summaryrefslogtreecommitdiff
path: root/app/src/main/java/se/leap/bitmaskclient/eip
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/main/java/se/leap/bitmaskclient/eip')
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/EIP.java19
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java16
-rw-r--r--app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java27
3 files changed, 53 insertions, 9 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
index cf4dc9bf..46f91781 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java
@@ -56,6 +56,7 @@ import de.blinkt.openvpn.core.VpnStatus;
import de.blinkt.openvpn.core.connection.Connection;
import se.leap.bitmaskclient.R;
import se.leap.bitmaskclient.base.OnBootReceiver;
+import se.leap.bitmaskclient.base.models.Provider;
import se.leap.bitmaskclient.base.models.ProviderObservable;
import se.leap.bitmaskclient.base.utils.PreferenceHelper;
@@ -242,6 +243,12 @@ public final class EIP extends JobIntentService implements Observer {
return;
}
+ if (shouldUpdateVPNCertificate()) {
+ Provider p = ProviderObservable.getInstance().getCurrentProvider();
+ p.setShouldUpdateVpnCertificate(true);
+ ProviderObservable.getInstance().updateProvider(p);
+ }
+
GatewaysManager gatewaysManager = new GatewaysManager(getApplicationContext());
if (gatewaysManager.isEmpty()) {
setErrorResult(result, warning_client_parsing_error_gateways, null);
@@ -267,6 +274,12 @@ public final class EIP extends JobIntentService implements Observer {
Gateway gateway = gatewaysManager.select(0);
Bundle result = new Bundle();
+ if (shouldUpdateVPNCertificate()) {
+ Provider p = ProviderObservable.getInstance().getCurrentProvider();
+ p.setShouldUpdateVpnCertificate(true);
+ ProviderObservable.getInstance().updateProvider(p);
+ }
+
launchActiveGateway(gateway, 0, result);
if (result.containsKey(BROADCAST_RESULT_KEY) && !result.getBoolean(BROADCAST_RESULT_KEY)){
VpnStatus.logWarning("ALWAYS-ON VPN: " + getString(R.string.no_vpn_profiles_defined));
@@ -415,6 +428,12 @@ public final class EIP extends JobIntentService implements Observer {
return validator.isValid();
}
+ private boolean shouldUpdateVPNCertificate() {
+ VpnCertificateValidator validator = new VpnCertificateValidator(preferences.getString(PROVIDER_VPN_CERTIFICATE, ""));
+ return validator.shouldBeUpdated();
+ }
+
+
/**
* helper function to add error to result bundle
*
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java
index 9d67340e..05991390 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java
@@ -39,12 +39,14 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PROFILE;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_EIP_SERVICE;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK;
+import static se.leap.bitmaskclient.providersetup.ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_EXCEPTION;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_TIMEOUT;
import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE;
@@ -367,11 +369,21 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta
Provider provider = ProviderObservable.getInstance().getCurrentProvider();
if (setupNClosestGateway.get() > 0 || provider.shouldUpdateEipServiceJson()) {
//setupNClostestGateway > 0: at least one failed gateway -> did the provider change it's gateways?
- ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, provider);
+ Bundle parameters = new Bundle();
+ parameters.putLong(DELAY, 500);
+ ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, parameters, provider);
}
if (shouldCheckAppUpdate()) {
- DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE);
+ Bundle parameters = new Bundle();
+ parameters.putLong(DELAY, 500);
+ DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE, parameters);
+ }
+
+ if (provider.shouldUpdateVpnCertificate()) {
+ Bundle parameters = new Bundle();
+ parameters.putLong(DELAY, 500);
+ ProviderAPICommand.execute(appContext, QUIETLY_UPDATE_VPN_CERTIFICATE, parameters, provider);
}
finishGatewaySetup(false);
} else if ("TCP_CONNECT".equals(state)) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
index 16d1c5ad..8841ae94 100644
--- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
+++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java
@@ -45,9 +45,22 @@ public class VpnCertificateValidator {
/**
*
- * @return true if all certificates are valid for more than 15 more days
+ * @return true if all certificates are valid for 1 more day
*/
public boolean isValid() {
+ return isValid(1);
+ }
+
+ /**
+ *
+ * @return return true if certificates will expire in 8 days or less
+ */
+ public boolean shouldBeUpdated() {
+ return !isValid(8);
+ }
+
+
+ private boolean isValid(int offsetDays) {
if (certificate.isEmpty()) {
return false;
}
@@ -57,7 +70,7 @@ public class VpnCertificateValidator {
return false;
}
for (X509Certificate cert : x509Certificates) {
- if (!isValid(cert)) {
+ if (!isValid(cert, offsetDays)) {
return false;
}
}
@@ -65,12 +78,12 @@ public class VpnCertificateValidator {
}
- private boolean isValid(X509Certificate certificate) {
+ private boolean isValid(X509Certificate certificate, int offsetDays) {
if (certificate == null) {
return false;
}
- Calendar offsetDate = calculateOffsetCertificateValidity(certificate);
+ Calendar offsetDate = calculateOffsetCertificateValidity(certificate, offsetDays);
try {
certificate.checkValidity(offsetDate.getTime());
return true;
@@ -81,15 +94,15 @@ public class VpnCertificateValidator {
}
}
- private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) {
+ private Calendar calculateOffsetCertificateValidity(X509Certificate certificate, int offsetDays) {
Calendar limitDate = calendarProvider.getCalendar();
Date startDate = certificate.getNotBefore();
// if certificates start date is before current date just return the current date without an offset
if (startDate.getTime() >= limitDate.getTime().getTime()) {
return limitDate;
}
- // else add an offset of 15 days to the current date
- limitDate.add(Calendar.DAY_OF_YEAR, 15);
+ // else add an offset to the current date
+ limitDate.add(Calendar.DAY_OF_YEAR, offsetDays);
return limitDate;
}