summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java52
-rw-r--r--app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java1
-rw-r--r--app/src/main/AndroidManifest.xml12
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/Dashboard.java31
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/Constants.java6
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/EIP.java182
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java59
7 files changed, 139 insertions, 204 deletions
diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java
index 2821373a..d7f4bfb3 100644
--- a/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java
+++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java
@@ -33,7 +33,6 @@ public class testLeapSRPSession extends TestCase {
public void testExponential() {
byte[] expected_A;
byte[] a_byte;
- SRPParameters params;
LeapSRPSession client;
/* Test 1: abytes = 4 */
@@ -43,8 +42,7 @@ public class testLeapSRPSession extends TestCase {
salt = "64c3289d04a6ecad",
a = "3565fdc2";
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
byte[] A = client.exponential();
@@ -55,8 +53,7 @@ public class testLeapSRPSession extends TestCase {
expected_A = new BigInteger("11acfacc08178d48f95c0e69adb11f6d144dd0980ee6e44b391347592e3bd5e9cb841d243b3d9ac2adb25b367a2558e8829b22dcef96c0934378412383ccf95141c3cb5f17ada20f53a0225f56a07f2b0c0469ed6bbad3646f7b71bdd4bedf5cc6fac244b26d3195d8f55877ff94a925b0c0c8f7273eca733c0355b38360442e", 16).toByteArray();
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
A = client.exponential();
@@ -73,8 +70,7 @@ public class testLeapSRPSession extends TestCase {
salt = "64c3289d04a6ecad",
a = "8c911355";
byte[] a_byte = new BigInteger(a, 16).toByteArray();
- SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- LeapSRPSession client = new LeapSRPSession(username, password, params, a_byte);
+ LeapSRPSession client = new LeapSRPSession(username, password, a_byte);
byte[] x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
assertTrue(Arrays.equals(x, expected_x));
@@ -93,8 +89,7 @@ public class testLeapSRPSession extends TestCase {
a = "38d5b211";
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
A = client.exponential();
@@ -110,8 +105,7 @@ public class testLeapSRPSession extends TestCase {
a = "36ee80ec";
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
A = client.exponential();
@@ -321,8 +315,7 @@ public class testLeapSRPSession extends TestCase {
salt = "64c3289d04a6ecad",
a = "8c911355";
byte[] a_byte = new BigInteger(a, 16).toByteArray();
- SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- LeapSRPSession client = new LeapSRPSession(username, password, params, a_byte);
+ LeapSRPSession client = new LeapSRPSession(username, password, a_byte);
byte[] x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
assertTrue(Arrays.equals(x, expected_x));
@@ -345,8 +338,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("517278a03a0320a52dcb391caf5264d76149d7d9b71ed2b65536233344c550cf", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
A = client.exponential();
@@ -365,8 +357,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("3bfb91c7d04b6da6381fe3d2648d992cdc6bc67b8ee16d1cfa733f786d492261", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray());
A = client.exponential();
@@ -390,8 +381,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("8f4552b1021a4de621d8f50f0921c4d20651e702d9d71276f8f6c15b838de018", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -418,8 +408,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("04cf3ab3b75dbc4b116ca2fec949bf3deca1e360e016d7ab2b8a49904c534a27", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -448,8 +437,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("082cf49ad5a34cc5ca571e3d063aec4bd96e7b96a6d951295180631650a84587", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -479,8 +467,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("5cc3d7f0077e978c83acdef14a725af01488c1728f0cf32cd7013d24faf5d901", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -510,8 +497,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("d78da7e0a23c9b87a2f09cdee05c510c105b4a8d471b47402c38f4cdfa49fe6d", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -541,8 +527,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("a382025452bad8a6ccd0f703253fda90e7ea7bd0c2d466a389455080a4bd015d", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -572,8 +557,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("9e99f9adfbfaa7add3626ed6e6aea94c9fa60dab6b8d56ad0cc950548f577d32", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -603,8 +587,7 @@ public class testLeapSRPSession extends TestCase {
