfiles.containsKey(OBFS4));
assertEquals(expectedVPNConfig_v1_udp_tcp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim());
@@ -1455,7 +1459,9 @@ public class VpnConfigGeneratorTest {
@Test
public void testGenerateVpnProfile_v2_tcp_udp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_tcp_udp.json")));
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 2, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 2;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertFalse(vpnProfiles.containsKey(OBFS4));
assertEquals(expectedVPNConfig_v1_tcp_udp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim());
@@ -1464,7 +1470,9 @@ public class VpnConfigGeneratorTest {
@Test
public void testGenerateVpnProfile_v2_udp_tcp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_udp_tcp.json")));
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 2, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 2;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertFalse(vpnProfiles.containsKey(OBFS4));
assertEquals(expectedVPNConfig_v1_udp_tcp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim());
@@ -1475,7 +1483,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_obfs4() throws Exception {
when(ConfigHelper.ObfsVpnHelper.useObfsVpn()).thenReturn(false);
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo.bitmask.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1487,7 +1497,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_obfs4_obfsvpn() throws Exception {
when(ConfigHelper.ObfsVpnHelper.useObfsVpn()).thenReturn(true);
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo.bitmask.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1498,7 +1510,9 @@ public class VpnConfigGeneratorTest {
@Test
public void testGenerateVpnProfile_v3_ovpn_tcp_udp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_pt_tcp_udp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1509,7 +1523,9 @@ public class VpnConfigGeneratorTest {
@Test
public void testGenerateVpnProfile_v3_ovpn_udp_tcp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_pt_udp_tcp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1522,7 +1538,9 @@ public class VpnConfigGeneratorTest {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_pt_udp_tcp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
//delete "data-ciphers" from config to test if the resulting openvpn config file will contain the default value taken from "cipher" flag
generalConfig.put("data-ciphers", null);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1534,7 +1552,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v4_ovpn_tcp_udp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp.eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 4, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 4;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1546,7 +1566,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v4_ovpn_udp_tcp() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_udp_tcp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_udp_tcp.eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 4, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 4;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1558,7 +1580,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_ipv6only_allowOpenvpnIPv6Only() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OPENVPN));
}
@@ -1567,7 +1591,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_obfs4IPv6_skip() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertFalse(vpnProfiles.containsKey(OBFS4));
}
@@ -1579,7 +1605,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_obfs4IPv4AndIPv6_skipIPv6() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1594,7 +1622,24 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_obfs4udp_skip() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertFalse(vpnProfiles.containsKey(OBFS4));
+ assertTrue(vpnProfiles.containsKey(OPENVPN));
+ }
+
+ /**
+ * obfs4 cannot be used with UDP, openvpn needs to support TCP
+ */
+ @Test
+ public void testGenerateVpnProfile_v3_obfs4TCP_openvpnUDP_skip() throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp2.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp2.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertFalse(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1604,7 +1649,9 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_v3_obfs4UDPAndTCP_skipUDP() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1616,7 +1663,10 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_preferUDP_firstRemotesUDP() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/multiport_tcpudp_eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/multiport_tcpudp_eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, true, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.preferUDP = true;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OPENVPN));
@@ -1628,16 +1678,23 @@ public class VpnConfigGeneratorTest {
public void testGenerateVpnProfile_testNewCiphers() throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp_new_ciphers.eip-service.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp_new_ciphers.eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 4, false, false);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 4;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
System.out.println(vpnProfiles.get(OPENVPN).getConfigFile(context, false));
assertEquals(expectedVPNConfig_v4_ovpn_tcp_udp_new_ciphers.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim());
}
+ @Test
public void testGenerateVpnProfileExperimentalTransportsEnabled () throws Exception {
gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0);
generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION);
- vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, true, true);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.experimentalTransports = true;
+ configuration.preferUDP = true;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
assertTrue(vpnProfiles.containsKey(OBFS4));
assertTrue(vpnProfiles.containsKey(OBFS4_KCP));
@@ -1645,4 +1702,72 @@ public class VpnConfigGeneratorTest {
}
+ @Test
