summaryrefslogtreecommitdiff
path: root/ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-07-31 12:09:49 +0200
committerParménides GV <parmegv@sdf.org>2014-07-31 12:09:49 +0200
commit0393ba6656ce6cf679a2c4663275b3ed0f1a34b9 (patch)
treef000311e97598ab3fc42e2bea23e6cb342ad166c /ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
parentb28eeb08e8ec3baafdd9388cc5b70c6c84db9cf1 (diff)
Updated ics-openvpn to rev 859 + no 2nd notification.
Diffstat (limited to 'ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java')
-rw-r--r--ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java92
1 files changed, 45 insertions, 47 deletions
diff --git a/ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index d351610d..e2ebfd42 100644
--- a/ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/ics-openvpn-stripped/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -2,6 +2,7 @@ package de.blinkt.openvpn;
import se.leap.bitmaskclient.R;
+import android.annotation.SuppressLint;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
@@ -12,6 +13,7 @@ import android.os.Build;
import android.preference.PreferenceManager;
import android.security.KeyChain;
import android.security.KeyChainException;
+import android.text.TextUtils;
import android.util.Base64;
import org.spongycastle.util.io.pem.PemObject;
@@ -113,8 +115,8 @@ public class VpnProfile implements Serializable {
public boolean mUseDefaultRoute = true;
public boolean mUsePull = true;
public String mCustomRoutes;
- public boolean mCheckRemoteCN = false;
- public boolean mExpectTLSCert = true;
+ public boolean mCheckRemoteCN = true;
+ public boolean mExpectTLSCert = false;
public String mRemoteCN = "";
public String mPassword = "";
public String mUsername = "";
@@ -179,6 +181,7 @@ public class VpnProfile implements Serializable {
mUseDefaultRoute = false;
mUseDefaultRoutev6 = false;
mExpectTLSCert = false;
+ mCheckRemoteCN = false;
mPersistTun = false;
mAllowLocalLAN = true;
}
@@ -197,10 +200,7 @@ public class VpnProfile implements Serializable {
public void upgradeProfile(){
if(mProfileVersion< 2) {
/* default to the behaviour the OS used */
- if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT)
- mAllowLocalLAN = true;
- else
- mAllowLocalLAN = false;
+ mAllowLocalLAN = Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT;
}
mProfileVersion= CURRENT_PROFILE_VERSION;
@@ -211,7 +211,7 @@ public class VpnProfile implements Serializable {
File cacheDir = context.getCacheDir();
String cfg = "";
- // Enable managment interface
+ // Enable management interface
cfg += "# Enables connection to GUI\n";
cfg += "management ";
@@ -228,6 +228,9 @@ public class VpnProfile implements Serializable {
cfg += "machine-readable-output\n";
+ // Users are confused by warnings that are misleading...
+ cfg += "ifconfig-nowarn\n";
+
boolean useTLSClient = (mAuthenticationType != TYPE_STATICKEYS);
@@ -325,7 +328,7 @@ public class VpnProfile implements Serializable {
else
cfg += insertFileData("tls-auth", mTLSAuthFilename);
- if (nonNull(mTLSAuthDirection)) {
+ if (!TextUtils.isEmpty(mTLSAuthDirection)) {
cfg += "key-direction ";
cfg += mTLSAuthDirection;
cfg += "\n";
@@ -334,10 +337,10 @@ public class VpnProfile implements Serializable {
}
if (!mUsePull) {
- if (nonNull(mIPv4Address))
+ if (!TextUtils.isEmpty(mIPv4Address))
cfg += "ifconfig " + cidrToIPAndNetmask(mIPv4Address) + "\n";
- if (nonNull(mIPv6Address))
+ if (!TextUtils.isEmpty(mIPv6Address))
cfg += "ifconfig-ipv6 " + mIPv6Address + "\n";
}
@@ -375,11 +378,11 @@ public class VpnProfile implements Serializable {
cfg += routes;
if (mOverrideDNS || !mUsePull) {
- if (nonNull(mDNS1))
+ if (!TextUtils.isEmpty(mDNS1))
cfg += "dhcp-option DNS " + mDNS1 + "\n";
- if (nonNull(mDNS2))
+ if (!TextUtils.isEmpty(mDNS2))
cfg += "dhcp-option DNS " + mDNS2 + "\n";
- if (nonNull(mSearchDomain))
+ if (!TextUtils.isEmpty(mSearchDomain))
cfg += "dhcp-option DOMAIN " + mSearchDomain + "\n";
}
@@ -420,11 +423,11 @@ public class VpnProfile implements Serializable {
cfg += "remote-cert-tls server\n";
}
- if (nonNull(mCipher)) {
+ if (!TextUtils.isEmpty(mCipher)) {
cfg += "cipher " + mCipher + "\n";
}
- if (nonNull(mAuth)) {
+ if (!TextUtils.isEmpty(mAuth)) {
cfg += "auth " + mAuth + "\n";
}
@@ -486,13 +489,6 @@ public class VpnProfile implements Serializable {
}
}
- private boolean nonNull(String val) {
- if (val == null || val.equals(""))
- return false;
- else
- return true;