expected_M2 = trim(new BigInteger("ffccafa0febc1771a428082b30b7ce409856de4581c7d7d986f5b80015aba0d3", 16).toByteArray());
a_byte = new BigInteger(a, 16).toByteArray();
- params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256");
- client = new LeapSRPSession(username, password, params, a_byte);
+ client = new LeapSRPSession(username, password, a_byte);
x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray()));
assertTrue(Arrays.equals(x, expected_x));
@@ -626,8 +609,7 @@ public class testLeapSRPSession extends TestCase {
String password = "holahola2";
byte[] salt = new BigInteger("67e8348d1500d26c", 16).toByteArray();
- SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), salt, "SHA-256");
- LeapSRPSession client = new LeapSRPSession(username, password, params);
+ LeapSRPSession client = new LeapSRPSession(username, password);
String expected_v = "12bea84e588ffa2f8fc5ae47cb5e751a8f2d9e8125268ad9ab483eff83f98cb08484350eb478bee582b8b72363ff8e7b12e9f332e86f7a0bd77689927c609d275471c6ad2cff8b1e7bbfc3664169c3b7bccb0b974154c1f1656b64274568015ca1b849c9d9890ae4437ed686341b432340809b81c30727ed2aadea8bdec6d101";
diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
index ddd36d7c..03cbda0c 100644
--- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
+++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java
@@ -925,7 +925,6 @@ public class ProviderAPI extends IntentService {
certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT);
preferences.edit().putString(Constants.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit();
- preferences.edit().putString(Constants.DATE_FROM_CERTIFICATE, EIP.certificate_date_format.format(Calendar.getInstance().getTime())).commit();
return true;
} catch (CertificateException e) {
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index d5081b8d..61f2a63b 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -36,7 +36,7 @@
android:label="@string/app" >
<service
- android:name="se.leap.bitmaskclient.VoidVpnService"
+ android:name="se.leap.bitmaskclient.eip.VoidVpnService"
android:permission="android.permission.BIND_VPN_SERVICE">
<intent-filter>
<action android:name="android.net.VpnService" />
@@ -62,7 +62,7 @@
</receiver>
<activity
- android:name="se.leap.bitmaskclient.VoidVpnLauncher" />
+ android:name="se.leap.bitmaskclient.eip.VoidVpnLauncher" />
<activity
android:theme="@android:style/Theme.DeviceDefault.Light.Dialog"
android:name="de.blinkt.openvpn.activities.DisconnectVPN" />
@@ -99,11 +99,11 @@
android:label="@string/title_about_activity" >
</activity>
- <service android:name="se.leap.bitmaskclient.EIP" android:exported="false">
+ <service android:name="se.leap.bitmaskclient.eip.EIP" android:exported="false">
<intent-filter>
- <action android:name="se.leap.bitmaskclient.UPDATE_EIP_SERVICE"/>
- <action android:name="se.leap.bitmaskclient.START_EIP"/>
- <action android:name="se.leap.bitmaskclient.STOP_EIP"/>
+ <action android:name="se.leap.bitmaskclient.eip.UPDATE_EIP_SERVICE"/>
+ <action android:name="se.leap.bitmaskclient.eip.START_EIP"/>
+ <action android:name="se.leap.bitmaskclient.eip.STOP_EIP"/>
</intent-filter>
</service>
</application>
diff --git a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java
index 473cd5ec..e4e575e4 100644
--- a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java
+++ b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java
@@ -42,6 +42,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
protected static final int CONFIGURE_LEAP = 0;
protected static final int SWITCH_PROVIDER = 1;
+ final public static String TAG = Dashboard.class.getSimpleName();
final public static String SHARED_PREFERENCES = "LEAPPreferences";
final public static String ACTION_QUIT = "quit";
public static final String REQUEST_CODE = "request_code";
@@ -49,21 +50,19 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
public static final String START_ON_BOOT = "dashboard start on boot";
final public static String ON_BOOT = "dashboard on boot";
public static final String APP_VERSION = "bitmask version";
- final public static String TAG = Dashboard.class.getSimpleName();
-
+ private static Context app;
+ protected static SharedPreferences preferences;
+ private FragmentManagerEnhanced fragment_manager;
+
private EipServiceFragment eipFragment;
- private ProgressBar mProgressBar;
- private TextView eipStatus;
- private static Context app;
- protected static SharedPreferences preferences;
- private static Provider provider;
-
- private boolean authed_eip = false;
-
+ private ProgressBar mProgressBar;
+ private TextView eipStatus;
public ProviderAPIResultReceiver providerAPI_result_receiver;
- private FragmentManagerEnhanced fragment_manager;
