diff options
4 files changed, 97 insertions, 32 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java index e5cf70be..66b7c6cf 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java @@ -352,11 +352,14 @@ public final class EIP extends JobIntentService implements Observer { void setErrorResult(Bundle result, String errorId, @StringRes int errorMessageId, Object... args) { JSONObject errorJson = new JSONObject(); try { + String errorMessage; if (args != null) { - errorJson.put(ERRORS, getResources().getString(errorMessageId, args)); + errorMessage = getResources().getString(errorMessageId, args); } else { - errorJson.put(ERRORS, getResources().getString(errorMessageId)); + errorMessage = getResources().getString(errorMessageId); } + VpnStatus.logWarning("[EIP] error: " + errorMessage); + errorJson.put(ERRORS, errorMessage); errorJson.put(ERRORID, errorId); } catch (JSONException e) { e.printStackTrace(); diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java index 8a0c8f02..c5dc6572 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java @@ -52,17 +52,29 @@ import java.util.NoSuchElementException; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLPeerUnverifiedException; +import de.blinkt.openvpn.core.VpnStatus; import okhttp3.OkHttpClient; +import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.base.models.Constants.CREDENTIAL_ERRORS; import se.leap.bitmaskclient.base.models.Provider; import se.leap.bitmaskclient.base.models.ProviderObservable; -import se.leap.bitmaskclient.R; +import se.leap.bitmaskclient.base.utils.ConfigHelper; import se.leap.bitmaskclient.providersetup.connectivity.OkHttpClientGenerator; import se.leap.bitmaskclient.providersetup.models.LeapSRPSession; import se.leap.bitmaskclient.providersetup.models.SrpCredentials; import se.leap.bitmaskclient.providersetup.models.SrpRegistrationData; -import se.leap.bitmaskclient.base.utils.ConfigHelper; +import static se.leap.bitmaskclient.R.string.certificate_error; +import static se.leap.bitmaskclient.R.string.error_io_exception_user_message; +import static se.leap.bitmaskclient.R.string.error_json_exception_user_message; +import static se.leap.bitmaskclient.R.string.error_no_such_algorithm_exception_user_message; +import static se.leap.bitmaskclient.R.string.malformed_url; +import static se.leap.bitmaskclient.R.string.server_unreachable_message; +import static se.leap.bitmaskclient.R.string.service_is_down_error; +import static se.leap.bitmaskclient.R.string.vpn_certificate_is_invalid; +import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_cert; +import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_details; +import static se.leap.bitmaskclient.R.string.warning_expired_provider_cert; import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_PROVIDER_API_EVENT; import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_CODE; import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; @@ -76,6 +88,11 @@ import static se.leap.bitmaskclient.base.models.Provider.CA_CERT; import static se.leap.bitmaskclient.base.models.Provider.GEOIP_URL; import static se.leap.bitmaskclient.base.models.Provider.PROVIDER_API_IP; import static se.leap.bitmaskclient.base.models.Provider.PROVIDER_IP; +import static se.leap.bitmaskclient.base.utils.ConfigHelper.getFingerprintFromCertificate; +import static se.leap.bitmaskclient.base.utils.ConfigHelper.getProviderFormattedString; +import static se.leap.bitmaskclient.base.utils.ConfigHelper.parseRsaKeyFromString; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.deleteProviderDetailsFromPreferences; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getFromPersistedProvider; import static se.leap.bitmaskclient.providersetup.ProviderAPI.BACKEND_ERROR_KEY; import static se.leap.bitmaskclient.providersetup.ProviderAPI.BACKEND_ERROR_MESSAGE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; @@ -111,22 +128,6 @@ import static se.leap.bitmaskclient.providersetup.ProviderAPI.USER_MESSAGE; import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CERTIFICATE_PINNING; import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CORRUPTED_PROVIDER_JSON; import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_INVALID_CERTIFICATE; -import static se.leap.bitmaskclient.R.string.certificate_error; -import static