summaryrefslogtreecommitdiff
path: root/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/main/java/de/blinkt/openvpn/VpnProfile.java')
-rw-r--r--app/src/main/java/de/blinkt/openvpn/VpnProfile.java159
1 files changed, 84 insertions, 75 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
index dbe4b440..38d76f68 100644
--- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -64,7 +64,7 @@ public class VpnProfile implements Serializable, Cloneable {
// The Serializable documentation mentions that class name change are possible
// but the how is unclear
//
- transient public static final long MAX_EMBED_FILE_SIZE = 2048*1024; // 2048kB
+ transient public static final long MAX_EMBED_FILE_SIZE = 2048 * 1024; // 2048kB
// Don't change this, not all parts of the program use this constant
public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID";
public static final String INLINE_TAG = "[[INLINE]]";
@@ -150,18 +150,23 @@ public class VpnProfile implements Serializable, Cloneable {
private int mProfileVersion;
public String mExcludedRoutes;
public String mExcludedRoutesv6;
- public int mMssFix =0; // -1 is default,
+ public int mMssFix = 0; // -1 is default,
public Connection[] mConnections = new Connection[0];
- public boolean mRemoteRandom=false;
+ public boolean mRemoteRandom = false;
public HashSet<String> mAllowedAppsVpn = new HashSet<>();
public boolean mAllowedAppsVpnAreDisallowed = true;
+
+ public String mCrlFilename;
public String mProfileCreator;
- /* Options no long used in new profiles */
+
+ public boolean mPushPeerInfo = false;
+ public static final boolean mIsOpenVPN22 = false;
+
+ /* Options no longer used in new profiles */
public String mServerName = "openvpn.blinkt.de";
public String mServerPort = "1194";
public boolean mUseUdp = true;
- public boolean mPushPeerInfo=false;
public VpnProfile(String name) {
mUuid = UUID.randomUUID();
@@ -169,7 +174,7 @@ public class VpnProfile implements Serializable, Cloneable {
mProfileVersion = CURRENT_PROFILE_VERSION;
mConnections = new Connection[1];
- mConnections[0] = new Connection();
+ mConnections[0] = new Connection();
}
public static String openVpnEscape(String unescaped) {
@@ -197,7 +202,7 @@ public class VpnProfile implements Serializable, Cloneable {
mCheckRemoteCN = false;
mPersistTun = false;
mAllowLocalLAN = true;
- mPushPeerInfo =false;
+ mPushPeerInfo = false;
mMssFix = 0;
}
@@ -207,33 +212,33 @@ public class VpnProfile implements Serializable, Cloneable {
}
public String getName() {
- if (mName==null)
+ if (mName == null)
return "No profile name";
return mName;
}
- public void upgradeProfile(){
- if(mProfileVersion< 2) {
+ public void upgradeProfile() {
+ if (mProfileVersion < 2) {
/* default to the behaviour the OS used */
mAllowLocalLAN = Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT;
}
if (mProfileVersion < 4) {
moveOptionsToConnection();
- mAllowedAppsVpnAreDisallowed=true;
+ mAllowedAppsVpnAreDisallowed = true;
}
- if (mAllowedAppsVpn==null)
+ if (mAllowedAppsVpn == null)
mAllowedAppsVpn = new HashSet<>();
- if (mConnections ==null)
+ if (mConnections == null)
mConnections = new Connection[0];
if (mProfileVersion < 6) {
if (TextUtils.isEmpty(mProfileCreator))
- mUserEditable=true;
+ mUserEditable = true;
}
- mProfileVersion= CURRENT_PROFILE_VERSION;
+ mProfileVersion = CURRENT_PROFILE_VERSION;
}
@@ -271,7 +276,7 @@ public class VpnProfile implements Serializable, Cloneable {
cfg += String.format("setenv IV_GUI_VER %s \n", openVpnEscape(getVersionEnvString(context)));