+ private static Provider provider;
+ private static boolean authed_eip;
+
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
@@ -78,11 +77,11 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf
fragment_manager = new FragmentManagerEnhanced(getFragmentManager());
handleVersion();
- authed_eip = preferences.getBoolean(Constants.AUTHED_EIP, false);
- if (preferences.getString(Provider.KEY, "").isEmpty())
- startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP);
- else
- buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false));
+ boolean provider_configured = preferences.getString(Constants.KEY, "").isEmpty();
+ if (provider_configured)
+ startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP);
+ else
+ buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false));
}
private void handleVersion() {
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java
index 719fff6d..3b43282b 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java
@@ -37,9 +37,9 @@ public interface Constants {
public final static String EIP_NOTIFICATION = TAG + ".EIP_NOTIFICATION";
public final static String STATUS = TAG + ".STATUS";
public final static String DATE_FROM_CERTIFICATE = TAG + ".DATE_FROM_CERTIFICATE";
- public final static String ALLOWED_ANON = TAG + ".ALLOW_ANONYMOUS";
- public final static String ALLOWED_REGISTERED = TAG + ".ALLOW_REGISTRATION";
- public final static String CERTIFICATE = TAG + ".CERTIFICATE";
+ public final static String ALLOWED_ANON = "allow_anonymous";
+ public final static String ALLOWED_REGISTERED = "allow_registration";
+ public final static String CERTIFICATE = "cert";
public final static String PRIVATE_KEY = TAG + ".PRIVATE_KEY";
public final static String KEY = TAG + ".KEY";
public final static String PARSED_SERIAL = TAG + ".PARSED_SERIAL";
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
index b668ce64..92eba23c 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
@@ -51,20 +51,19 @@ public final class EIP extends IntentService {
private static SharedPreferences preferences;
- private static Context context;
- private static ResultReceiver mReceiver;
- private static boolean mBound = false;
+ private static Context context;
+ private static ResultReceiver mReceiver;
+ private static boolean mBound = false;
- private static JSONObject eipDefinition = null;
+ private static int parsedEipSerial;
+ private static JSONObject eip_definition = null;
- private static OVPNGateway activeGateway = null;
+ private static OVPNGateway activeGateway = null;
public static VpnStatus.ConnectionStatus lastConnectionStatusLevel;
public static boolean mIsDisconnecting = false;
public static boolean mIsStarting = false;
- public static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US);
-
public EIP(){
super("LEAPEIP");
}
@@ -76,6 +75,7 @@ public final class EIP extends IntentService {
context = getApplicationContext();
preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE);
+ refreshEipDefinition();
}
@Override
@@ -113,8 +113,10 @@ public final class EIP extends IntentService {
*/
private void startEIP() {
earlyRoutes();
- activeGateway = selectGateway();
-
+ GatewaySelector gateway_selector = new GatewaySelector(eip_definition);
+ String selected_gateway = gateway_selector.select();
+
+ activeGateway = new OVPNGateway(selected_gateway);
if(activeGateway != null && activeGateway.mVpnProfile != null) {
mReceiver = EipServiceFragment.getReceiver();
launchActiveGateway();
@@ -131,93 +133,6 @@ public final class EIP extends IntentService {
startActivity(void_vpn_launcher);
}
- /**
- * Choose a gateway to connect to based on timezone from system locale data
- *
- * @return The gateway to connect to
- */
- private OVPNGateway selectGateway() {
- String closest_location = closestGateway();
- String chosen_host = chooseHost(closest_location);
-
- return new OVPNGateway(chosen_host);
- }
-
- private String closestGateway() {
- TreeMap<Integer, Set<String>> offsets = calculateOffsets();
- return offsets.isEmpty() ? "" : offsets.firstEntry().getValue().iterator().next();
- }
-
- private TreeMap<Integer, Set<String>> calculateOffsets() {
- TreeMap<Integer, Set<String>> offsets = new TreeMap<Integer, Set<String>>();
-
- int localOffset = Calendar.getInstance().get(Calendar.ZONE_OFFSET) / 3600000;
-
- JSONObject locations = availableLocations();
- Iterator<String> locations_names = locations.keys();
- while(locations_names.hasNext()) {
- try {
- String location_name = locations_names.next();
- JSONObject location = locations.getJSONObject(location_name);
-
- int dist = timezoneDistance(localOffset, location.optInt("timezone"));
-
- Set<String> set = (offsets.get(dist) != null) ?
