summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-11-11 23:28:11 +0100
committerParménides GV <parmegv@sdf.org>2014-11-11 23:28:11 +0100
commit284a35d3ee622c75593bc79e08a356099517154f (patch)
treef61f29599c94c2137b71065b4495e5d991b44166 /app
parent6544b8d32ccf81a6c1d832217642b873be8dc6b7 (diff)
parent055b8942d265ff10b4f6c9611cca86f585d24023 (diff)
Merge branch 'bug/Blocking-VPN-sometimes-dissapears-ahead-of-time-#6348' into develop
Diffstat (limited to 'app')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/EIP.java208
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/VpnConfigGenerator.java146
2 files changed, 197 insertions, 157 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/EIP.java b/app/src/main/java/se/leap/bitmaskclient/EIP.java
index ad7552c8..7f15b944 100644
--- a/app/src/main/java/se/leap/bitmaskclient/EIP.java
+++ b/app/src/main/java/se/leap/bitmaskclient/EIP.java
@@ -88,9 +88,8 @@ public final class EIP extends IntentService {
public final static String RECEIVER_TAG = "receiverTag";
public final static String REQUEST_TAG = "requestTag";
public final static String TAG = EIP.class.getSimpleName();
+ private static SharedPreferences preferences;
- public final static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US);
-
private static Context context;
private static ResultReceiver mReceiver;
private static boolean mBound = false;
@@ -104,6 +103,7 @@ public final class EIP extends IntentService {
protected static boolean mIsDisconnecting = false;
protected static boolean mIsStarting = false;
+ public static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US);
public EIP(){
super("LEAPEIP");
}
@@ -114,8 +114,7 @@ public final class EIP extends IntentService {
context = getApplicationContext();
- // Log.d(TAG, "Update EIP Service onCreate EIP");
- // updateEIPService();
+ preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
}
@Override
@@ -152,13 +151,13 @@ public final class EIP extends IntentService {
* It also sets up early routes.
*/
private void startEIP() {
- earlyRoutes();
activeGateway = selectGateway();
if(activeGateway != null && activeGateway.mVpnProfile != null) {
mReceiver = EipServiceFragment.getReceiver();
launchActiveGateway();
}
+ earlyRoutes();
}
/**
@@ -320,11 +319,11 @@ public final class EIP extends IntentService {
*/
private void updateEIPService() {
try {
- String eip_definition_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(KEY, "");
+ String eip_definition_string = preferences.getString(KEY, "");
if(eip_definition_string.isEmpty() == false) {
eipDefinition = new JSONObject(eip_definition_string);
}
- parsedEipSerial = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getInt(PARSED_SERIAL, 0);
+ parsedEipSerial = preferences.getInt(PARSED_SERIAL, 0);
} catch (JSONException e) {
// TODO Auto-generated catch block
e.printStackTrace();
@@ -363,42 +362,54 @@ public final class EIP extends IntentService {
// TODO Auto-generated catch block
e.printStackTrace();
}
- getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit();
+ preferences.edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit();
}
private void checkCertValidity() {
- String certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(CERTIFICATE, "");
- if(!certificate_string.isEmpty()) {
- String date_from_certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(DATE_FROM_CERTIFICATE, certificate_date_format.format(Calendar.getInstance().getTime()).toString());
- X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate_string);
+ String certificate = preferences.getString(CERTIFICATE, "");
+ checkCertValidity(certificate);
+ }
- Calendar offset_date = Calendar.getInstance();
- try {
- Date date_from_certificate = certificate_date_format.parse(date_from_certificate_string);
- long difference = Math.abs(date_from_certificate.getTime() - certificate_x509.getNotAfter().getTime())/2;
- long current_date_millis = offset_date.getTimeInMillis();
- offset_date.setTimeInMillis(current_date_millis + difference);
- Log.d(TAG, "certificate not after = " + certificate_x509.getNotAfter());
- } catch(ParseException e) {
- e.printStackTrace();
- }
-
- Bundle result_data = new Bundle();
- result_data.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY);
+ private void checkCertValidity(String certificate_string) {
+ if(!certificate_string.isEmpty()) {
+ X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(certificate_string);
+
+ Calendar offset_date = calculateOffsetCertificateValidity(certificate);
+ Bundle result = new Bundle();
+ result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY);
try {
Log.d(TAG, "offset_date = " + offset_date.getTime().toString());
- certificate_x509.checkValidity(offset_date.getTime());
- mReceiver.send(Activity.RESULT_OK, result_data);
+ certificate.checkValidity(offset_date.getTime());
+ mReceiver.send(Activity.RESULT_OK, result);
Log.d(TAG, "Valid certificate");
} catch(CertificateExpiredException e) {
- mReceiver.send(Activity.RESULT_CANCELED, result_data);
+ mReceiver.send(Activity.RESULT_CANCELED, result);
Log.d(TAG, "Updating certificate");
} catch(CertificateNotYetValidException e) {
- mReceiver.send(Activity.RESULT_CANCELED, result_data);
+ mReceiver.send(Activity.RESULT_CANCELED, result);
}
}
}
+ private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
+ String current_date = certificate_date_format.format(Calendar.getInstance().getTime()).toString();
+
+ String date_string = preferences.getString(DATE_FROM_CERTIFICATE, current_date);
+
+ Calendar offset_date = Calendar.getInstance();
+ try {
+ Date date = certificate_date_format.parse(date_string);
+ long difference = Math.abs(date.getTime() - certificate.getNotAfter().getTime())/2;
+ long current_date_millis = offset_date.getTimeInMillis();
+ offset_date.setTimeInMillis(current_date_millis + difference);
+ Log.d(TAG, "certificate not after = " + certificate.getNotAfter());
+ } catch(ParseException e) {
+ e.printStackTrace();
+ }
+
+ return offset_date;
+ }
+
/**
* OVPNGateway provides objects defining gateways and their options and metadata.