String versionString = String.format("%d %s %s %s %s %s", Build.VERSION.SDK_INT, Build.VERSION.RELEASE,
NativeUtils.getNativeAPI(), Build.BRAND, Build.BOARD, Build.MODEL);
- cfg += String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString)) ;
+ cfg += String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString));
}
cfg += "machine-readable-output\n";
@@ -304,7 +309,8 @@ public class VpnProfile implements Serializable, Cloneable {
mConnectRetry = "5";
- cfg += "connect-retry " + mConnectRetry + "\n";
+ if (!mIsOpenVPN22 || !mUseUdp)
+ cfg += "connect-retry " + mConnectRetry + "\n";
cfg += "resolv-retry 60\n";
@@ -315,7 +321,7 @@ public class VpnProfile implements Serializable, Cloneable {
boolean canUsePlainRemotes = true;
- if (mConnections.length==1) {
+ if (mConnections.length == 1) {
cfg += mConnections[0].getConnectionBlock();
} else {
for (Connection conn : mConnections) {
@@ -323,7 +329,7 @@ public class VpnProfile implements Serializable, Cloneable {
}
if (mRemoteRandom)
- cfg+="remote-random\n";
+ cfg += "remote-random\n";
if (canUsePlainRemotes) {
for (Connection conn : mConnections) {
@@ -378,6 +384,9 @@ public class VpnProfile implements Serializable, Cloneable {
cfg += insertFileData("ca", mCaFilename);
}
+ if (!TextUtils.isEmpty(mCrlFilename))
+ cfg += insertFileData("crl-verify", mCrlFilename);
+
if (mUseLzo) {
cfg += "comp-lzo\n";
}
@@ -411,13 +420,12 @@ public class VpnProfile implements Serializable, Cloneable {
if (mUseDefaultRoute)
routes += "route 0.0.0.0 0.0.0.0 vpn_gateway\n";
- else
- {
+ else {
for (String route : getCustomRoutes(mCustomRoutes)) {
routes += "route " + route + " vpn_gateway\n";
}
- for (String route: getCustomRoutes(mExcludedRoutes)) {
+ for (String route : getCustomRoutes(mExcludedRoutes)) {
routes += "route " + route + " net_gateway\n";
}
}
@@ -442,11 +450,11 @@ public class VpnProfile implements Serializable, Cloneable {
}
- if (mMssFix !=0){
- if (mMssFix!=1450) {
+ if (mMssFix != 0) {
+ if (mMssFix != 1450) {
cfg += String.format("mssfix %d\n", mMssFix, Locale.US);
} else
- cfg+="mssfix\n";
+ cfg += "mssfix\n";
}
if (mNobind)
@@ -507,11 +515,11 @@ public class VpnProfile implements Serializable, Cloneable {
}
if (mPushPeerInfo)
- cfg+="push-peer-info\n";
+ cfg += "push-peer-info\n";
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
boolean usesystemproxy = prefs.getBoolean("usesystemproxy", true);
- if (usesystemproxy) {
+ if (usesystemproxy && !mIsOpenVPN22) {
cfg += "# Use system proxy setting\n";
cfg += "management-query-proxy\n";
}
@@ -537,8 +545,6 @@ public class VpnProfile implements Serializable, Cloneable {
}
-
-
return cfg;
}
@@ -557,8 +563,7 @@ public class VpnProfile implements Serializable, Cloneable {
//! Put inline data inline and other data as normal escaped filename
public static String insertFileData(String cfgentry, String filedata) {
if (filedata == null) {
- // TODO: generate good error
- return String.format("%s %s\n", cfgentry, "missing");
+ return String.format("%s %s\n", cfgentry, "file missing in config profile");
} else if (isEmbedded(filedata)) {
String dataWithOutHeader = getEmbeddedContent(filedata);
return String.format(Locale.ENGLISH, "<%s>\n%s\n</%s>\n", cfgentry, dataWithOutHeader, cfgentry);
@@ -629,39 +634,32 @@ public class VpnProfile implements Serializable, Cloneable {
}
-
-
public Intent prepareStartService(Context context) {
Intent intent = getStartServiceIntent(context);
+ // TODO: Handle this?!