- offsets.get(dist) : new HashSet<String>();
-
- set.add(location_name);
- offsets.put(dist, set);
- } catch (JSONException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
-
- return offsets;
- }
-
- private JSONObject availableLocations() {
- JSONObject locations = null;
- try {
- if(eipDefinition == null) updateEIPService();
- locations = eipDefinition.getJSONObject("locations");
- } catch (JSONException e1) {
- // TODO Auto-generated catch block
- e1.printStackTrace();
- }
-
- return locations;
- }
-
- private int timezoneDistance(int local_timezone, int remote_timezone) {
- // Distance along the numberline of Prime Meridian centric, assumes UTC-11 through UTC+12
- int dist = Math.abs(local_timezone - remote_timezone);
-
- // Farther than 12 timezones and it's shorter around the "back"
- if (dist > 12)
- dist = 12 - (dist -12); // Well i'll be. Absolute values make equations do funny things.
-
- return dist;
- }
-
- private String chooseHost(String location) {
- String chosen_host = "";
- try {
- JSONArray gateways = eipDefinition.getJSONArray("gateways");
- for (int i = 0; i < gateways.length(); i++) {
- JSONObject gw = gateways.getJSONObject(i);
- if ( gw.getString("location").equalsIgnoreCase(location) || location.isEmpty()){
- chosen_host = eipDefinition.getJSONObject("locations").getJSONObject(gw.getString("location")).getString("name");
- break;
- }
- }
- } catch (JSONException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- return chosen_host;
- }
-
private void launchActiveGateway() {
Intent intent = new Intent(this,LaunchVPN.class);
intent.setAction(Intent.ACTION_MAIN);
@@ -292,7 +207,22 @@ public final class EIP extends IntentService {
e.printStackTrace();
}
}
+ if (eip_definition != null && eip_definition.optInt("serial") >= parsedEipSerial)
+ updateGateways();
+ }
+ private void refreshEipDefinition() {
+ try {
+ String eip_definition_string = preferences.getString(KEY, "");
+ if(!eip_definition_string.isEmpty()) {
+ eip_definition = new JSONObject(eip_definition_string);
+ }
+ } catch (JSONException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
private void deleteAllVpnProfiles() {
ProfileManager vpl = ProfileManager.getInstance(context);
Collection<VpnProfile> profiles = vpl.getProfiles();
@@ -307,8 +237,8 @@ public final class EIP extends IntentService {
private void updateGateways(){
JSONArray gatewaysDefined = null;
try {
- if(eipDefinition == null) updateEIPService();
- gatewaysDefined = eipDefinition.getJSONArray("gateways");
+ if(eip_definition == null) updateEIPService();
+ gatewaysDefined = eip_definition.getJSONArray("gateways");
for ( int i=0 ; i < gatewaysDefined.length(); i++ ){
JSONObject gw = null;
gw = gatewaysDefined.getJSONObject(i);
@@ -320,52 +250,18 @@ public final class EIP extends IntentService {
// TODO Auto-generated catch block
e.printStackTrace();
}
- preferences.edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit();
+ preferences.edit().putInt(PARSED_SERIAL, eip_definition.optInt(Provider.API_RETURN_SERIAL)).commit();
}
private void checkCertValidity() {
- String certificate = preferences.getString(CERTIFICATE, "");
- checkCertValidity(certificate);
- }
-
- private void checkCertValidity(String certificate_string) {
- if(!certificate_string.isEmpty()) {
- X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(certificate_string);
-
- Calendar offset_date = calculateOffsetCertificateValidity(certificate);
- Bundle result = new Bundle();
- result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY);
- try {
- Log.d(TAG, "offset_date = " + offset_date.getTime().toString());
- certificate.checkValidity(offset_date.getTime());
- mReceiver.send(Activity.RESULT_OK, result);
- Log.d(TAG, "Valid certificate");
- } catch(CertificateExpiredException e) {
- mReceiver.send(Activity.RESULT_CANCELED, result);