* Each instance contains a VpnProfile for OpenVPN specific data and member
@@ -479,18 +490,19 @@ public final class EIP extends IntentService {
protected void createVPNProfile(){
try {
ConfigParser cp = new ConfigParser();
- cp.parseConfig(new StringReader(configFromEipServiceDotJson()));
- cp.parseConfig(new StringReader(caSecretFromSharedPreferences()));
- cp.parseConfig(new StringReader(keySecretFromSharedPreferences()));
- cp.parseConfig(new StringReader(certSecretFromSharedPreferences()));
- cp.parseConfig(new StringReader("remote-cert-tls server"));
- cp.parseConfig(new StringReader("persist-tun"));
- cp.parseConfig(new StringReader("auth-retry nointeract"));
- VpnProfile vp = cp.convertProfile();
- //vp.mAuthenticationType=VpnProfile.TYPE_STATICKEYS;
- mVpnProfile = vp;
+
+ JSONObject openvpn_configuration = eipDefinition.getJSONObject("openvpn_configuration");
+ VpnConfigGenerator vpn_configuration_generator = new VpnConfigGenerator(preferences, openvpn_configuration, mGateway);
+ String configuration = vpn_configuration_generator.generate();
+
+ cp.parseConfig(new StringReader(configuration));
+ mVpnProfile = cp.convertProfile();
mVpnProfile.mName = mName = locationAsName();
Log.v(TAG,"Created VPNProfile");
+
+ } catch (JSONException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
} catch (ConfigParseError e) {
// FIXME We didn't get a VpnProfile! Error handling! and log level
Log.v(TAG,"Error creating VPNProfile");
@@ -502,124 +514,6 @@ public final class EIP extends IntentService {
}
}
- /**
- * Parses data from eip-service.json to a section of the openvpn config file
- */
- private String configFromEipServiceDotJson() {
- String parsed_configuration = "";
-
- String location_key = "location";
- String locations = "locations";
-
- parsed_configuration += extractCommonOptionsFromEipServiceDotJson();
- parsed_configuration += extractRemotesFromEipServiceDotJson();
-
- return parsed_configuration;
- }
-
- private String extractCommonOptionsFromEipServiceDotJson() {
- String common_options = "";
- try {
- String common_options_key = "openvpn_configuration";
- JSONObject openvpn_configuration = eipDefinition.getJSONObject(common_options_key);
- Iterator keys = openvpn_configuration.keys();
- Vector<Vector<String>> value = new Vector<Vector<String>>();
- while ( keys.hasNext() ){
- String key = keys.next().toString();
-
- common_options += key + " ";
- for ( String word : openvpn_configuration.getString(key).split(" ") )
- common_options += word + " ";
- common_options += System.getProperty("line.separator");
-
- }
- } catch (JSONException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- common_options += "client" + System.getProperty("line.separator");
-
- return common_options;
- }
-
-
- private String extractRemotesFromEipServiceDotJson() {
- String remotes = "";
-
- String remote = "ip_address";
- String remote_openvpn_keyword = "remote";
- String ports = "ports";
- String protos = "protocols";
- String capabilities = "capabilities";
- String udp = "udp";
-
- try {
- JSONArray protocolsJSON = mGateway.getJSONObject(capabilities).getJSONArray(protos);
- for ( int i=0; i<protocolsJSON.length(); i++ ) {
- String remote_line = remote_openvpn_keyword;
- remote_line += " " + mGateway.getString(remote);
- remote_line += " " + mGateway.getJSONObject(capabilities).getJSONArray(ports).optString(0);
- remote_line += " " + protocolsJSON.optString(i);
- if(remote_line.endsWith(udp))
- remotes = remotes.replaceFirst(remote_openvpn_keyword, remote_line + System.getProperty("line.separator") + remote_openvpn_keyword);
- else
- remotes += remote_line;
- remotes += System.getProperty("line.separator");
- }
- } catch (JSONException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
- Log.d(TAG, "remotes = " + remotes);
- return remotes;
- }
-
- private String caSecretFromSharedPreferences() {
- String secret_lines = "";
- SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, context.MODE_PRIVATE);
-
- System.getProperty("line.separator");
- secret_lines += "<ca>";
- secret_lines += System.getProperty("line.separator");
- secret_lines += preferences.getString(Provider.CA_CERT, "");
- secret_lines += System.getProperty("line.separator");
- secret_lines += "</ca>";
-
- return secret_lines;
- }
-
- private String keySecretFromSharedPreferences() {
- String secret_lines = "";
- SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, context.MODE_PRIVATE);
-
- secret_lines += System.getProperty("line.separator");