se.leap.bitmaskclient.R.string.error_io_exception_user_message; -import static se.leap.bitmaskclient.R.string.error_json_exception_user_message; -import static se.leap.bitmaskclient.R.string.error_no_such_algorithm_exception_user_message; -import static se.leap.bitmaskclient.R.string.malformed_url; -import static se.leap.bitmaskclient.R.string.server_unreachable_message; -import static se.leap.bitmaskclient.R.string.service_is_down_error; -import static se.leap.bitmaskclient.R.string.vpn_certificate_is_invalid; -import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_cert; -import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_details; -import static se.leap.bitmaskclient.R.string.warning_expired_provider_cert; -import static se.leap.bitmaskclient.base.utils.ConfigHelper.getFingerprintFromCertificate; -import static se.leap.bitmaskclient.base.utils.ConfigHelper.getProviderFormattedString; -import static se.leap.bitmaskclient.base.utils.ConfigHelper.parseRsaKeyFromString; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.deleteProviderDetailsFromPreferences; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getFromPersistedProvider; /** * Implements the logic of the http api calls. The methods of this class needs to be called from @@ -494,6 +495,7 @@ public abstract class ProviderApiManagerBase { } else { broadcastEvent(resultCode, resultData); } + handleEventSummaryErrorLog(resultCode); } private void broadcastEvent(int resultCode , Bundle resultData) { @@ -504,6 +506,40 @@ public abstract class ProviderApiManagerBase { serviceCallback.broadcastEvent(intentUpdate); } + private void handleEventSummaryErrorLog(int resultCode) { + String event = null; + switch (resultCode) { + case FAILED_LOGIN: + event = "login."; + break; + case FAILED_SIGNUP: + event = "signup."; + break; + case SUCCESSFUL_LOGOUT: + event = "logout."; + break; + case INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE: + event = "download of vpn certificate."; + break; + case PROVIDER_NOK: + event = "setup or update provider details."; + break; + case INCORRECTLY_DOWNLOADED_EIP_SERVICE: + event = "update eip-service.json"; + break; + case INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE: + event = "update invalid vpn certificate."; + break; + case INCORRECTLY_DOWNLOADED_GEOIP_JSON: + event = "download menshen service json."; + break; + default: + break; + } + if (event != null) { + VpnStatus.logWarning("[API] failed provider API event: " + event); + } + } /** * Validates parameters entered by the user to log in @@ -598,6 +634,7 @@ public abstract class ProviderApiManagerBase { } catch (NullPointerException | JSONException e) { e.printStackTrace(); responseJson = getErrorMessageAsJson(error_json_exception_user_message); + VpnStatus.logWarning("[API] got null response for request: " + url); } return responseJson; @@ -612,21 +649,29 @@ public abstract class ProviderApiManagerBase { } catch (NullPointerException npe) { plainResponseBody = formatErrorMessage(error_json_exception_user_message); + VpnStatus.logWarning("[API] Null response body for request " + url + ": " + npe.getLocalizedMessage()); } catch (UnknownHostException | SocketTimeoutException e) { plainResponseBody = formatErrorMessage(server_unreachable_message); + VpnStatus.logWarning("[API] UnknownHostException or SocketTimeoutException for request " + url + ": " + e.getLocalizedMessage()); } catch (MalformedURLException e) { plainResponseBody = formatErrorMessage(malformed_url); + VpnStatus.logWarning("[API] MalformedURLException for request " + url + ": " + e.getLocalizedMessage()); } catch (SSLHandshakeException | SSLPeerUnverifiedException e) { plainResponseBody = formatErrorMessage(certificate_error); + VpnStatus.logWarning("[API] SSLHandshakeException or SSLPeerUnverifiedException for request " + url + ": " + e.getLocalizedMessage()); } catch (ConnectException e) { plainResponseBody = formatErrorMessage(service_is_down_error); + VpnStatus.logWarning("[API] ConnectException for request " + url + ": " + e.getLocalizedMessage()); } catch (IllegalArgumentException e) { plainResponseBody = formatErrorMessage(error_no_such_algorithm_exception_user_message); + VpnStatus.logWarning("[API] IllegalArgumentException for request " + url + ": " + e.getLocalizedMessage()); } catch (UnknownServiceException e) { //unable to find acceptable protocols - tlsv1.2 not enabled? plainResponseBody = formatErrorMessage(error_no_such_algorithm_exception_user_message); + VpnStatus.logWarning("[API] UnknownServiceException for request " + url + ": " + e.getLocalizedMessage()); } catch (IOException e) { plainResponseBody = formatErrorMessage(error_io_exception_user_message); + VpnStatus.logWarning("[API] IOException for request " + url + ": " + e.getLocalizedMessage()); } return plainResponseBody; @@ -647,19 +692,26 @@ public abstract class ProviderApiManagerBase { return ProviderApiConnector.canConnect(okHttpClient, providerUrl); } catch (UnknownHostException | SocketTimeoutException e) { + VpnStatus.logWarning("[API] UnknownHostException or SocketTimeoutException during connection check: " + e.getLocalizedMessage()); setErrorResult(result, server_unreachable_message, null); } catch (MalformedURLException e) { + VpnStatus.logWarning("[API] MalformedURLException during connection check: " + e.getLocalizedMessage()); setErrorResult(result, malformed_url, null); } catch (SSLHandshakeException e) { + VpnStatus.logWarning("[API] SSLHandshakeException during connection check: " + e.getLocalizedMessage()); setErrorResult(result, warning_corrupted_provider_cert, ERROR_INVALID_CERTIFICATE.toString()); } catch (ConnectException e) { + VpnStatus.logWarning("[API] ConnectException during connection check: " + e.getLocalizedMessage()); setErrorResult(result, service_is_down_error, null); } catch (IllegalArgumentException e) { + VpnStatus.logWarning("[API] IllegalArgumentException during connection check: " + e.getLocalizedMessage()); setErrorResult(result, error_no_such_algorithm_exception_user_message, null); } catch (UnknownServiceException e) { + VpnStatus.logWarning("[API] UnknownServiceException during connection check: " + e.getLocalizedMessage()); //unable to find acceptable protocols - tlsv1.2 not enabled? setErrorResult(result, error_no_such_algorithm_exception_user_message, null); } catch (IOException e) { + VpnStatus.logWarning("[API] IOException during connection check: " + e.getLocalizedMessage()); setErrorResult(result, error_io_exception_user_message, null); } return false; @@ -768,6 +820,7 @@ public abstract class ProviderApiManagerBase { String caCert = provider.getCaCert(); if (ConfigHelper.checkErroneousDownload(caCert)) { + VpnStatus.logWarning("[API] No provider cert."); return result; } @@ -802,6 +855,7 @@ public abstract class ProviderApiManagerBase { protected Bundle setErrorResult(Bundle result, String stringJsonErrorMessage) { String reasonToFail = pickErrorMessage(stringJsonErrorMessage); + VpnStatus.logWarning("[API] error: " + reasonToFail); result.putString(ERRORS, reasonToFail); result.putBoolean(BROADCAST_RESULT_KEY, false); return result; @@ -815,6 +869,7 @@ public abstract class ProviderApiManagerBase { } else { addErrorMessageToJson(errorJson, errorMessage); } + VpnStatus.logWarning("[API] error: " + errorMessage); result.putString(ERRORS, errorJson.toString()); result.putBoolean(BROADCAST_RESULT_KEY, false); return result; diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/DnsResolver.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/DnsResolver.java index c5100a67..5655e7b7 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/DnsResolver.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/connectivity/DnsResolver.java @@ -7,6 +7,7 @@ import java.net.UnknownHostException; import java.util.ArrayList; import java.util.List; +import de.blinkt.openvpn.core.VpnStatus; import okhttp3.Dns; import se.leap.bitmaskclient.base.models.Provider; import se.leap.bitmaskclient.base.models.ProviderObservable; @@ -28,10 +29,12 @@ class DnsResolver implements Dns { } String ip = currentProvider.getIpForHostname(hostname); if (!ip.isEmpty()) { + VpnStatus.logWarning("[API] Normal DNS resolution for " + hostname + " seems to be blocked. Circumventing."); ArrayList<InetAddress> addresses = new ArrayList<>(); addresses.add(InetAddress.getByAddress(hostname, IPAddress.asBytes(ip))); return addresses; } else { + VpnStatus.logWarning("[API] Could not resolve DNS for " + hostname); throw new UnknownHostException("Hostname " + hostname + " not found"); } } diff --git a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java