+// if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) {
+// if (getKeyStoreCertificates(context) == null)
+// return null;
+// }
- if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) {
- if (getKeyStoreCertificates(context) == null)
- return null;
- }
-
+ return intent;
+ }
- try {
- FileWriter cfg = new FileWriter(VPNLaunchHelper.getConfigFilePath(context));
- cfg.write(getConfigFile(context, false));
- cfg.flush();
- cfg.close();
- } catch (IOException e) {
- VpnStatus.logException(e);
- }
+ public void writeConfigFile(Context context) throws IOException {
+ FileWriter cfg = new FileWriter(VPNLaunchHelper.getConfigFilePath(context));
+ cfg.write(getConfigFile(context, false));
+ cfg.flush();
+ cfg.close();
- return intent;
}
public Intent getStartServiceIntent(Context context) {
String prefix = context.getPackageName();
Intent intent = new Intent(context, OpenVPNService.class);
- intent.putExtra(prefix + ".ARGV", VPNLaunchHelper.buildOpenvpnArgv(context));
intent.putExtra(prefix + ".profileUUID", mUuid.toString());
- ApplicationInfo info = context.getApplicationInfo();
- intent.putExtra(prefix + ".nativelib", info.nativeLibraryDir);
return intent;
}
@@ -672,11 +670,10 @@ public class VpnProfile implements Serializable, Cloneable {
public static String getDisplayName(String embeddedFile) {
int start = DISPLAYNAME_TAG.length();
int end = embeddedFile.indexOf(INLINE_TAG);
- return embeddedFile.substring(start,end);
+ return embeddedFile.substring(start, end);
}
- public static String getEmbeddedContent(String data)
- {
+ public static String getEmbeddedContent(String data) {
if (!data.contains(INLINE_TAG))
return data;
@@ -685,7 +682,7 @@ public class VpnProfile implements Serializable, Cloneable {
}
public static boolean isEmbedded(String data) {
- if (data==null)
+ if (data == null)
return false;
if (data.startsWith(INLINE_TAG) || data.startsWith(DISPLAYNAME_TAG))
return true;
@@ -697,8 +694,8 @@ public class VpnProfile implements Serializable, Cloneable {
/* This method is called when OpenVPNService is restarted */
if ((mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE)
- && mPrivateKey==null) {
- new Thread( new Runnable() {
+ && mPrivateKey == null) {
+ new Thread(new Runnable() {
@Override
public void run() {
getKeyStoreCertificates(context);
@@ -713,9 +710,9 @@ public class VpnProfile implements Serializable, Cloneable {
VpnProfile copy = (VpnProfile) super.clone();
copy.mUuid = UUID.randomUUID();
copy.mConnections = new Connection[mConnections.length];
- int i=0;
- for (Connection conn: mConnections) {
- copy.mConnections[i++]=conn.clone();
+ int i = 0;
+ for (Connection conn : mConnections) {
+ copy.mConnections[i++] = conn.clone();
}
copy.mAllowedAppsVpn = (HashSet<String>) mAllowedAppsVpn.clone();
return copy;
@@ -735,12 +732,12 @@ public class VpnProfile implements Serializable, Cloneable {
class NoCertReturnedException extends Exception {
- public NoCertReturnedException (String msg) {
+ public NoCertReturnedException(String msg) {
super(msg);
}
}
- synchronized String[] getKeyStoreCertificates(Context context,int tries) {
+ synchronized String[] getKeyStoreCertificates(Context context, int tries) {
try {
PrivateKey privateKey = KeyChain.getPrivateKey(context, mAlias);
mPrivateKey = privateKey;
@@ -749,7 +746,7 @@ public class VpnProfile implements Serializable, Cloneable {