- secret_lines +="<key>";
- secret_lines += System.getProperty("line.separator");
- secret_lines += preferences.getString(EIP.PRIVATE_KEY, "");
- secret_lines += System.getProperty("line.separator");
- secret_lines += "</key>";
- secret_lines += System.getProperty("line.separator");
-
- return secret_lines;
- }
-
- private String certSecretFromSharedPreferences() {
- String secret_lines = "";
- SharedPreferences preferences = context.getSharedPreferences(Dashboard.SHARED_PREFERENCES, context.MODE_PRIVATE);
-
- secret_lines += System.getProperty("line.separator");
- secret_lines +="<cert>";
- secret_lines += System.getProperty("line.separator");
- secret_lines += preferences.getString(EIP.CERTIFICATE, "");
- secret_lines += System.getProperty("line.separator");
- secret_lines += "</cert>";
- secret_lines += System.getProperty("line.separator");
-
- return secret_lines;
- }
-
public String locationAsName() {
try {
diff --git a/app/src/main/java/se/leap/bitmaskclient/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/VpnConfigGenerator.java
new file mode 100644
index 00000000..ef049a3c
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/VpnConfigGenerator.java
@@ -0,0 +1,146 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient;
+
+import android.content.SharedPreferences;
+import android.util.Log;
+import java.util.Iterator;
+import java.util.Vector;
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.json.JSONException;
+
+import se.leap.bitmaskclient.Provider;
+import se.leap.bitmaskclient.EIP;
+
+public class VpnConfigGenerator {
+
+ private JSONObject general_configuration;
+ private JSONObject gateway;
+
+ private static SharedPreferences preferences;
+ public final static String TAG = VpnConfigGenerator.class.getSimpleName();
+ private final String new_line = System.getProperty("line.separator"); // Platform new line
+
+ public VpnConfigGenerator(SharedPreferences preferences, JSONObject general_configuration, JSONObject gateway) {
+ this.general_configuration = general_configuration;
+ this.gateway = gateway;
+ this.preferences = preferences;
+ }
+
+ public String generate() {
+ return
+ generalConfiguration()
+ + new_line
+ + gatewayConfiguration()
+ + new_line
+ + secretsConfiguration()
+ + new_line
+ + androidCustomizations();
+ }
+
+ private String generalConfiguration() {
+ String common_options = "";
+ try {
+ Iterator keys = general_configuration.keys();
+ Vector<Vector<String>> value = new Vector<Vector<String>>();
+ while ( keys.hasNext() ){
+ String key = keys.next().toString();
+
+ common_options += key + " ";
+ for ( String word : general_configuration.getString(key).split(" ") )
+ common_options += word + " ";
+ common_options += new_line;
+
+ }
+ } catch (JSONException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ common_options += "client";
+
+ return common_options;
+ }
+
+ private String gatewayConfiguration() {
+ String remotes = "";
+
+ String remote = "ip_address";
+ String remote_openvpn_keyword = "remote";
+ String ports = "ports";
+ String protos = "protocols";
+ String capabilities = "capabilities";
+ String udp = "udp";
+
+ try {
+ JSONArray protocolsJSON = gateway.getJSONObject(capabilities).getJSONArray(protos);
+ for ( int i=0; i<protocolsJSON.length(); i++ ) {
+ String remote_line = remote_openvpn_keyword;
+ remote_line += " " + gateway.getString(remote);
+ remote_line += " " + gateway.getJSONObject(capabilities).getJSONArray(ports).optString(0);
+ remote_line += " " + protocolsJSON.optString(i);
+ if(remote_line.endsWith(udp))
+ remotes = remotes.replaceFirst(remote_openvpn_keyword, remote_line + new_line + remote_openvpn_keyword);
+ else
+ remotes += remote_line;
+ remotes += new_line;
+ }
+ } catch (JSONException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ Log.d(TAG, "remotes = " + remotes);
+ return remotes;
+ }
+
+ private String secretsConfiguration() {
+
+ String ca =
+ "<ca>"
+ + new_line
+ + preferences.getString(Provider.CA_CERT, "")
+ + new_line
+ + "</ca>";
+
+ String key =
+ "<key>"
+ + new_line
+ + preferences.getString(EIP.PRIVATE_KEY, "")
+ + new_line
+ + "</key>";
+
+ String openvpn_cert =
+ "<cert>"
+ + new_line
+ + preferences.getString(EIP.CERTIFICATE, "")
+ + new_line
+ + "</cert>";
+
+ return ca + new_line + key + new_line + openvpn_cert;
+ }
+
+ private String androidCustomizations() {
+ return
+ "remote-cert-tls server"
+ + new_line
+ + "persist-tun"
+ + new_line
+ + "auth-retry nointeract";
+ }
+}