- Log.d(TAG, "Updating certificate");
- } catch(CertificateNotYetValidException e) {
- mReceiver.send(Activity.RESULT_CANCELED, result);
- }
- }
- }
-
- private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
- String current_date = certificate_date_format.format(Calendar.getInstance().getTime()).toString();
-
- String date_string = preferences.getString(DATE_FROM_CERTIFICATE, current_date);
-
- Calendar offset_date = Calendar.getInstance();
- try {
- Date date = certificate_date_format.parse(date_string);
- long difference = Math.abs(date.getTime() - certificate.getNotAfter().getTime())/2;
- long current_date_millis = offset_date.getTimeInMillis();
- offset_date.setTimeInMillis(current_date_millis + difference);
- Log.d(TAG, "certificate not after = " + certificate.getNotAfter());
- } catch(ParseException e) {
- e.printStackTrace();
- }
-
- return offset_date;
+ Bundle result = new Bundle();
+ result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY);
+
+ VpnCertificateValidator validator = new VpnCertificateValidator();
+ if(validator.isValid(preferences.getString(CERTIFICATE, "")))
+ mReceiver.send(Activity.RESULT_OK, result);
+ else
+ mReceiver.send(Activity.RESULT_CANCELED, result);
}
/**
@@ -449,7 +345,7 @@ public final class EIP extends IntentService {
try {
ConfigParser cp = new ConfigParser();
- JSONObject openvpn_configuration = eipDefinition.getJSONObject("openvpn_configuration");
+ JSONObject openvpn_configuration = eip_definition.getJSONObject("openvpn_configuration");
VpnConfigGenerator vpn_configuration_generator = new VpnConfigGenerator(preferences, openvpn_configuration, mGateway);
String configuration = vpn_configuration_generator.generate();
@@ -475,7 +371,7 @@ public final class EIP extends IntentService {
public String locationAsName() {
try {
- return eipDefinition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name");
+ return eip_definition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name");
} catch (JSONException e) {
Log.v(TAG,"Couldn't read gateway name for profile creation! Returning original name = " + mName);
e.printStackTrace();
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
new file mode 100644
index 00000000..a5f04368
--- /dev/null
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -0,0 +1,59 @@
+/**
+ * Copyright (c) 2013 LEAP Encryption Access Project and contributers
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+package se.leap.bitmaskclient.eip;
+
+import android.util.Log;
+import java.util.*;
+import java.security.cert.*;
+import java.text.*;
+
+import se.leap.bitmaskclient.ConfigHelper;
+import static se.leap.bitmaskclient.eip.Constants.*;
+
+public class VpnCertificateValidator {
+ public final static String TAG = VpnCertificateValidator.class.getSimpleName();
+
+ public boolean isValid(String certificate) {
+ if(!certificate.isEmpty()) {
+ X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate);
+ return isValid(certificate_x509);
+ } else return false;
+ }
+
+ private boolean isValid(X509Certificate certificate) {
+ Calendar offset_date = calculateOffsetCertificateValidity(certificate);
+ try {
+ Log.d(TAG, "offset_date = " + offset_date.getTime().toString());
+ certificate.checkValidity(offset_date.getTime());
+ return true;
+ } catch(CertificateExpiredException e) {
+ return false;
+ } catch(CertificateNotYetValidException e) {
+ return false;
+ }
+ }
+
+ private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
+ Log.d(TAG, "certificate not after = " + certificate.getNotAfter());
+ long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime())/2;
+ long current_date_millis = Calendar.getInstance().getTimeInMillis();
+
+ Calendar limit_date = Calendar.getInstance();
+ limit_date.setTimeInMillis(current_date_millis + preventive_time);
+ return limit_date;
+ }
+}