index 592db085..61105318 100644 --- a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java +++ b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java @@ -34,25 +34,25 @@ import java.util.List; import de.blinkt.openvpn.core.VpnStatus; import okhttp3.OkHttpClient; import se.leap.bitmaskclient.R; -import se.leap.bitmaskclient.eip.EIP; import se.leap.bitmaskclient.base.models.Provider; -import se.leap.bitmaskclient.providersetup.connectivity.OkHttpClientGenerator; import se.leap.bitmaskclient.base.utils.ConfigHelper; +import se.leap.bitmaskclient.eip.EIP; +import se.leap.bitmaskclient.providersetup.connectivity.OkHttpClientGenerator; import static android.text.TextUtils.isEmpty; -import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.ERRORS; -import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CERTIFICATE_PINNING; -import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CORRUPTED_PROVIDER_JSON; import static se.leap.bitmaskclient.R.string.downloading_vpn_certificate_failed; import static se.leap.bitmaskclient.R.string.error_io_exception_user_message; import static se.leap.bitmaskclient.R.string.malformed_url; import static se.leap.bitmaskclient.R.string.setup_error_text; import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_cert; import static se.leap.bitmaskclient.R.string.warning_corrupted_provider_details; +import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; import static se.leap.bitmaskclient.base.utils.ConfigHelper.getProviderFormattedString; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.ERRORS; +import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CERTIFICATE_PINNING; +import static se.leap.bitmaskclient.providersetup.ProviderSetupFailedDialog.DOWNLOAD_ERRORS.ERROR_CORRUPTED_PROVIDER_JSON; /** * Implements the logic of the provider api http requests. The methods of this class need to be called from @@ -88,6 +88,7 @@ public class ProviderApiManager extends ProviderApiManagerBase { if (isEmpty(provider.getMainUrlString()) || provider.getMainUrl().isDefault()) { currentDownload.putBoolean(BROADCAST_RESULT_KEY, false); setErrorResult(currentDownload, malformed_url, null); + VpnStatus.logWarning("[API] MainURL String is not set. Cannot setup provider."); return currentDownload; } @@ -140,7 +141,7 @@ public class ProviderApiManager extends ProviderApiManagerBase { } if (BuildConfig.DEBUG) { - VpnStatus.logDebug("PROVIDER JSON: " + providerDotJsonString); + VpnStatus.logDebug("[API] PROVIDER JSON: " + providerDotJsonString); } try { JSONObject providerJson = new JSONObject(providerDotJsonString); @@ -170,7 +171,7 @@ public class ProviderApiManager extends ProviderApiManagerBase { eipServiceJsonString = downloadWithProviderCA(provider.getCaCert(), eipServiceUrl); JSONObject eipServiceJson = new JSONObject(eipServiceJsonString); if (BuildConfig.DEBUG) { - VpnStatus.logDebug("EIP SERVICE JSON: " + eipServiceJsonString); + VpnStatus.logDebug("[API] EIP SERVICE JSON: " + eipServiceJsonString); } if (eipServiceJson.has(ERRORS)) { setErrorResult(result, eipServiceJsonString); @@ -198,7 +199,7 @@ public class ProviderApiManager extends ProviderApiManagerBase { String certString = downloadWithProviderCA(provider.getCaCert(), newCertStringUrl.toString()); if (BuildConfig.DEBUG) { - VpnStatus.logDebug("VPN CERT: " + certString); + VpnStatus.logDebug("[API] VPN CERT: " + certString); } if (ConfigHelper.checkErroneousDownload(certString)) { if (certString == null || certString.isEmpty()) { @@ -240,6 +241,9 @@ public class ProviderApiManager extends ProviderApiManagerBase { URL geoIpUrl = provider.getGeoipUrl().getUrl(); String geoipJsonString = downloadFromUrlWithProviderCA(geoIpUrl.toString(), provider); + if (BuildConfig.DEBUG) { + VpnStatus.logDebug("[API] MENSHEN JSON: " + geoipJsonString); + } JSONObject geoipJson = new JSONObject(geoipJsonString); if (geoipJson.has(ERRORS)) { @@ -269,7 +273,7 @@ public class ProviderApiManager extends ProviderApiManagerBase { provider.setCaCert(certString); preferences.edit().putString(Provider.CA_CERT + "." + providerDomain, certString).apply(); if (BuildConfig.DEBUG) { - VpnStatus.logDebug("CA CERT: " + certString); + VpnStatus.logDebug("[API] CA CERT: " + certString); } result.putBoolean(BROADCAST_RESULT_KEY, true); } else { |