- }
-
private Collection<String> getCustomRoutes(String routes) {
Vector<String> cidrRoutes = new Vector<String>();
if (routes == null) {
@@ -634,8 +630,8 @@ public class VpnProfile implements Serializable {
synchronized String[] getKeyStoreCertificates(Context context,int tries) {
PrivateKey privateKey = null;
- X509Certificate[] cachain;
- Exception exp=null;
+ X509Certificate[] caChain;
+ Exception exp;
try {
privateKey = KeyChain.getPrivateKey(context, mAlias);
mPrivateKey = privateKey;
@@ -643,18 +639,18 @@ public class VpnProfile implements Serializable {
String keystoreChain = null;
- cachain = KeyChain.getCertificateChain(context, mAlias);
- if(cachain == null)
+ caChain = KeyChain.getCertificateChain(context, mAlias);
+ if(caChain == null)
throw new NoCertReturnedException("No certificate returned from Keystore");
- if (cachain.length <= 1 && !nonNull(mCaFilename)) {
+ if (caChain.length <= 1 && TextUtils.isEmpty(mCaFilename)) {
VpnStatus.logMessage(VpnStatus.LogLevel.ERROR, "", context.getString(R.string.keychain_nocacert));
} else {
StringWriter ksStringWriter = new StringWriter();
PemWriter pw = new PemWriter(ksStringWriter);
- for (int i = 1; i < cachain.length; i++) {
- X509Certificate cert = cachain[i];
+ for (int i = 1; i < caChain.length; i++) {
+ X509Certificate cert = caChain[i];
pw.writeObject(new PemObject("CERTIFICATE", cert.getEncoded()));
}
pw.close();
@@ -663,7 +659,7 @@ public class VpnProfile implements Serializable {
String caout = null;
- if (nonNull(mCaFilename)) {
+ if (!TextUtils.isEmpty(mCaFilename)) {
try {
Certificate cacert = X509Utils.getCertificateFromFile(mCaFilename);
StringWriter caoutWriter = new StringWriter();
@@ -682,8 +678,8 @@ public class VpnProfile implements Serializable {
StringWriter certout = new StringWriter();
- if (cachain.length >= 1) {
- X509Certificate usercert = cachain[0];
+ if (caChain.length >= 1) {
+ X509Certificate usercert = caChain[0];
PemWriter upw = new PemWriter(certout);
upw.writeObject(new PemObject("CERTIFICATE", usercert.getEncoded()));
@@ -728,15 +724,14 @@ public class VpnProfile implements Serializable {
}
return getKeyStoreCertificates(context, tries-1);
}
- if (exp != null) {
- exp.printStackTrace();
- VpnStatus.logError(R.string.keyChainAccessError, exp.getLocalizedMessage());
- VpnStatus.logError(R.string.keychain_access);
- if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
- if (!mAlias.matches("^[a-zA-Z0-9]$")) {
- VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug);
- }
+ exp.printStackTrace();
+ VpnStatus.logError(R.string.keyChainAccessError, exp.getLocalizedMessage());
+
+ VpnStatus.logError(R.string.keychain_access);
+ if (Build.VERSION.SDK_INT == Build.VERSION_CODES.JELLY_BEAN) {
+ if (!mAlias.matches("^[a-zA-Z0-9]$")) {
+ VpnStatus.logError(R.string.jelly_keystore_alphanumeric_bug);
}
}
return null;
@@ -799,7 +794,7 @@ public class VpnProfile implements Serializable {
}
public boolean requireTLSKeyPassword() {
- if (!nonNull(mClientKeyFilename))
+ if (TextUtils.isEmpty(mClientKeyFilename))
return false;
String data = "";
@@ -840,13 +835,13 @@ public class VpnProfile implements Serializable {
}
if (mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) {
- if (requireTLSKeyPassword() && !nonNull(mKeyPassword))
+ if (requireTLSKeyPassword() && TextUtils.isEmpty(mKeyPassword))
if (mTransientPCKS12PW == null) {
return R.string.private_key_password;
}
}
- if (isUserPWAuth() && !(nonNull(mUsername) && (nonNull(mPassword) || mTransientPW != null))) {
+ if (isUserPWAuth() && !(!TextUtils.isEmpty(mUsername) && (!TextUtils.isEmpty(mPassword) || mTransientPW != null))) {
return R.string.password;
}
return 0;
@@ -891,12 +886,15 @@ public class VpnProfile implements Serializable {
try {
+ /* ECB is perfectly fine in this special case, since we are using it for
+ the public/private part in the TLS exchange
+ */
+ @SuppressLint("GetInstance")
+ Cipher rsaSigner = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
- Cipher rsasinger = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
-
- rsasinger.init(Cipher.ENCRYPT_MODE, privkey);
+ rsaSigner.init(Cipher.ENCRYPT_MODE, privkey);
- byte[] signed_bytes = rsasinger.doFinal(data);
+ byte[] signed_bytes = rsaSigner.doFinal(data);
return Base64.encodeToString(signed_bytes, Base64.NO_WRAP);
} catch (NoSuchAlgorithmException e) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 11:17:37 +0000