+ public void testGenerateVpnProfile_experimentalTransportsEnabled_KCPMisconfiguredWithUDP_SkippingObfsKCP () throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.experimentalTransports = true;
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertTrue(vpnProfiles.containsKey(OBFS4));
+ assertFalse(vpnProfiles.containsKey(OBFS4_KCP));
+ assertTrue(vpnProfiles.containsKey(OPENVPN));
+ }
+
+ @Test
+ public void testGenerateVpnProfile_ObfuscationPinningEnabled_obfs4AndOpenvpnProfile () throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.useObfuscationPinning = true;
+ configuration.remoteGatewayIP = "1.2.3.4";
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertTrue("has openvpn profile", vpnProfiles.containsKey(OPENVPN));
+ assertTrue("has obfs4 profile", vpnProfiles.containsKey(OBFS4));
+ assertFalse("has no obfs4 kcp profile", vpnProfiles.containsKey(OBFS4_KCP));
+ }
+
+ @Test
+ public void testGenerateVpnProfile_ObfuscationPinningEnabled_obfs4Profile () throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.useObfuscationPinning = true;
+ configuration.obfuscationProxyKCP = true;
+ configuration.obfuscationProxyPort = "443";
+ configuration.obfuscationProxyIP = "5.6.7.8";
+ configuration.obfuscationProxyCert = "asdfasdf";
+ configuration.remoteGatewayIP = "1.2.3.4";
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertTrue("has obfs4_kcp profile", vpnProfiles.containsKey(OBFS4_KCP));
+ assertTrue("has openvpn profile", vpnProfiles.containsKey(OPENVPN));
+ assertFalse("has no obfs4 profile", vpnProfiles.containsKey(OBFS4));
+ }
+
+ @Test
+ public void testGenerateVpnProfile_ObfuscationPinningEnabled_kcp_obfs4KcpProfile () throws Exception {
+ gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0);
+ generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION);
+ VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration();
+ configuration.apiVersion = 3;
+ configuration.useObfuscationPinning = true;
+ configuration.obfuscationProxyKCP = true;
+ configuration.obfuscationProxyPort = "443";
+ configuration.obfuscationProxyIP = "5.6.7.8";
+ configuration.obfuscationProxyCert = "asdfasdf";
+ configuration.remoteGatewayIP = "1.2.3.4";
+
+ vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration);
+ HashMap<Connection.TransportType, VpnProfile> vpnProfiles = vpnConfigGenerator.generateVpnProfiles();
+ assertTrue("has obfs4_kcp profile", vpnProfiles.containsKey(OBFS4_KCP));
+ assertTrue("has openvpn profile", vpnProfiles.containsKey(OPENVPN));
+ assertFalse("has no obfs4 profile", vpnProfiles.containsKey(OBFS4));
+ }
+
} \ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json b/app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json
new file mode 100644
index 00000000..94a1eafd
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json
@@ -0,0 +1,160 @@
+{
+ "gateways":[
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"obfs4",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "23049"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"obfs4-1",
+ "protocols":[
+ "udp"
+ ],
+ "ports":[
+ "23050"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"openvpn",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "1195"
+ ]
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"pt.demo.bitmask.net",
+ "ip_address":"37.218.247.60",
+ "location":"Amsterdam"
+ },
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"obfs4",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "443"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX2",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"openvpn",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "1195"
+ ]
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"moscow.bitmask.net",
+ "ip_address":"3.21.247.89",
+ "location":"moscow"
+ },
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"openvpn",
+ "protocols":[
+ "tcp",
+ "udp"
+ ],
+
+ "ports":[
+ "1195"
+ ]
+ },
+ {
+ "type":"obfs4-1",
+ "protocols":[
+ "udp"
+ ],
+ "ports":[
+ "23050"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1",
+ "iatMode": "0"
+ }
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"manila.bitmask.net",
+ "ip_address":"37.12.247.10",
+ "location":"manila"
+ }
+ ],
+ "locations":{
+ "Amsterdam":{
+ "country_code":"NL",
+ "hemisphere":"N",
+ "name":"Amsterdam",
+ "timezone":"-1"
+ },
+ "moscow": {
+ "country_code": "RU",
+ "hemisphere": "N",
+ "name": "Moscow",
+ "timezone": "+3"
+ },
+ "manila": {
+ "country_code": "PH",
+ "hemisphere": "N",
+ "name": "Manila",
+ "timezone": "+8"
+ }
+ },
+ "openvpn_configuration":{
+ "auth":"SHA1",
+ "cipher":"AES-256-CBC",
+ "keepalive":"10 30",
+ "tls-cipher":"DHE-RSA-AES128-SHA",
+ "tun-ipv6":true,
+ "dev" : "tun",
+ "sndbuf" : "0",
+ "rcvbuf" : "0",
+ "nobind" : true,
+ "persist-key" : true,
+ "key-direction" : "1",
+ "verb" : "3"
+ },
+ "serial":2,
+ "version":3
+} \ No newline at end of file
diff --git a/app/src/test/resources/ptdemo_misconfigured_udp2.json b/app/src/test/resources/ptdemo_misconfigured_udp2.json
new file mode 100644
index 00000000..d2a54cef
--- /dev/null
+++ b/app/src/test/resources/ptdemo_misconfigured_udp2.json
@@ -0,0 +1,65 @@
+{
+ "gateways":[
+ {
+ "capabilities":{
+ "adblock":false,
+ "filter_dns":false,
+ "limited":false,
+ "transport":[
+ {
+ "type":"obfs4",
+ "protocols":[
+ "tcp"
+ ],
+ "ports":[
+ "23049"
+ ],
+ "options": {
+ "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
+ "iatMode": "0"
+ }
+ },
+ {
+ "type":"openvpn",
+ "protocols":[
+ "udp"
+ ],
+ "ports":[
+ "1195"
+ ]
+ }
+ ],
+ "user_ips":false
+ },
+ "host":"pt.demo.bitmask.net",
+ "ip_address6":"2001:db8:123::1058",
+ "ip_address":"37.218.247.60",
+ "location":"Amsterdam"
+ }
+ ],
+ "locations":{
+ "Amsterdam":{
+ "country_code":"NL",
+ "hemisphere":"N",
+ "name":"Amsterdam",
+ "timezone":"-1"
+ }
+ },
+ "openvpn_configuration":{
+ "auth":"SHA1",
+ "cipher":"AES-256-CBC",
+ "keepalive":"10 30",
+ "tls-cipher":"DHE-RSA-AES128-SHA",
+ "tun-ipv6":true,
+ "dev" : "tun",
+ "sndbuf" : "0",
+ "rcvbuf" : "0",
+ "nobind" : true,
+ "persist-key" : true,
+ "comp-lzo" : true,
+ "key-direction" : "1",
+ "verb" : "3"
+ },
+ "serial":2,
+ "version":3
+} \ No newline at end of file