X509Certificate[] caChain = KeyChain.getCertificateChain(context, mAlias);
- if(caChain == null)
+ if (caChain == null)
throw new NoCertReturnedException("No certificate returned from Keystore");
if (caChain.length <= 1 && TextUtils.isEmpty(mCaFilename)) {
@@ -774,10 +771,10 @@ public class VpnProfile implements Serializable, Cloneable {
StringWriter caoutWriter = new StringWriter();
PemWriter pw = new PemWriter(caoutWriter);
- for (Certificate cert: cacerts)
+ for (Certificate cert : cacerts)
pw.writeObject(new PemObject("CERTIFICATE", cert.getEncoded()));
pw.close();
- caout= caoutWriter.toString();
+ caout = caoutWriter.toString();
} catch (Exception e) {
VpnStatus.logError("Could not read CA certificate" + e.getLocalizedMessage());
@@ -800,12 +797,12 @@ public class VpnProfile implements Serializable, Cloneable {
String ca, extra;
- if(caout==null) {
- ca =keystoreChain;
- extra=null;
+ if (caout == null) {
+ ca = keystoreChain;
+ extra = null;
} else {
ca = caout;
- extra=keystoreChain;
+ extra = keystoreChain;
}
return new String[]{ca, extra, user};
@@ -823,15 +820,15 @@ public class VpnProfile implements Serializable, Cloneable {
return null;
} catch (AssertionError e) {
- if (tries ==0)
+ if (tries == 0)
return null;
- VpnStatus.logError(String.format("Failure getting Keystore Keys (%s), retrying",e.getLocalizedMessage()));
+ VpnStatus.logError(String.format("Failure getting Keystore Keys (%s), retrying", e.getLocalizedMessage()));
try {
Thread.sleep(3000);
} catch (InterruptedException e1) {
VpnStatus.logException(e1);
}
- return getKeyStoreCertificates(context, tries-1);
+ return getKeyStoreCertificates(context, tries - 1);
}
}
@@ -848,20 +845,32 @@ public class VpnProfile implements Serializable, Cloneable {
return R.string.ipv4_format_error;
}
if (!mUseDefaultRoute) {
- if (!TextUtils.isEmpty(mCustomRoutes) && getCustomRoutes(mCustomRoutes).size() == 0 )
+ if (!TextUtils.isEmpty(mCustomRoutes) && getCustomRoutes(mCustomRoutes).size() == 0)
return R.string.custom_route_format_error;
- if (!TextUtils.isEmpty(mExcludedRoutes) && getCustomRoutes(mExcludedRoutes).size() == 0 )
+ if (!TextUtils.isEmpty(mExcludedRoutes) && getCustomRoutes(mExcludedRoutes).size() == 0)
return R.string.custom_route_format_error;
}
+ if (mUseTLSAuth && TextUtils.isEmpty(mTLSAuthFilename))
+ return R.string.missing_tlsauth;
+
+ if ((mAuthenticationType == TYPE_USERPASS_CERTIFICATES || mAuthenticationType == TYPE_CERTIFICATES)
+ && (TextUtils.isEmpty(mClientCertFilename) || TextUtils.isEmpty(mClientKeyFilename)))
+ return R.string.missing_certificates;
+
+ if ((mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES)
+ && TextUtils.isEmpty(mCaFilename))
+ return R.string.missing_ca_certificate;
+
+
boolean noRemoteEnabled = true;
for (Connection c : mConnections)
if (c.mEnabled)
noRemoteEnabled = false;
- if(noRemoteEnabled)
+ if (noRemoteEnabled)
return R.string.remote_no_server_selected;
// Everything okay
@@ -956,7 +965,7 @@ public class VpnProfile implements Serializable, Cloneable {
if (isUserPWAuth() &&
(TextUtils.isEmpty(mUsername) ||
- (TextUtils.isEmpty(mPassword) && (mTransientPW == null || ignoreTransient)))) {
+ (TextUtils.isEmpty(mPassword) && (mTransientPW == null || ignoreTransient)))) {
return R.string.password;
}
return 0;
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-01 13:51:04 +0000